Skip to content

Instantly share code, notes, and snippets.

@richardcase

richardcase/bootstrap-components.yaml

Last active March 31, 2026 13:11
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save richardcase/d85564c8a8a62615b5e75fd98711dd22 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save richardcase/d85564c8a8a62615b5e75fd98711dd22 to your computer and use it in GitHub Desktop.
Download ZIP
k3s release
Raw
bootstrap-components.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
control-plane: controller-manager
name: capi-k3s-bootstrap-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capi-k3s-bootstrap-system/capi-k3s-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.17.2
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
cluster.x-k8s.io/v1beta1: v1beta1_v1beta2
clusterctl.cluster.x-k8s.io: ""
name: kthreesconfigs.bootstrap.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: capi-k3s-bootstrap-webhook-service
namespace: capi-k3s-bootstrap-system
path: /convert
conversionReviewVersions:
- v1beta1
- v1beta2
group: bootstrap.cluster.x-k8s.io
names:
kind: KThreesConfig
listKind: KThreesConfigList
plural: kthreesconfigs
singular: kthreesconfig
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: KThreesConfig is the Schema for the kthreesconfigs API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: KThreesConfigSpec defines the desired state of KThreesConfig.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent nodes
properties:
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and k3s install scripts are not reachable.
User should prepare docker image, k3s binary, and put the install script in `/opt/install.sh`
on all nodes in the air-gap environment.
type: boolean
kubeProxyArgs:
description: KubeProxyArgs Customized flag for kube-proxy process
items:
type: string
type: array
kubeletArgs:
description: KubeletArgs Customized flag for kubelet process
items:
type: string
type: array
nodeLabels:
description: NodeLabels Registering and starting kubelet with
set of labels
items:
type: string
type: array
nodeName:
description: NodeName Name of the Node
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of taints
items:
type: string
type: array
privateRegistry:
description: 'PrivateRegistry registry configuration file (default:
"/etc/rancher/k3s/registries.yaml")'
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files in
cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content to
populate the file.
properties:
secret:
description: Secret represents a secret that should populate
this file.
properties:
key:
description: Key is the key in the secret's data map
for this value.
type: string
name:
description: Name of the secret in the KThreesBootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file, e.g.
"root:root".
type: string
path:
description: Path specifies the full path on disk where to store
the file.
type: string
permissions:
description: Permissions specifies the permissions to assign
to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postK3sCommands:
description: PostK3sCommands specifies extra commands to run after
k3s setup runs
items:
type: string
type: array
preK3sCommands:
description: PreK3sCommands specifies extra commands to run before
k3s setup runs
items:
type: string
type: array
serverConfig:
description: ServerConfig specifies configuration for the agent nodes
properties:
advertiseAddress:
description: 'AdvertiseAddress IP address that apiserver uses
to advertise to members of the cluster (default: node-external-ip/node-ip)'
type: string
advertisePort:
description: 'AdvertisePort Port that apiserver uses to advertise
to members of the cluster (default: listen-port) (default: 0)'
type: string
bindAddress:
description: 'BindAddress k3s bind address (default: 0.0.0.0)'
type: string
clusterCidr:
description: 'ClusterCidr Network CIDR to use for pod IPs (default:
"10.42.0.0/16")'
type: string
clusterDNS:
description: 'ClusterDNS Cluster IP for coredns service. Should
be in your service-cidr range (default: 10.43.0.10)'
type: string
clusterDomain:
description: 'ClusterDomain Cluster Domain (default: "cluster.local")'
type: string
disableComponents:
description: DisableComponents specifies extra commands to run
before k3s setup runs
items:
type: string
type: array
disableExternalCloudProvider:
description: 'DisableExternalCloudProvider suppresses the ''cloud-provider=external''
kubelet argument. (default: false)'
type: boolean
httpsListenPort:
description: 'HTTPSListenPort HTTPS listen port (default: 6443)'
type: string
kubeAPIServerArg:
description: KubeAPIServerArgs is a customized flag for kube-apiserver
process
items:
type: string
type: array
kubeControllerManagerArgs:
description: KubeControllerManagerArgs is a customized flag for
kube-controller-manager process
items:
type: string
type: array
kubeSchedulerArgs:
description: KubeSchedulerArgs is a customized flag for kube-scheduler
process
items:
type: string
type: array
serviceCidr:
description: 'ServiceCidr Network CIDR to use for services IPs
(default: "10.43.0.0/16")'
type: string
tlsSan:
description: TLSSan Add additional hostname or IP as a Subject
Alternative Name in the TLS cert
items:
type: string
type: array
type: object
version:
description: Version specifies the k3s version
type: string
type: object
status:
description: KThreesConfigStatus defines the observed state of KThreesConfig.
properties:
bootstrapData:
format: byte
type: string
conditions:
description: Conditions defines current service state of the KThreesConfig.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This field may be empty.
maxLength: 10240
minLength: 1
type: string
reason:
description: |-
reason is the reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
maxLength: 256
minLength: 1
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
maxLength: 32
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
maxLength: 256
minLength: 1
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
dataSecretName:
description: DataSecretName is the name of the secret that stores
the bootstrap data script.
type: string
failureMessage:
description: FailureMessage will be set on non-retryable errors
type: string
failureReason:
description: FailureReason will be set on non-retryable errors
type: string
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed
type: boolean
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v1beta2
schema:
openAPIV3Schema:
description: KThreesConfig is the Schema for the kthreesconfigs API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: KThreesConfigSpec defines the desired state of KThreesConfig.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent nodes
properties:
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and k3s install scripts are not reachable.
User should prepare docker image, k3s binary, and put the install script in AirGappedInstallScriptPath (default path: "/opt/install.sh")
on all nodes in the air-gap environment.
type: boolean
airGappedInstallScriptPath:
description: |-
AirGappedInstallScriptPath is the path to the install script in the air-gapped environment.
The install script should be prepared by the user. The value is only
used when AirGapped is set to true (default: "/opt/install.sh").
type: string
kubeProxyArgs:
description: KubeProxyArgs Customized flag for kube-proxy process
items:
type: string
type: array
kubeletArgs:
description: KubeletArgs Customized flag for kubelet process
items:
type: string
type: array
nodeLabels:
description: NodeLabels Registering and starting kubelet with
set of labels
items:
type: string
type: array
nodeName:
description: NodeName Name of the Node
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of taints
items:
type: string
type: array
privateRegistry:
description: 'PrivateRegistry registry configuration file (default:
"/etc/rancher/k3s/registries.yaml")'
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files in
cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content to
populate the file.
properties:
secret:
description: Secret represents a secret that should populate
this file.
properties:
key:
description: Key is the key in the secret's data map
for this value.
type: string
name:
description: Name of the secret in the KThreesBootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file, e.g.
"root:root".
type: string
path:
description: Path specifies the full path on disk where to store
the file.
type: string
permissions:
description: Permissions specifies the permissions to assign
to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postK3sCommands:
description: PostK3sCommands specifies extra commands to run after
k3s setup runs
items:
type: string
type: array
preK3sCommands:
description: PreK3sCommands specifies extra commands to run before
k3s setup runs
items:
type: string
type: array
serverConfig:
description: ServerConfig specifies configuration for the agent nodes
properties:
advertiseAddress:
description: 'AdvertiseAddress IP address that apiserver uses
to advertise to members of the cluster (default: node-external-ip/node-ip)'
type: string
advertisePort:
description: 'AdvertisePort Port that apiserver uses to advertise
to members of the cluster (default: listen-port) (default: 0)'
type: string
bindAddress:
description: 'BindAddress k3s bind address (default: 0.0.0.0)'
type: string
cloudProviderName:
description: 'CloudProviderName defines the --cloud-provider=
kubelet extra arg. (default: "external")'
type: string
clusterCidr:
description: 'ClusterCidr Network CIDR to use for pod IPs (default:
"10.42.0.0/16")'
type: string
clusterDNS:
description: 'ClusterDNS Cluster IP for coredns service. Should
be in your service-cidr range (default: 10.43.0.10)'
type: string
clusterDomain:
description: 'ClusterDomain Cluster Domain (default: "cluster.local")'
type: string
disableCloudController:
description: 'DisableCloudController disables k3s default cloud
controller manager. (default: true)'
type: boolean
disableComponents:
description: DisableComponents specifies extra commands to run
before k3s setup runs
items:
type: string
type: array
disableExternalCloudProvider:
description: 'DeprecatedDisableExternalCloudProvider suppresses
the ''cloud-provider=external'' kubelet argument. (default:
false)'
type: boolean
etcdProxyImage:
description: 'Customized etcd proxy image for management cluster
to communicate with workload cluster etcd (default: "alpine/socat")'
type: string
httpsListenPort:
description: 'HTTPSListenPort HTTPS listen port (default: 6443)'
type: string
kubeAPIServerArg:
description: KubeAPIServerArgs is a customized flag for kube-apiserver
process
items:
type: string
type: array
kubeControllerManagerArgs:
description: KubeControllerManagerArgs is a customized flag for
kube-controller-manager process
items:
type: string
type: array
kubeSchedulerArgs:
description: KubeSchedulerArgs is a customized flag for kube-scheduler
process
items:
type: string
type: array
serviceCidr:
description: 'ServiceCidr Network CIDR to use for services IPs
(default: "10.43.0.0/16")'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry defines private registry to
be used for all system images
type: string
tlsSan:
description: TLSSan Add additional hostname or IP as a Subject
Alternative Name in the TLS cert
items:
type: string
type: array
type: object
version:
description: Version specifies the k3s version
type: string
type: object
status:
description: KThreesConfigStatus defines the observed state of KThreesConfig.
properties:
bootstrapData:
format: byte
type: string
conditions:
description: Conditions defines current service state of the KThreesConfig.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This field may be empty.
maxLength: 10240
minLength: 1
type: string
reason:
description: |-
reason is the reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
maxLength: 256
minLength: 1
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
maxLength: 32
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
maxLength: 256
minLength: 1
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
dataSecretName:
description: DataSecretName is the name of the secret that stores
the bootstrap data script.
type: string
failureMessage:
description: FailureMessage will be set on non-retryable errors
type: string
failureReason:
description: FailureReason will be set on non-retryable errors
type: string
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed
type: boolean
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capi-k3s-bootstrap-system/capi-k3s-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.17.2
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
cluster.x-k8s.io/v1beta1: v1beta1_v1beta2
clusterctl.cluster.x-k8s.io: ""
name: kthreesconfigtemplates.bootstrap.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: capi-k3s-bootstrap-webhook-service
namespace: capi-k3s-bootstrap-system
path: /convert
conversionReviewVersions:
- v1beta1
- v1beta2
group: bootstrap.cluster.x-k8s.io
names:
kind: KThreesConfigTemplate
listKind: KThreesConfigTemplateList
plural: kthreesconfigtemplates
singular: kthreesconfigtemplate
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: KThreesConfigTemplate is the Schema for the kthreesconfigtemplates
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: KThreesConfigTemplateSpec defines the desired state of KThreesConfigTemplate.
properties:
template:
description: KThreesConfigTemplateResource defines the Template structure.
properties:
spec:
description: KThreesConfigSpec defines the desired state of KThreesConfig.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent
nodes
properties:
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and k3s install scripts are not reachable.
User should prepare docker image, k3s binary, and put the install script in `/opt/install.sh`
on all nodes in the air-gap environment.
type: boolean
kubeProxyArgs:
description: KubeProxyArgs Customized flag for kube-proxy
process
items:
type: string
type: array
kubeletArgs:
description: KubeletArgs Customized flag for kubelet process
items:
type: string
type: array
nodeLabels:
description: NodeLabels Registering and starting kubelet
with set of labels
items:
type: string
type: array
nodeName:
description: NodeName Name of the Node
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of
taints
items:
type: string
type: array
privateRegistry:
description: 'PrivateRegistry registry configuration
file (default: "/etc/rancher/k3s/registries.yaml")'
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files
in cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content
to populate the file.
properties:
secret:
description: Secret represents a secret that should
populate this file.
properties:
key:
description: Key is the key in the secret's
data map for this value.
type: string
name:
description: Name of the secret in the KThreesBootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the
file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file,
e.g. "root:root".
type: string
path:
description: Path specifies the full path on disk where
to store the file.
type: string
permissions:
description: Permissions specifies the permissions to
assign to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postK3sCommands:
description: PostK3sCommands specifies extra commands to run
after k3s setup runs
items:
type: string
type: array
preK3sCommands:
description: PreK3sCommands specifies extra commands to run
before k3s setup runs
items:
type: string
type: array
serverConfig:
description: ServerConfig specifies configuration for the
agent nodes
properties:
advertiseAddress:
description: 'AdvertiseAddress IP address that apiserver
uses to advertise to members of the cluster (default:
node-external-ip/node-ip)'
type: string
advertisePort:
description: 'AdvertisePort Port that apiserver uses to
advertise to members of the cluster (default: listen-port)
(default: 0)'
type: string
bindAddress:
description: 'BindAddress k3s bind address (default: 0.0.0.0)'
type: string
clusterCidr:
description: 'ClusterCidr Network CIDR to use for pod
IPs (default: "10.42.0.0/16")'
type: string
clusterDNS:
description: 'ClusterDNS Cluster IP for coredns service.
Should be in your service-cidr range (default: 10.43.0.10)'
type: string
clusterDomain:
description: 'ClusterDomain Cluster Domain (default: "cluster.local")'
type: string
disableComponents:
description: DisableComponents specifies extra commands
to run before k3s setup runs
items:
type: string
type: array
disableExternalCloudProvider:
description: 'DisableExternalCloudProvider suppresses
the ''cloud-provider=external'' kubelet argument. (default:
false)'
type: boolean
httpsListenPort:
description: 'HTTPSListenPort HTTPS listen port (default:
6443)'
type: string
kubeAPIServerArg:
description: KubeAPIServerArgs is a customized flag for
kube-apiserver process
items:
type: string
type: array
kubeControllerManagerArgs:
description: KubeControllerManagerArgs is a customized
flag for kube-controller-manager process
items:
type: string
type: array
kubeSchedulerArgs:
description: KubeSchedulerArgs is a customized flag for
kube-scheduler process
items:
type: string
type: array
serviceCidr:
description: 'ServiceCidr Network CIDR to use for services
IPs (default: "10.43.0.0/16")'
type: string
tlsSan:
description: TLSSan Add additional hostname or IP as a
Subject Alternative Name in the TLS cert
items:
type: string
type: array
type: object
version:
description: Version specifies the k3s version
type: string
type: object
type: object
required:
- template
type: object
type: object
served: true
storage: false
- name: v1beta2
schema:
openAPIV3Schema:
description: KThreesConfigTemplate is the Schema for the kthreesconfigtemplates
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: KThreesConfigTemplateSpec defines the desired state of KThreesConfigTemplate.
properties:
template:
description: KThreesConfigTemplateResource defines the Template structure.
properties:
spec:
description: KThreesConfigSpec defines the desired state of KThreesConfig.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent
nodes
properties:
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and k3s install scripts are not reachable.
User should prepare docker image, k3s binary, and put the install script in AirGappedInstallScriptPath (default path: "/opt/install.sh")
on all nodes in the air-gap environment.
type: boolean
airGappedInstallScriptPath:
description: |-
AirGappedInstallScriptPath is the path to the install script in the air-gapped environment.
The install script should be prepared by the user. The value is only
used when AirGapped is set to true (default: "/opt/install.sh").
type: string
kubeProxyArgs:
description: KubeProxyArgs Customized flag for kube-proxy
process
items:
type: string
type: array
kubeletArgs:
description: KubeletArgs Customized flag for kubelet process
items:
type: string
type: array
nodeLabels:
description: NodeLabels Registering and starting kubelet
with set of labels
items:
type: string
type: array
nodeName:
description: NodeName Name of the Node
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of
taints
items:
type: string
type: array
privateRegistry:
description: 'PrivateRegistry registry configuration
file (default: "/etc/rancher/k3s/registries.yaml")'
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files
in cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content
to populate the file.
properties:
secret:
description: Secret represents a secret that should
populate this file.
properties:
key:
description: Key is the key in the secret's
data map for this value.
type: string
name:
description: Name of the secret in the KThreesBootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the
file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file,
e.g. "root:root".
type: string
path:
description: Path specifies the full path on disk where
to store the file.
type: string
permissions:
description: Permissions specifies the permissions to
assign to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postK3sCommands:
description: PostK3sCommands specifies extra commands to run
after k3s setup runs
items:
type: string
type: array
preK3sCommands:
description: PreK3sCommands specifies extra commands to run
before k3s setup runs
items:
type: string
type: array
serverConfig:
description: ServerConfig specifies configuration for the
agent nodes
properties:
advertiseAddress:
description: 'AdvertiseAddress IP address that apiserver
uses to advertise to members of the cluster (default:
node-external-ip/node-ip)'
type: string
advertisePort:
description: 'AdvertisePort Port that apiserver uses to
advertise to members of the cluster (default: listen-port)
(default: 0)'
type: string
bindAddress:
description: 'BindAddress k3s bind address (default: 0.0.0.0)'
type: string
cloudProviderName:
description: 'CloudProviderName defines the --cloud-provider=
kubelet extra arg. (default: "external")'
type: string
clusterCidr:
description: 'ClusterCidr Network CIDR to use for pod
IPs (default: "10.42.0.0/16")'
type: string
clusterDNS:
description: 'ClusterDNS Cluster IP for coredns service.
Should be in your service-cidr range (default: 10.43.0.10)'
type: string
clusterDomain:
description: 'ClusterDomain Cluster Domain (default: "cluster.local")'
type: string
disableCloudController:
description: 'DisableCloudController disables k3s default
cloud controller manager. (default: true)'
type: boolean
disableComponents:
description: DisableComponents specifies extra commands
to run before k3s setup runs
items:
type: string
type: array
disableExternalCloudProvider:
description: 'DeprecatedDisableExternalCloudProvider suppresses
the ''cloud-provider=external'' kubelet argument. (default:
false)'
type: boolean
etcdProxyImage:
description: 'Customized etcd proxy image for management
cluster to communicate with workload cluster etcd (default:
"alpine/socat")'
type: string
httpsListenPort:
description: 'HTTPSListenPort HTTPS listen port (default:
6443)'
type: string
kubeAPIServerArg:
description: KubeAPIServerArgs is a customized flag for
kube-apiserver process
items:
type: string
type: array
kubeControllerManagerArgs:
description: KubeControllerManagerArgs is a customized
flag for kube-controller-manager process
items:
type: string
type: array
kubeSchedulerArgs:
description: KubeSchedulerArgs is a customized flag for
kube-scheduler process
items:
type: string
type: array
serviceCidr:
description: 'ServiceCidr Network CIDR to use for services
IPs (default: "10.43.0.0/16")'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry defines private registry
to be used for all system images
type: string
tlsSan:
description: TLSSan Add additional hostname or IP as a
Subject Alternative Name in the TLS cert
items:
type: string
type: array
type: object
version:
description: Version specifies the k3s version
type: string
type: object
type: object
required:
- template
type: object
type: object
served: true
storage: true
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
name: capi-k3s-bootstrap-leader-election-role
namespace: capi-k3s-bootstrap-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
name: capi-k3s-bootstrap-manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- events
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- bootstrap.cluster.x-k8s.io
resources:
- kthreesconfigs
- kthreesconfigs/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
- machinepools
- machinepools/status
- machines
- machines/status
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
name: capi-k3s-bootstrap-leader-election-rolebinding
namespace: capi-k3s-bootstrap-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: capi-k3s-bootstrap-leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: capi-k3s-bootstrap-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
name: capi-k3s-bootstrap-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: capi-k3s-bootstrap-manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: capi-k3s-bootstrap-system
---
apiVersion: v1
kind: Service
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
name: capi-k3s-bootstrap-webhook-service
namespace: capi-k3s-bootstrap-system
spec:
ports:
- port: 443
targetPort: 9443
selector:
cluster.x-k8s.io/provider: bootstrap-k3s
control-plane: controller-manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
control-plane: controller-manager
name: capi-k3s-bootstrap-controller-manager
namespace: capi-k3s-bootstrap-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: bootstrap-k3s
control-plane: controller-manager
template:
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
control-plane: controller-manager
spec:
containers:
- args:
- --enable-leader-election
command:
- /manager
image: ghcr.io/richardcase/cluster-api-k3s/bootstrap-controller:v100.0.0-dt
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: capi-k3s-bootstrap-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
name: capi-k3s-bootstrap-serving-cert
namespace: capi-k3s-bootstrap-system
spec:
dnsNames:
- capi-k3s-bootstrap-webhook-service.capi-k3s-bootstrap-system.svc
- capi-k3s-bootstrap-webhook-service.capi-k3s-bootstrap-system.svc.cluster.local
issuerRef:
kind: Issuer
name: capi-k3s-bootstrap-selfsigned-issuer
secretName: capi-k3s-bootstrap-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
name: capi-k3s-bootstrap-selfsigned-issuer
namespace: capi-k3s-bootstrap-system
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: capi-k3s-bootstrap-system/capi-k3s-bootstrap-serving-cert
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
name: capi-k3s-bootstrap-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: capi-k3s-bootstrap-webhook-service
namespace: capi-k3s-bootstrap-system
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta2-kthreesconfig
failurePolicy: Fail
matchPolicy: Equivalent
name: default.kthreesconfig.bootstrap.cluster.x-k8s.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta2
operations:
- CREATE
- UPDATE
resources:
- kthreesconfigs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: capi-k3s-bootstrap-webhook-service
namespace: capi-k3s-bootstrap-system
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta2-kthreesconfigtemplate
failurePolicy: Fail
matchPolicy: Equivalent
name: default.kthreesconfigtemplate.bootstrap.cluster.x-k8s.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta2
operations:
- CREATE
- UPDATE
resources:
- kthreesconfigtemplates
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: capi-k3s-bootstrap-system/capi-k3s-bootstrap-serving-cert
labels:
cluster.x-k8s.io/provider: bootstrap-k3s
name: capi-k3s-bootstrap-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: capi-k3s-bootstrap-webhook-service
namespace: capi-k3s-bootstrap-system
path: /validate-bootstrap-cluster-x-k8s-io-v1beta2-kthreesconfig
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.kthreesconfig.bootstrap.cluster.x-k8s.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta2
operations:
- CREATE
- UPDATE
resources:
- kthreesconfigs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: capi-k3s-bootstrap-webhook-service
namespace: capi-k3s-bootstrap-system
path: /validate-bootstrap-cluster-x-k8s-io-v1beta2-kthreesconfigtemplate
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.kthreesconfigtemplate.bootstrap.cluster.x-k8s.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta2
operations:
- CREATE
- UPDATE
resources:
- kthreesconfigtemplates
sideEffects: None
Raw
control-plane-components.yaml
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-k3s
control-plane: controller-manager
name: capi-k3s-control-plane-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: capi-k3s-control-plane-system/capi-k3s-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.17.2
labels:
cluster.x-k8s.io/provider: control-plane-k3s
cluster.x-k8s.io/v1beta1: v1beta1_v1beta2
clusterctl.cluster.x-k8s.io: ""
name: kthreescontrolplanes.controlplane.cluster.x-k8s.io
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: capi-k3s-control-plane-webhook-service
namespace: capi-k3s-control-plane-system
path: /convert
conversionReviewVersions:
- v1beta1
- v1beta2
group: controlplane.cluster.x-k8s.io
names:
kind: KThreesControlPlane
listKind: KThreesControlPlaneList
plural: kthreescontrolplanes
singular: kthreescontrolplane
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: This denotes whether or not the control plane has completed the
k3s server initialization
jsonPath: .status.initialized
name: Initialized
type: boolean
- description: KThreesControlPlane API Server is ready to receive requests
jsonPath: .status.ready
name: API Server Available
type: boolean
- description: Kubernetes version associated with this control plane
jsonPath: .spec.version
name: Version
type: string
- description: Total number of non-terminated machines targeted by this control
plane
jsonPath: .status.replicas
name: Replicas
type: integer
- description: Total number of fully running and ready control plane machines
jsonPath: .status.readyReplicas
name: Ready
type: integer
- description: Total number of non-terminated machines targeted by this control
plane that have the desired template spec
jsonPath: .status.updatedReplicas
name: Updated
type: integer
- description: Total number of unavailable machines targeted by this control plane
jsonPath: .status.unavailableReplicas
name: Unavailable
type: integer
name: v1beta1
schema:
openAPIV3Schema:
description: KThreesControlPlane is the Schema for the kthreescontrolplanes
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: KThreesControlPlaneSpec defines the desired state of KThreesControlPlane.
properties:
infrastructureTemplate:
description: |-
InfrastructureTemplate is a required reference to a custom resource
offered by an infrastructure provider.
In the next API version we will move this into the
`KThreesControlPlaneMachineTemplate` struct. See
https://github.com/k3s-io/cluster-api-k3s/issues/62
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
kthreesConfigSpec:
description: |-
KThreesConfigSpec is a KThreesConfigSpec
to use for initializing and joining machines to the control plane.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent
nodes
properties:
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and k3s install scripts are not reachable.
User should prepare docker image, k3s binary, and put the install script in `/opt/install.sh`
on all nodes in the air-gap environment.
type: boolean
kubeProxyArgs:
description: KubeProxyArgs Customized flag for kube-proxy
process
items:
type: string
type: array
kubeletArgs:
description: KubeletArgs Customized flag for kubelet process
items:
type: string
type: array
nodeLabels:
description: NodeLabels Registering and starting kubelet
with set of labels
items:
type: string
type: array
nodeName:
description: NodeName Name of the Node
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of taints
items:
type: string
type: array
privateRegistry:
description: 'PrivateRegistry registry configuration file
(default: "/etc/rancher/k3s/registries.yaml")'
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files
in cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content
to populate the file.
properties:
secret:
description: Secret represents a secret that should
populate this file.
properties:
key:
description: Key is the key in the secret's data
map for this value.
type: string
name:
description: Name of the secret in the KThreesBootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the file
contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file,
e.g. "root:root".
type: string
path:
description: Path specifies the full path on disk where
to store the file.
type: string
permissions:
description: Permissions specifies the permissions to assign
to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postK3sCommands:
description: PostK3sCommands specifies extra commands to run after
k3s setup runs
items:
type: string
type: array
preK3sCommands:
description: PreK3sCommands specifies extra commands to run before
k3s setup runs
items:
type: string
type: array
serverConfig:
description: ServerConfig specifies configuration for the agent
nodes
properties:
advertiseAddress:
description: 'AdvertiseAddress IP address that apiserver uses
to advertise to members of the cluster (default: node-external-ip/node-ip)'
type: string
advertisePort:
description: 'AdvertisePort Port that apiserver uses to advertise
to members of the cluster (default: listen-port) (default:
0)'
type: string
bindAddress:
description: 'BindAddress k3s bind address (default: 0.0.0.0)'
type: string
clusterCidr:
description: 'ClusterCidr Network CIDR to use for pod IPs
(default: "10.42.0.0/16")'
type: string
clusterDNS:
description: 'ClusterDNS Cluster IP for coredns service.
Should be in your service-cidr range (default: 10.43.0.10)'
type: string
clusterDomain:
description: 'ClusterDomain Cluster Domain (default: "cluster.local")'
type: string
disableComponents:
description: DisableComponents specifies extra commands to
run before k3s setup runs
items:
type: string
type: array
disableExternalCloudProvider:
description: 'DisableExternalCloudProvider suppresses the
''cloud-provider=external'' kubelet argument. (default:
false)'
type: boolean
httpsListenPort:
description: 'HTTPSListenPort HTTPS listen port (default:
6443)'
type: string
kubeAPIServerArg:
description: KubeAPIServerArgs is a customized flag for kube-apiserver
process
items:
type: string
type: array
kubeControllerManagerArgs:
description: KubeControllerManagerArgs is a customized flag
for kube-controller-manager process
items:
type: string
type: array
kubeSchedulerArgs:
description: KubeSchedulerArgs is a customized flag for kube-scheduler
process
items:
type: string
type: array
serviceCidr:
description: 'ServiceCidr Network CIDR to use for services
IPs (default: "10.43.0.0/16")'
type: string
tlsSan:
description: TLSSan Add additional hostname or IP as a Subject
Alternative Name in the TLS cert
items:
type: string
type: array
type: object
version:
description: Version specifies the k3s version
type: string
type: object
machineTemplate:
description: |-
MachineTemplate contains information about how machines should be shaped
when creating or updating a control plane.
properties:
metadata:
description: |-
Standard object's metadata.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
properties:
annotations:
additionalProperties:
type: string
description: |-
annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
type: object
labels:
additionalProperties:
type: string
description: |-
labels is a map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
type: object
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
remediationStrategy:
description: The RemediationStrategy that controls how control plane
machine remediation happens.
properties:
maxRetry:
description: "MaxRetry is the Max number of retries while attempting
to remediate an unhealthy machine.\nA retry happens when a machine
that was created as a replacement for an unhealthy machine also
fails.\nFor example, given a control plane with three machines
M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and
M1-1 is created as a replacement.\n\tIf M1-1 (replacement of
M1) has problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered a retry,
remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes
unhealthy, remediation-retry #2 will happen, etc.\n\nA retry
could happen only after RetryPeriod from the previous retry.\nIf
a machine is marked as unhealthy after MinHealthyPeriod from
the previous remediation expired,\nthis is not considered a
retry anymore because the new issue is assumed unrelated from
the previous one.\n\nIf not set, the remedation will be retried
infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "MinHealthyPeriod defines the duration after which
KCP will consider any failure to a machine unrelated\nfrom the
previous one. In this case the remediation is not considered
a retry anymore, and thus the retry\ncounter restarts from 0.
For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created as
a replacement.\n\tIf M1-1 (replacement of M1) has problems within
the 1hr after the creation, also\n\tthis machine will be remediated
and this operation is considered a retry - a problem related\n\tto
the original issue happened to M1 -.\n\n\tIf instead the problem
on M1-1 is happening after MinHealthyPeriod expired, e.g. four
days after\n\tm1-1 has been created as a remediation of M1,
the problem on M1-1 is considered unrelated to\n\tthe original
issue happened to M1.\n\nIf not set, this value is defaulted
to 1h."
type: string
retryPeriod:
description: |-
RetryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
replicas:
description: |-
Number of desired machines. Defaults to 1. When stacked etcd is used only
odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
This is a pointer to distinguish between explicit zero and not specified.
format: int32
type: integer
upgradeAfter:
description: |-
UpgradeAfter is a field to indicate an upgrade should be performed
after the specified time even if no changes have been made to the
KThreesControlPlane
format: date-time
type: string
version:
description: Version defines the desired Kubernetes version.
type: string
required:
- infrastructureTemplate
- version
type: object
status:
description: KThreesControlPlaneStatus defines the observed state of KThreesControlPlane.
properties:
conditions:
description: Conditions defines current service state of the KThreesControlPlane.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This field may be empty.
maxLength: 10240
minLength: 1
type: string
reason:
description: |-
reason is the reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
maxLength: 256
minLength: 1
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
maxLength: 32
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
maxLength: 256
minLength: 1
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
failureMessage:
description: |-
ErrorMessage indicates that there is a terminal problem reconciling the
state, and will be set to a descriptive error message.
type: string
failureReason:
description: |-
FailureReason indicates that there is a terminal problem reconciling the
state, and will be set to a token value suitable for
programmatic interpretation.
type: string
initialized:
description: Initialized denotes whether or not the k3s server is
initialized.
type: boolean
lastRemediation:
description: LastRemediation stores info about last remediation performed.
properties:
machine:
description: Machine is the machine name of the latest machine
being remediated.
type: string
retryCount:
description: |-
RetryCount used to keep track of remediation retry for the last remediated machine.
A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
format: int32
type: integer
timestamp:
description: Timestamp is when last remediation happened. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
required:
- machine
- retryCount
- timestamp
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: |-
Ready denotes that the KThreesControlPlane API Server is ready to
receive requests.
type: boolean
readyReplicas:
description: Total number of fully running and ready control plane
machines.
format: int32
type: integer
replicas:
description: |-
Total number of non-terminated machines targeted by this control plane
(their labels match the selector).
format: int32
type: integer
selector:
description: |-
Selector is the label selector in string format to avoid introspection
by clients, and is used to provide the CRD-based integration for the
scale subresource and additional integrations for things like kubectl
describe.. The string will be in the same format as the query-param syntax.
More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
type: string
unavailableReplicas:
description: |-
Total number of unavailable machines targeted by this control plane.
This is the total number of machines that are still required for
the deployment to have 100% available capacity. They may either
be machines that are running but not yet ready or machines
that still have not been created.
format: int32
type: integer
updatedReplicas:
description: |-
Total number of non-terminated machines targeted by this control plane
that have the desired template spec.
format: int32
type: integer
type: object
type: object
served: true
storage: false
subresources:
scale:
labelSelectorPath: .status.selector
specReplicasPath: .spec.replicas
statusReplicasPath: .status.replicas
status: {}
- additionalPrinterColumns:
- description: This denotes whether or not the control plane has completed the
k3s server initialization
jsonPath: .status.initialized
name: Initialized
type: boolean
- description: KThreesControlPlane API Server is ready to receive requests
jsonPath: .status.ready
name: API Server Available
type: boolean
- description: Kubernetes version associated with this control plane
jsonPath: .spec.version
name: Version
type: string
- description: Total number of non-terminated machines targeted by this control
plane
jsonPath: .status.replicas
name: Replicas
type: integer
- description: Total number of fully running and ready control plane machines
jsonPath: .status.readyReplicas
name: Ready
type: integer
- description: Total number of non-terminated machines targeted by this control
plane that have the desired template spec
jsonPath: .status.updatedReplicas
name: Updated
type: integer
- description: Total number of unavailable machines targeted by this control plane
jsonPath: .status.unavailableReplicas
name: Unavailable
type: integer
name: v1beta2
schema:
openAPIV3Schema:
description: KThreesControlPlane is the Schema for the kthreescontrolplanes
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: KThreesControlPlaneSpec defines the desired state of KThreesControlPlane.
properties:
kthreesConfigSpec:
description: |-
KThreesConfigSpec is a KThreesConfigSpec
to use for initializing and joining machines to the control plane.
properties:
agentConfig:
description: AgentConfig specifies configuration for the agent
nodes
properties:
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and k3s install scripts are not reachable.
User should prepare docker image, k3s binary, and put the install script in AirGappedInstallScriptPath (default path: "/opt/install.sh")
on all nodes in the air-gap environment.
type: boolean
airGappedInstallScriptPath:
description: |-
AirGappedInstallScriptPath is the path to the install script in the air-gapped environment.
The install script should be prepared by the user. The value is only
used when AirGapped is set to true (default: "/opt/install.sh").
type: string
kubeProxyArgs:
description: KubeProxyArgs Customized flag for kube-proxy
process
items:
type: string
type: array
kubeletArgs:
description: KubeletArgs Customized flag for kubelet process
items:
type: string
type: array
nodeLabels:
description: NodeLabels Registering and starting kubelet
with set of labels
items:
type: string
type: array
nodeName:
description: NodeName Name of the Node
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set of taints
items:
type: string
type: array
privateRegistry:
description: 'PrivateRegistry registry configuration file
(default: "/etc/rancher/k3s/registries.yaml")'
type: string
type: object
files:
description: Files specifies extra files to be passed to user_data
upon creation.
items:
description: File defines the input for generating write_files
in cloud-init.
properties:
content:
description: Content is the actual content of the file.
type: string
contentFrom:
description: ContentFrom is a referenced source of content
to populate the file.
properties:
secret:
description: Secret represents a secret that should
populate this file.
properties:
key:
description: Key is the key in the secret's data
map for this value.
type: string
name:
description: Name of the secret in the KThreesBootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of the file
contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the file,
e.g. "root:root".
type: string
path:
description: Path specifies the full path on disk where
to store the file.
type: string
permissions:
description: Permissions specifies the permissions to assign
to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postK3sCommands:
description: PostK3sCommands specifies extra commands to run after
k3s setup runs
items:
type: string
type: array
preK3sCommands:
description: PreK3sCommands specifies extra commands to run before
k3s setup runs
items:
type: string
type: array
serverConfig:
description: ServerConfig specifies configuration for the agent
nodes
properties:
advertiseAddress:
description: 'AdvertiseAddress IP address that apiserver uses
to advertise to members of the cluster (default: node-external-ip/node-ip)'
type: string
advertisePort:
description: 'AdvertisePort Port that apiserver uses to advertise
to members of the cluster (default: listen-port) (default:
0)'
type: string
bindAddress:
description: 'BindAddress k3s bind address (default: 0.0.0.0)'
type: string
cloudProviderName:
description: 'CloudProviderName defines the --cloud-provider=
kubelet extra arg. (default: "external")'
type: string
clusterCidr:
description: 'ClusterCidr Network CIDR to use for pod IPs
(default: "10.42.0.0/16")'
type: string
clusterDNS:
description: 'ClusterDNS Cluster IP for coredns service.
Should be in your service-cidr range (default: 10.43.0.10)'
type: string
clusterDomain:
description: 'ClusterDomain Cluster Domain (default: "cluster.local")'
type: string
disableCloudController:
description: 'DisableCloudController disables k3s default
cloud controller manager. (default: true)'
type: boolean
disableComponents:
description: DisableComponents specifies extra commands to
run before k3s setup runs
items:
type: string
type: array
disableExternalCloudProvider:
description: 'DeprecatedDisableExternalCloudProvider suppresses
the ''cloud-provider=external'' kubelet argument. (default:
false)'
type: boolean
etcdProxyImage:
description: 'Customized etcd proxy image for management cluster
to communicate with workload cluster etcd (default: "alpine/socat")'
type: string
httpsListenPort:
description: 'HTTPSListenPort HTTPS listen port (default:
6443)'
type: string
kubeAPIServerArg:
description: KubeAPIServerArgs is a customized flag for kube-apiserver
process
items:
type: string
type: array
kubeControllerManagerArgs:
description: KubeControllerManagerArgs is a customized flag
for kube-controller-manager process
items:
type: string
type: array
kubeSchedulerArgs:
description: KubeSchedulerArgs is a customized flag for kube-scheduler
process
items:
type: string
type: array
serviceCidr:
description: 'ServiceCidr Network CIDR to use for services
IPs (default: "10.43.0.0/16")'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry defines private registry
to be used for all system images
type: string
tlsSan:
description: TLSSan Add additional hostname or IP as a Subject
Alternative Name in the TLS cert
items:
type: string
type: array
type: object
version:
description: Version specifies the k3s version
type: string
type: object
machineTemplate:
description: |-
MachineTemplate contains information about how machines should be shaped
when creating or updating a control plane.
properties:
infrastructureRef:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
metadata:
description: |-
Standard object's metadata.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
properties:
annotations:
additionalProperties:
type: string
description: |-
annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
type: object
labels:
additionalProperties:
type: string
description: |-
labels is a map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
NodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
remediationStrategy:
description: The RemediationStrategy that controls how control plane
machine remediation happens.
properties:
maxRetry:
description: "MaxRetry is the Max number of retries while attempting
to remediate an unhealthy machine.\nA retry happens when a machine
that was created as a replacement for an unhealthy machine also
fails.\nFor example, given a control plane with three machines
M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and
M1-1 is created as a replacement.\n\tIf M1-1 (replacement of
M1) has problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered a retry,
remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes
unhealthy, remediation-retry #2 will happen, etc.\n\nA retry
could happen only after RetryPeriod from the previous retry.\nIf
a machine is marked as unhealthy after MinHealthyPeriod from
the previous remediation expired,\nthis is not considered a
retry anymore because the new issue is assumed unrelated from
the previous one.\n\nIf not set, the remedation will be retried
infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "MinHealthyPeriod defines the duration after which
KCP will consider any failure to a machine unrelated\nfrom the
previous one. In this case the remediation is not considered
a retry anymore, and thus the retry\ncounter restarts from 0.
For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created as
a replacement.\n\tIf M1-1 (replacement of M1) has problems within
the 1hr after the creation, also\n\tthis machine will be remediated
and this operation is considered a retry - a problem related\n\tto
the original issue happened to M1 -.\n\n\tIf instead the problem
on M1-1 is happening after MinHealthyPeriod expired, e.g. four
days after\n\tm1-1 has been created as a remediation of M1,
the problem on M1-1 is considered unrelated to\n\tthe original
issue happened to M1.\n\nIf not set, this value is defaulted
to 1h."
type: string
retryPeriod:
description: |-
RetryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
replicas:
description: |-
Number of desired machines. Defaults to 1. When stacked etcd is used only
odd numbers are permitted, as per [etcd best practice](https://etcd.io/docs/v3.3.12/faq/#why-an-odd-number-of-cluster-members).
This is a pointer to distinguish between explicit zero and not specified.
format: int32
type: integer
rolloutAfter:
description: |-
RolloutAfter is a field to indicate a rollout should be performed
after the specified time even if no changes have been made to the
KThreesControlPlane
format: date-time
type: string
version:
description: Version defines the desired Kubernetes version.
type: string
required:
- version
type: object
status:
description: KThreesControlPlaneStatus defines the observed state of KThreesControlPlane.
properties:
conditions:
description: Conditions defines current service state of the KThreesControlPlane.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This field may be empty.
maxLength: 10240
minLength: 1
type: string
reason:
description: |-
reason is the reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
maxLength: 256
minLength: 1
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
maxLength: 32
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
maxLength: 256
minLength: 1
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
failureMessage:
description: |-
ErrorMessage indicates that there is a terminal problem reconciling the
state, and will be set to a descriptive error message.
type: string
failureReason:
description: |-
FailureReason indicates that there is a terminal problem reconciling the
state, and will be set to a token value suitable for
programmatic interpretation.
type: string
initialized:
description: Initialized denotes whether or not the k3s server is
initialized.
type: boolean
lastRemediation:
description: LastRemediation stores info about last remediation performed.
properties:
machine:
description: Machine is the machine name of the latest machine
being remediated.
type: string
retryCount:
description: |-
RetryCount used to keep track of remediation retry for the last remediated machine.
A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
format: int32
type: integer
timestamp:
description: Timestamp is when last remediation happened. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
required:
- machine
- retryCount
- timestamp
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: |-
Ready denotes that the KThreesControlPlane API Server is ready to
receive requests.
type: boolean
readyReplicas:
description: Total number of fully running and ready control plane
machines.
format: int32
type: integer
replicas:
description: |-
Total number of non-terminated machines targeted by this control plane
(their labels match the selector).
format: int32
type: integer
selector:
description: |-
Selector is the label selector in string format to avoid introspection
by clients, and is used to provide the CRD-based integration for the
scale subresource and additional integrations for things like kubectl
describe.. The string will be in the same format as the query-param syntax.
More info about label selectors: http://kubernetes.io/docs/user-guide/labels#label-selectors
type: string
unavailableReplicas:
description: |-
Total number of unavailable machines targeted by this control plane.
This is the total number of machines that are still required for
the deployment to have 100% available capacity. They may either
be machines that are running but not yet ready or machines
that still have not been created.
format: int32
type: integer
updatedReplicas:
description: |-
Total number of non-terminated machines targeted by this control plane
that have the desired template spec.
format: int32
type: integer
version:
description: |-
Version represents the minimum Kubernetes version for the control plane machines
in the cluster.
type: string
type: object
type: object
served: true
storage: true
subresources:
scale:
labelSelectorPath: .status.selector
specReplicasPath: .spec.replicas
statusReplicasPath: .status.replicas
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.2
labels:
cluster.x-k8s.io/provider: control-plane-k3s
cluster.x-k8s.io/v1beta1: v1beta1_v1beta2
clusterctl.cluster.x-k8s.io: ""
name: kthreescontrolplanetemplates.controlplane.cluster.x-k8s.io
spec:
group: controlplane.cluster.x-k8s.io
names:
kind: KThreesControlPlaneTemplate
listKind: KThreesControlPlaneTemplateList
plural: kthreescontrolplanetemplates
singular: kthreescontrolplanetemplate
scope: Namespaced
versions:
- name: v1beta2
schema:
openAPIV3Schema:
description: KThreesControlPlaneTemplate is the Schema for the kthreescontrolplanetemplate
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: KThreesControlPlaneTemplateSpec defines the desired state
of KThreesControlPlaneTemplateSpec.
properties:
template:
properties:
metadata:
description: |-
Standard object's metadata.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
type: object
spec:
properties:
kthreesConfigSpec:
description: |-
KThreesConfigSpec is a KThreesConfigSpec
to use for initializing and joining machines to the control plane.
properties:
agentConfig:
description: AgentConfig specifies configuration for the
agent nodes
properties:
airGapped:
description: |-
AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
basically supposing that online container registries and k3s install scripts are not reachable.
User should prepare docker image, k3s binary, and put the install script in AirGappedInstallScriptPath (default path: "/opt/install.sh")
on all nodes in the air-gap environment.
type: boolean
airGappedInstallScriptPath:
description: |-
AirGappedInstallScriptPath is the path to the install script in the air-gapped environment.
The install script should be prepared by the user. The value is only
used when AirGapped is set to true (default: "/opt/install.sh").
type: string
kubeProxyArgs:
description: KubeProxyArgs Customized flag for kube-proxy
process
items:
type: string
type: array
kubeletArgs:
description: KubeletArgs Customized flag for kubelet
process
items:
type: string
type: array
nodeLabels:
description: NodeLabels Registering and starting
kubelet with set of labels
items:
type: string
type: array
nodeName:
description: NodeName Name of the Node
type: string
nodeTaints:
description: NodeTaints Registering kubelet with set
of taints
items:
type: string
type: array
privateRegistry:
description: 'PrivateRegistry registry configuration
file (default: "/etc/rancher/k3s/registries.yaml")'
type: string
type: object
files:
description: Files specifies extra files to be passed
to user_data upon creation.
items:
description: File defines the input for generating write_files
in cloud-init.
properties:
content:
description: Content is the actual content of the
file.
type: string
contentFrom:
description: ContentFrom is a referenced source
of content to populate the file.
properties:
secret:
description: Secret represents a secret that
should populate this file.
properties:
key:
description: Key is the key in the secret's
data map for this value.
type: string
name:
description: Name of the secret in the KThreesBootstrapConfig's
namespace to use.
type: string
required:
- key
- name
type: object
required:
- secret
type: object
encoding:
description: Encoding specifies the encoding of
the file contents.
enum:
- base64
- gzip
- gzip+base64
type: string
owner:
description: Owner specifies the ownership of the
file, e.g. "root:root".
type: string
path:
description: Path specifies the full path on disk
where to store the file.
type: string
permissions:
description: Permissions specifies the permissions
to assign to the file, e.g. "0640".
type: string
required:
- path
type: object
type: array
postK3sCommands:
description: PostK3sCommands specifies extra commands
to run after k3s setup runs
items:
type: string
type: array
preK3sCommands:
description: PreK3sCommands specifies extra commands to
run before k3s setup runs
items:
type: string
type: array
serverConfig:
description: ServerConfig specifies configuration for
the agent nodes
properties:
advertiseAddress:
description: 'AdvertiseAddress IP address that apiserver
uses to advertise to members of the cluster (default:
node-external-ip/node-ip)'
type: string
advertisePort:
description: 'AdvertisePort Port that apiserver uses
to advertise to members of the cluster (default:
listen-port) (default: 0)'
type: string
bindAddress:
description: 'BindAddress k3s bind address (default:
0.0.0.0)'
type: string
cloudProviderName:
description: 'CloudProviderName defines the --cloud-provider=
kubelet extra arg. (default: "external")'
type: string
clusterCidr:
description: 'ClusterCidr Network CIDR to use for
pod IPs (default: "10.42.0.0/16")'
type: string
clusterDNS:
description: 'ClusterDNS Cluster IP for coredns service.
Should be in your service-cidr range (default: 10.43.0.10)'
type: string
clusterDomain:
description: 'ClusterDomain Cluster Domain (default:
"cluster.local")'
type: string
disableCloudController:
description: 'DisableCloudController disables k3s
default cloud controller manager. (default: true)'
type: boolean
disableComponents:
description: DisableComponents specifies extra commands
to run before k3s setup runs
items:
type: string
type: array
disableExternalCloudProvider:
description: 'DeprecatedDisableExternalCloudProvider
suppresses the ''cloud-provider=external'' kubelet
argument. (default: false)'
type: boolean
etcdProxyImage:
description: 'Customized etcd proxy image for management
cluster to communicate with workload cluster etcd
(default: "alpine/socat")'
type: string
httpsListenPort:
description: 'HTTPSListenPort HTTPS listen port (default:
6443)'
type: string
kubeAPIServerArg:
description: KubeAPIServerArgs is a customized flag
for kube-apiserver process
items:
type: string
type: array
kubeControllerManagerArgs:
description: KubeControllerManagerArgs is a customized
flag for kube-controller-manager process
items:
type: string
type: array
kubeSchedulerArgs:
description: KubeSchedulerArgs is a customized flag
for kube-scheduler process
items:
type: string
type: array
serviceCidr:
description: 'ServiceCidr Network CIDR to use for
services IPs (default: "10.43.0.0/16")'
type: string
systemDefaultRegistry:
description: SystemDefaultRegistry defines private
registry to be used for all system images
type: string
tlsSan:
description: TLSSan Add additional hostname or IP
as a Subject Alternative Name in the TLS cert
items:
type: string
type: array
type: object
version:
description: Version specifies the k3s version
type: string
type: object
machineTemplate:
description: |-
MachineTemplate contains information about how machines should be shaped
when creating or updating a control plane.
properties:
infrastructureRef:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
metadata:
description: |-
Standard object's metadata.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
properties:
annotations:
additionalProperties:
type: string
description: |-
annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
type: object
labels:
additionalProperties:
type: string
description: |-
labels is a map of string keys and values that can be used to organize and categorize
(scope and select) objects. May match selectors of replication controllers
and services.
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
NodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
NodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
remediationStrategy:
description: The RemediationStrategy that controls how control
plane machine remediation happens.
properties:
maxRetry:
description: "MaxRetry is the Max number of retries while
attempting to remediate an unhealthy machine.\nA retry
happens when a machine that was created as a replacement
for an unhealthy machine also fails.\nFor example, given
a control plane with three machines M1, M2, M3:\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created
as a replacement.\n\tIf M1-1 (replacement of M1) has
problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered
a retry, remediation-retry #1.\n\tIf M1-2 (replacement
of M1-1) becomes unhealthy, remediation-retry #2 will
happen, etc.\n\nA retry could happen only after RetryPeriod
from the previous retry.\nIf a machine is marked as
unhealthy after MinHealthyPeriod from the previous remediation
expired,\nthis is not considered a retry anymore because
the new issue is assumed unrelated from the previous
one.\n\nIf not set, the remedation will be retried infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "MinHealthyPeriod defines the duration after
which KCP will consider any failure to a machine unrelated\nfrom
the previous one. In this case the remediation is not
considered a retry anymore, and thus the retry\ncounter
restarts from 0. For example, assuming MinHealthyPeriod
is set to 1h (default)\n\n\tM1 become unhealthy; remediation
happens, and M1-1 is created as a replacement.\n\tIf
M1-1 (replacement of M1) has problems within the 1hr
after the creation, also\n\tthis machine will be remediated
and this operation is considered a retry - a problem
related\n\tto the original issue happened to M1 -.\n\n\tIf
instead the problem on M1-1 is happening after MinHealthyPeriod
expired, e.g. four days after\n\tm1-1 has been created
as a remediation of M1, the problem on M1-1 is considered
unrelated to\n\tthe original issue happened to M1.\n\nIf
not set, this value is defaulted to 1h."
type: string
retryPeriod:
description: |-
RetryPeriod is the duration that KCP should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
rolloutAfter:
description: |-
RolloutAfter is a field to indicate an rollout should be performed
after the specified time even if no changes have been made to the
KThreesControlPlane
format: date-time
type: string
type: object
required:
- spec
type: object
required:
- template
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-k3s
name: capi-k3s-control-plane-leader-election-role
namespace: capi-k3s-control-plane-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-k3s
name: capi-k3s-control-plane-manager-role
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- bootstrap.cluster.x-k8s.io
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-k3s
name: capi-k3s-control-plane-leader-election-rolebinding
namespace: capi-k3s-control-plane-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: capi-k3s-control-plane-leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: capi-k3s-control-plane-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-k3s
name: capi-k3s-control-plane-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: capi-k3s-control-plane-manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: capi-k3s-control-plane-system
---
apiVersion: v1
kind: Service
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-k3s
name: capi-k3s-control-plane-webhook-service
namespace: capi-k3s-control-plane-system
spec:
ports:
- port: 443
targetPort: 9443
selector:
cluster.x-k8s.io/provider: control-plane-k3s
control-plane: controller-manager
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-k3s
control-plane: controller-manager
name: capi-k3s-control-plane-controller-manager
namespace: capi-k3s-control-plane-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: control-plane-k3s
control-plane: controller-manager
template:
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-k3s
control-plane: controller-manager
spec:
containers:
- args:
- --enable-leader-election
command:
- /manager
image: ghcr.io/richardcase/cluster-api-k3s/controlplane-controller:v100.0.0-dt
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: capi-k3s-control-plane-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-k3s
name: capi-k3s-control-plane-serving-cert
namespace: capi-k3s-control-plane-system
spec:
dnsNames:
- capi-k3s-control-plane-webhook-service.capi-k3s-control-plane-system.svc
- capi-k3s-control-plane-webhook-service.capi-k3s-control-plane-system.svc.cluster.local
issuerRef:
kind: Issuer
name: capi-k3s-control-plane-selfsigned-issuer
secretName: capi-k3s-control-plane-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
cluster.x-k8s.io/provider: control-plane-k3s
name: capi-k3s-control-plane-selfsigned-issuer
namespace: capi-k3s-control-plane-system
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: capi-k3s-control-plane-system/capi-k3s-control-plane-serving-cert
labels:
cluster.x-k8s.io/provider: control-plane-k3s
name: capi-k3s-control-plane-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: capi-k3s-control-plane-webhook-service
namespace: capi-k3s-control-plane-system
path: /mutate-controlplane-cluster-x-k8s-io-v1beta2-kthreescontrolplane
failurePolicy: Fail
matchPolicy: Equivalent
name: default.kthreescontrolplane.controlplane.cluster.x-k8s.io
rules:
- apiGroups:
- controlplane.cluster.x-k8s.io
apiVersions:
- v1beta2
operations:
- CREATE
- UPDATE
resources:
- kthreescontrolplanes
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: capi-k3s-control-plane-system/capi-k3s-control-plane-serving-cert
labels:
cluster.x-k8s.io/provider: control-plane-k3s
name: capi-k3s-control-plane-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: capi-k3s-control-plane-webhook-service
namespace: capi-k3s-control-plane-system
path: /validate-controlplane-cluster-x-k8s-io-v1beta2-kthreescontrolplane
failurePolicy: Fail
matchPolicy: Equivalent
name: validation.kthreescontrolplane.controlplane.cluster.x-k8s.io
rules:
- apiGroups:
- controlplane.cluster.x-k8s.io
apiVersions:
- v1beta2
operations:
- CREATE
- UPDATE
resources:
- kthreescontrolplanes
sideEffects: None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment