diff --git a/bootstrap/kubeadm/api/v1alpha4/kubeadm_types.go b/bootstrap/kubeadm/api/v1alpha4/kubeadm_types.go index a4fd713ed0cb..ef5d79dd3189 100644 --- a/bootstrap/kubeadm/api/v1alpha4/kubeadm_types.go +++ b/bootstrap/kubeadm/api/v1alpha4/kubeadm_types.go @@ -133,9 +133,11 @@ type ControlPlaneComponent struct { // ExtraArgs is an extra set of flags to pass to the control plane component. // TODO: This is temporary and ideally we would like to switch all components to // use ComponentConfig + ConfigMaps. + // +optional ExtraArgs map[string]string `json:"extraArgs,omitempty"` // ExtraVolumes is an extra set of host volumes, mounted to the control plane component. + // +optional ExtraVolumes []HostPathMount `json:"extraVolumes,omitempty"` } @@ -144,9 +146,11 @@ type APIServer struct { ControlPlaneComponent `json:",inline"` // CertSANs sets extra Subject Alternative Names for the API Server signing cert. + // +optional CertSANs []string `json:"certSANs,omitempty"` // TimeoutForControlPlane controls the timeout that we use for API server to appear + // +optional TimeoutForControlPlane *metav1.Duration `json:"timeoutForControlPlane,omitempty"` } @@ -161,10 +165,12 @@ type DNS struct { type ImageMeta struct { // ImageRepository sets the container registry to pull images from. // if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + // +optional ImageRepository string `json:"imageRepository,omitempty"` // ImageTag allows to specify a tag for the image. // In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + // +optional ImageTag string `json:"imageTag,omitempty"` //TODO: evaluate if we need also a ImageName based on user feedbacks @@ -174,6 +180,8 @@ type ImageMeta struct { // ClusterStatus contains the cluster status. The ClusterStatus will be stored in the kubeadm-config // ConfigMap in the cluster, and then updated by kubeadm when additional control plane instance joins or leaves the cluster. +// Deprecated: ClusterStatus has been removed from kubeadm v1beta3 API; This type is preserved only to support +// conversion to older versions of the kubeadm API. type ClusterStatus struct { metav1.TypeMeta `json:",inline"` @@ -185,11 +193,13 @@ type ClusterStatus struct { // APIEndpoint struct contains elements of API server instance deployed on a node. type APIEndpoint struct { // AdvertiseAddress sets the IP address for the API server to advertise. - AdvertiseAddress string `json:"advertiseAddress"` + // +optional + AdvertiseAddress string `json:"advertiseAddress,omitempty"` // BindPort sets the secure port for the API Server to bind to. // Defaults to 6443. - BindPort int32 `json:"bindPort"` + // +optional + BindPort int32 `json:"bindPort,omitempty"` } // NodeRegistrationOptions holds fields that relate to registering a new control-plane or node to the cluster, either via "kubeadm init" or "kubeadm join". @@ -208,7 +218,6 @@ type NodeRegistrationOptions struct { // Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process // it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=""'}. If you don't want to taint your control-plane node, set this field to an // empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration. - // +optional Taints []corev1.Taint `json:"taints,omitempty"` // KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file @@ -242,18 +251,23 @@ type BootstrapToken struct { Token *BootstrapTokenString `json:"token"` // Description sets a human-friendly message why this token exists and what it's used // for, so other administrators can know its purpose. + // +optional Description string `json:"description,omitempty"` // TTL defines the time to live for this token. Defaults to 24h. // Expires and TTL are mutually exclusive. + // +optional TTL *metav1.Duration `json:"ttl,omitempty"` // Expires specifies the timestamp when this token expires. Defaults to being set // dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. + // +optional Expires *metav1.Time `json:"expires,omitempty"` // Usages describes the ways in which this token can be used. Can by default be used // for establishing bidirectional trust, but that can be changed here. + // +optional Usages []string `json:"usages,omitempty"` // Groups specifies the extra groups that this token will authenticate as when/if // used for authentication + // +optional Groups []string `json:"groups,omitempty"` } @@ -262,10 +276,12 @@ type Etcd struct { // Local provides configuration knobs for configuring the local etcd instance // Local and External are mutually exclusive + // +optional Local *LocalEtcd `json:"local,omitempty"` // External describes how to connect to an external etcd cluster // Local and External are mutually exclusive + // +optional External *ExternalEtcd `json:"external,omitempty"` } @@ -281,11 +297,14 @@ type LocalEtcd struct { // ExtraArgs are extra arguments provided to the etcd binary // when run inside a static pod. + // +optional ExtraArgs map[string]string `json:"extraArgs,omitempty"` // ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert. + // +optional ServerCertSANs []string `json:"serverCertSANs,omitempty"` // PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. + // +optional PeerCertSANs []string `json:"peerCertSANs,omitempty"` } @@ -341,6 +360,7 @@ type JoinConfiguration struct { // JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node. type JoinControlPlane struct { // LocalAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. + // +optional LocalAPIEndpoint APIEndpoint `json:"localAPIEndpoint,omitempty"` } @@ -348,20 +368,22 @@ type JoinControlPlane struct { type Discovery struct { // BootstrapToken is used to set the options for bootstrap token based discovery // BootstrapToken and File are mutually exclusive + // +optional BootstrapToken *BootstrapTokenDiscovery `json:"bootstrapToken,omitempty"` // File is used to specify a file or URL to a kubeconfig file from which to load cluster information // BootstrapToken and File are mutually exclusive + // +optional File *FileDiscovery `json:"file,omitempty"` // TLSBootstrapToken is a token used for TLS bootstrapping. // If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. // If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information // +optional - // TODO: revisit when there is defaulting from k/k TLSBootstrapToken string `json:"tlsBootstrapToken,omitempty"` // Timeout modifies the discovery timeout + // +optional Timeout *metav1.Duration `json:"timeout,omitempty"` } @@ -372,6 +394,7 @@ type BootstrapTokenDiscovery struct { Token string `json:"token"` // APIServerEndpoint is an IP or domain name to the API server from which info will be fetched. + // +optional APIServerEndpoint string `json:"apiServerEndpoint,omitempty"` // CACertHashes specifies a set of public key pins to verify @@ -382,12 +405,14 @@ type BootstrapTokenDiscovery struct { // SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded // ASN.1. These hashes can be calculated using, for example, OpenSSL: // openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex + // +optional CACertHashes []string `json:"caCertHashes,omitempty"` // UnsafeSkipCAVerification allows token-based discovery // without CA verification via CACertHashes. This can weaken // the security of kubeadm since other nodes can impersonate the control-plane. - UnsafeSkipCAVerification bool `json:"unsafeSkipCAVerification"` + // +optional + UnsafeSkipCAVerification bool `json:"unsafeSkipCAVerification,omitempty"` } // FileDiscovery is used to specify a file or URL to a kubeconfig file from which to load cluster information. @@ -407,8 +432,10 @@ type HostPathMount struct { // MountPath is the path inside the pod where hostPath will be mounted. MountPath string `json:"mountPath"` // ReadOnly controls write access to the volume + // +optional ReadOnly bool `json:"readOnly,omitempty"` // PathType is the type of the HostPath. + // +optional PathType corev1.HostPathType `json:"pathType,omitempty"` } diff --git a/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml b/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml index 753978e69be9..973e04583564 100644 --- a/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml +++ b/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml @@ -1559,9 +1559,6 @@ spec: to bind to. Defaults to 6443. format: int32 type: integer - required: - - advertiseAddress - - bindPort type: object nodeRegistration: description: NodeRegistration holds fields that relate to registering @@ -1665,9 +1662,6 @@ spec: Server to bind to. Defaults to 6443. format: int32 type: integer - required: - - advertiseAddress - - bindPort type: object type: object discovery: @@ -1711,7 +1705,6 @@ spec: type: boolean required: - token - - unsafeSkipCAVerification type: object file: description: File is used to specify a file or URL to a kubeconfig @@ -1730,12 +1723,11 @@ spec: description: Timeout modifies the discovery timeout type: string tlsBootstrapToken: - description: 'TLSBootstrapToken is a token used for TLS bootstrapping. + description: TLSBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any - other authentication information TODO: revisit when there - is defaulting from k/k' + other authentication information type: string type: object kind: diff --git a/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml b/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml index 66f507d2e4cc..38d94d631224 100644 --- a/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml +++ b/bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml @@ -1586,9 +1586,6 @@ spec: API Server to bind to. Defaults to 6443. format: int32 type: integer - required: - - advertiseAddress - - bindPort type: object nodeRegistration: description: NodeRegistration holds fields that relate @@ -1698,9 +1695,6 @@ spec: the API Server to bind to. Defaults to 6443. format: int32 type: integer - required: - - advertiseAddress - - bindPort type: object type: object discovery: @@ -1747,7 +1741,6 @@ spec: type: boolean required: - token - - unsafeSkipCAVerification type: object file: description: File is used to specify a file or URL @@ -1767,13 +1760,12 @@ spec: description: Timeout modifies the discovery timeout type: string tlsBootstrapToken: - description: 'TLSBootstrapToken is a token used for + description: TLSBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain - any other authentication information TODO: revisit - when there is defaulting from k/k' + any other authentication information type: string type: object kind: diff --git a/bootstrap/kubeadm/types/v1beta3/conversion.go b/bootstrap/kubeadm/types/v1beta3/conversion.go index d4ffc03cc302..22f872bdd582 100644 --- a/bootstrap/kubeadm/types/v1beta3/conversion.go +++ b/bootstrap/kubeadm/types/v1beta3/conversion.go @@ -59,10 +59,15 @@ func (dst *JoinConfiguration) ConvertFrom(srcRaw conversion.Hub) error { } func Convert_v1beta3_InitConfiguration_To_v1alpha4_InitConfiguration(in *InitConfiguration, out *bootstrapv1.InitConfiguration, s apimachineryconversion.Scope) error { - // InitConfiguration.CertificateKey exists in v1beta3 types but not in bootstrapv1.InitConfiguration (Cluster API does not uses automatic copy certs). Ignoring when converting. + // InitConfiguration.CertificateKey and SkipPhases exists in v1beta3 types but not in bootstrapv1.InitConfiguration (Cluster API does not uses automatic copy certs or does not support SkipPhases for now)). Ignoring when converting. return autoConvert_v1beta3_InitConfiguration_To_v1alpha4_InitConfiguration(in, out, s) } +func Convert_v1beta3_JoinConfiguration_To_v1alpha4_JoinConfiguration(in *JoinConfiguration, out *bootstrapv1.JoinConfiguration, s apimachineryconversion.Scope) error { + // JoinConfiguration.SkipPhases exists in v1beta3 types but not in bootstrapv1.JoinConfiguration (Cluster API does not support SkipPhases for now). Ignoring when converting. + return autoConvert_v1beta3_JoinConfiguration_To_v1alpha4_JoinConfiguration(in, out, s) +} + func Convert_v1beta3_NodeRegistrationOptions_To_v1alpha4_NodeRegistrationOptions(in *NodeRegistrationOptions, out *bootstrapv1.NodeRegistrationOptions, s apimachineryconversion.Scope) error { // NodeRegistrationOptions.IgnorePreflightErrors exists in v1beta3 types but not in bootstrapv1.NodeRegistrationOptions (Cluster API does not support it for now). Ignoring when converting. return autoConvert_v1beta3_NodeRegistrationOptions_To_v1alpha4_NodeRegistrationOptions(in, out, s) diff --git a/bootstrap/kubeadm/types/v1beta3/conversion_test.go b/bootstrap/kubeadm/types/v1beta3/conversion_test.go index 464d0150aeec..9b7c27a4bdbe 100644 --- a/bootstrap/kubeadm/types/v1beta3/conversion_test.go +++ b/bootstrap/kubeadm/types/v1beta3/conversion_test.go @@ -65,6 +65,7 @@ func fuzzFuncs(_ runtimeserializer.CodecFactory) []interface{} { return []interface{}{ nodeRegistrationOptionsFuzzer, initConfigurationFuzzer, + joinConfigurationFuzzer, joinControlPlanesFuzzer, } } @@ -88,4 +89,14 @@ func initConfigurationFuzzer(obj *InitConfiguration, c fuzz.Continue) { // InitConfiguration.CertificateKey does not exists in v1alpha4, so setting it to empty string in order to avoid v1beta3 --> v1alpha4 --> v1beta3 round trip errors. obj.CertificateKey = "" + + // InitConfiguration.SkipPhases does not exists in v1alpha4, so setting it to empty string in order to avoid v1beta3 --> v1alpha4 --> v1beta3 round trip errors. + obj.SkipPhases = nil +} + +func joinConfigurationFuzzer(obj *JoinConfiguration, c fuzz.Continue) { + c.Fuzz(obj) + + // JoinConfiguration.SkipPhases does not exists in v1alpha4, so setting it to empty string in order to avoid v1beta3 --> v1alpha4 --> v1beta3 round trip errors. + obj.SkipPhases = nil } diff --git a/bootstrap/kubeadm/types/v1beta3/types.go b/bootstrap/kubeadm/types/v1beta3/types.go index b1002124e2c5..bfb344122912 100644 --- a/bootstrap/kubeadm/types/v1beta3/types.go +++ b/bootstrap/kubeadm/types/v1beta3/types.go @@ -34,9 +34,11 @@ type InitConfiguration struct { // BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. // This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature + // +optional BootstrapTokens []BootstrapToken `json:"bootstrapTokens,omitempty"` // NodeRegistration holds fields that relate to registering the new control-plane node to the cluster + // +optional NodeRegistration NodeRegistrationOptions `json:"nodeRegistration,omitempty"` // LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node @@ -45,11 +47,19 @@ type InitConfiguration struct { // configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible // on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process // fails you may set the desired value here. + // +optional LocalAPIEndpoint APIEndpoint `json:"localAPIEndpoint,omitempty"` // CertificateKey sets the key with which certificates and keys are encrypted prior to being uploaded in // a secret in the cluster during the uploadcerts init phase. + // +optional CertificateKey string `json:"certificateKey,omitempty"` + + // SkipPhases is a list of phases to skip during command execution. + // The list of phases can be obtained with the "kubeadm init --help" command. + // The flag "--skip-phases" takes precedence over this field. + // +optional + SkipPhases []string `json:"skipPhases,omitempty"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -59,12 +69,15 @@ type ClusterConfiguration struct { metav1.TypeMeta `json:",inline"` // Etcd holds configuration for etcd. + // +optional Etcd Etcd `json:"etcd,omitempty"` // Networking holds configuration for the networking topology of the cluster. + // +optional Networking Networking `json:"networking,omitempty"` // KubernetesVersion is the target version of the control plane. + // +optional KubernetesVersion string `json:"kubernetesVersion,omitempty"` // ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it @@ -78,33 +91,42 @@ type ClusterConfiguration struct { // control plane instances. // e.g. in environments with enforced node recycling, the ControlPlaneEndpoint // could be used for assigning a stable DNS to the control plane. + // +optional ControlPlaneEndpoint string `json:"controlPlaneEndpoint,omitempty"` // APIServer contains extra settings for the API server control plane component + // +optional APIServer APIServer `json:"apiServer,omitempty"` // ControllerManager contains extra settings for the controller manager control plane component + // +optional ControllerManager ControlPlaneComponent `json:"controllerManager,omitempty"` // Scheduler contains extra settings for the scheduler control plane component + // +optional Scheduler ControlPlaneComponent `json:"scheduler,omitempty"` // DNS defines the options for the DNS add-on installed in the cluster. + // +optional DNS DNS `json:"dns,omitempty"` // CertificatesDir specifies where to store or look for all required certificates. + // +optional CertificatesDir string `json:"certificatesDir,omitempty"` // ImageRepository sets the container registry to pull images from. // If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) // `gcr.io/k8s-staging-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` // will be used for all the other images. + // +optional ImageRepository string `json:"imageRepository,omitempty"` // FeatureGates enabled by the user. + // +optional FeatureGates map[string]bool `json:"featureGates,omitempty"` // The cluster name + // +optional ClusterName string `json:"clusterName,omitempty"` } @@ -113,9 +135,11 @@ type ControlPlaneComponent struct { // ExtraArgs is an extra set of flags to pass to the control plane component. // TODO: This is temporary and ideally we would like to switch all components to // use ComponentConfig + ConfigMaps. + // +optional ExtraArgs map[string]string `json:"extraArgs,omitempty"` // ExtraVolumes is an extra set of host volumes, mounted to the control plane component. + // +optional ExtraVolumes []HostPathMount `json:"extraVolumes,omitempty"` } @@ -124,9 +148,11 @@ type APIServer struct { ControlPlaneComponent `json:",inline"` // CertSANs sets extra Subject Alternative Names for the API Server signing cert. + // +optional CertSANs []string `json:"certSANs,omitempty"` // TimeoutForControlPlane controls the timeout that we use for API server to appear + // +optional TimeoutForControlPlane *metav1.Duration `json:"timeoutForControlPlane,omitempty"` } @@ -144,10 +170,12 @@ type DNS struct { type ImageMeta struct { // ImageRepository sets the container registry to pull images from. // if not set, the ImageRepository defined in ClusterConfiguration will be used instead. + // +optional ImageRepository string `json:"imageRepository,omitempty"` // ImageTag allows to specify a tag for the image. // In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + // +optional ImageTag string `json:"imageTag,omitempty"` //TODO: evaluate if we need also a ImageName based on user feedbacks @@ -156,10 +184,12 @@ type ImageMeta struct { // APIEndpoint struct contains elements of API server instance deployed on a node. type APIEndpoint struct { // AdvertiseAddress sets the IP address for the API server to advertise. + // +optional AdvertiseAddress string `json:"advertiseAddress,omitempty"` // BindPort sets the secure port for the API Server to bind to. // Defaults to 6443. + // +optional BindPort int32 `json:"bindPort,omitempty"` } @@ -169,9 +199,11 @@ type NodeRegistrationOptions struct { // Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm join` operation. // This field is also used in the CommonName field of the kubelet's client certificate to the API server. // Defaults to the hostname of the node if not provided. + // +optional Name string `json:"name,omitempty"` // CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use + // +optional CRISocket string `json:"criSocket,omitempty"` // Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process @@ -182,19 +214,24 @@ type NodeRegistrationOptions struct { // KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file // kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap // Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on. + // +optional KubeletExtraArgs map[string]string `json:"kubeletExtraArgs,omitempty"` // IgnorePreflightErrors provides a slice of pre-flight errors to be ignored when the current node is registered. + // +optional IgnorePreflightErrors []string `json:"ignorePreflightErrors,omitempty"` } // Networking contains elements describing cluster's networking configuration. type Networking struct { // ServiceSubnet is the subnet used by k8s services. Defaults to "10.96.0.0/12". + // +optional ServiceSubnet string `json:"serviceSubnet,omitempty"` // PodSubnet is the subnet used by pods. + // +optional PodSubnet string `json:"podSubnet,omitempty"` // DNSDomain is the dns domain used by k8s services. Defaults to "cluster.local". + // +optional DNSDomain string `json:"dnsDomain,omitempty"` } @@ -205,18 +242,23 @@ type BootstrapToken struct { Token *BootstrapTokenString `json:"token" datapolicy:"token"` // Description sets a human-friendly message why this token exists and what it's used // for, so other administrators can know its purpose. + // +optional Description string `json:"description,omitempty"` // TTL defines the time to live for this token. Defaults to 24h. // Expires and TTL are mutually exclusive. + // +optional TTL *metav1.Duration `json:"ttl,omitempty"` // Expires specifies the timestamp when this token expires. Defaults to being set // dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive. + // +optional Expires *metav1.Time `json:"expires,omitempty"` // Usages describes the ways in which this token can be used. Can by default be used // for establishing bidirectional trust, but that can be changed here. + // +optional Usages []string `json:"usages,omitempty"` // Groups specifies the extra groups that this token will authenticate as when/if // used for authentication + // +optional Groups []string `json:"groups,omitempty"` } @@ -225,10 +267,12 @@ type Etcd struct { // Local provides configuration knobs for configuring the local etcd instance // Local and External are mutually exclusive + // +optional Local *LocalEtcd `json:"local,omitempty"` // External describes how to connect to an external etcd cluster // Local and External are mutually exclusive + // +optional External *ExternalEtcd `json:"external,omitempty"` } @@ -243,11 +287,14 @@ type LocalEtcd struct { // ExtraArgs are extra arguments provided to the etcd binary // when run inside a static pod. + // +optional ExtraArgs map[string]string `json:"extraArgs,omitempty"` // ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert. + // +optional ServerCertSANs []string `json:"serverCertSANs,omitempty"` // PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert. + // +optional PeerCertSANs []string `json:"peerCertSANs,omitempty"` } @@ -277,11 +324,13 @@ type JoinConfiguration struct { metav1.TypeMeta `json:",inline"` // NodeRegistration holds fields that relate to registering the new control-plane node to the cluster + // +optional NodeRegistration NodeRegistrationOptions `json:"nodeRegistration,omitempty"` // CACertPath is the path to the SSL certificate authority used to // secure comunications between node and control-plane. // Defaults to "/etc/kubernetes/pki/ca.crt". + // +optional CACertPath string `json:"caCertPath,omitempty"` // Discovery specifies the options for the kubelet to use during the TLS Bootstrap process @@ -289,16 +338,25 @@ type JoinConfiguration struct { // ControlPlane defines the additional control plane instance to be deployed on the joining node. // If nil, no additional control plane instance will be deployed. + // +optional ControlPlane *JoinControlPlane `json:"controlPlane,omitempty"` + + // SkipPhases is a list of phases to skip during command execution. + // The list of phases can be obtained with the "kubeadm join --help" command. + // The flag "--skip-phases" takes precedence over this field. + // +optional + SkipPhases []string `json:"skipPhases,omitempty"` } // JoinControlPlane contains elements describing an additional control plane instance to be deployed on the joining node. type JoinControlPlane struct { // LocalAPIEndpoint represents the endpoint of the API server instance to be deployed on this node. + // +optional LocalAPIEndpoint APIEndpoint `json:"localAPIEndpoint,omitempty"` // CertificateKey is the key that is used for decryption of certificates after they are downloaded from the secret // upon joining a new control plane node. The corresponding encryption key is in the InitConfiguration. + // +optional CertificateKey string `json:"certificateKey,omitempty"` } @@ -306,18 +364,22 @@ type JoinControlPlane struct { type Discovery struct { // BootstrapToken is used to set the options for bootstrap token based discovery // BootstrapToken and File are mutually exclusive + // +optional BootstrapToken *BootstrapTokenDiscovery `json:"bootstrapToken,omitempty"` // File is used to specify a file or URL to a kubeconfig file from which to load cluster information // BootstrapToken and File are mutually exclusive + // +optional File *FileDiscovery `json:"file,omitempty"` // TLSBootstrapToken is a token used for TLS bootstrapping. // If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. // If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information + // +optional TLSBootstrapToken string `json:"tlsBootstrapToken,omitempty" datapolicy:"token"` // Timeout modifies the discovery timeout + // +optional Timeout *metav1.Duration `json:"timeout,omitempty"` } @@ -328,6 +390,7 @@ type BootstrapTokenDiscovery struct { Token string `json:"token" datapolicy:"token"` // APIServerEndpoint is an IP or domain name to the API server from which info will be fetched. + // +optional APIServerEndpoint string `json:"apiServerEndpoint,omitempty"` // CACertHashes specifies a set of public key pins to verify @@ -337,11 +400,13 @@ type BootstrapTokenDiscovery struct { // where the only currently supported type is "sha256". This is a hex-encoded // SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded // ASN.1. These hashes can be calculated using, for example, OpenSSL. + // +optional CACertHashes []string `json:"caCertHashes,omitempty" datapolicy:"security-key"` // UnsafeSkipCAVerification allows token-based discovery // without CA verification via CACertHashes. This can weaken // the security of kubeadm since other nodes can impersonate the control-plane. + // +optional UnsafeSkipCAVerification bool `json:"unsafeSkipCAVerification,omitempty"` } @@ -362,7 +427,9 @@ type HostPathMount struct { // MountPath is the path inside the pod where hostPath will be mounted. MountPath string `json:"mountPath"` // ReadOnly controls write access to the volume + // +optional ReadOnly bool `json:"readOnly,omitempty"` // PathType is the type of the HostPath. + // +optional PathType corev1.HostPathType `json:"pathType,omitempty"` } diff --git a/bootstrap/kubeadm/types/v1beta3/zz_generated.conversion.go b/bootstrap/kubeadm/types/v1beta3/zz_generated.conversion.go index 0e4d36086538..1c2b6362fea7 100644 --- a/bootstrap/kubeadm/types/v1beta3/zz_generated.conversion.go +++ b/bootstrap/kubeadm/types/v1beta3/zz_generated.conversion.go @@ -182,11 +182,6 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*JoinConfiguration)(nil), (*v1alpha4.JoinConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1beta3_JoinConfiguration_To_v1alpha4_JoinConfiguration(a.(*JoinConfiguration), b.(*v1alpha4.JoinConfiguration), scope) - }); err != nil { - return err - } if err := s.AddGeneratedConversionFunc((*v1alpha4.JoinConfiguration)(nil), (*JoinConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha4_JoinConfiguration_To_v1beta3_JoinConfiguration(a.(*v1alpha4.JoinConfiguration), b.(*JoinConfiguration), scope) }); err != nil { @@ -227,6 +222,11 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddConversionFunc((*JoinConfiguration)(nil), (*v1alpha4.JoinConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta3_JoinConfiguration_To_v1alpha4_JoinConfiguration(a.(*JoinConfiguration), b.(*v1alpha4.JoinConfiguration), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*JoinControlPlane)(nil), (*v1alpha4.JoinControlPlane)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1beta3_JoinControlPlane_To_v1alpha4_JoinControlPlane(a.(*JoinControlPlane), b.(*v1alpha4.JoinControlPlane), scope) }); err != nil { @@ -633,6 +633,7 @@ func autoConvert_v1beta3_InitConfiguration_To_v1alpha4_InitConfiguration(in *Ini return err } // WARNING: in.CertificateKey requires manual conversion: does not exist in peer-type + // WARNING: in.SkipPhases requires manual conversion: does not exist in peer-type return nil } @@ -669,14 +670,10 @@ func autoConvert_v1beta3_JoinConfiguration_To_v1alpha4_JoinConfiguration(in *Joi } else { out.ControlPlane = nil } + // WARNING: in.SkipPhases requires manual conversion: does not exist in peer-type return nil } -// Convert_v1beta3_JoinConfiguration_To_v1alpha4_JoinConfiguration is an autogenerated conversion function. -func Convert_v1beta3_JoinConfiguration_To_v1alpha4_JoinConfiguration(in *JoinConfiguration, out *v1alpha4.JoinConfiguration, s conversion.Scope) error { - return autoConvert_v1beta3_JoinConfiguration_To_v1alpha4_JoinConfiguration(in, out, s) -} - func autoConvert_v1alpha4_JoinConfiguration_To_v1beta3_JoinConfiguration(in *v1alpha4.JoinConfiguration, out *JoinConfiguration, s conversion.Scope) error { if err := Convert_v1alpha4_NodeRegistrationOptions_To_v1beta3_NodeRegistrationOptions(&in.NodeRegistration, &out.NodeRegistration, s); err != nil { return err diff --git a/bootstrap/kubeadm/types/v1beta3/zz_generated.deepcopy.go b/bootstrap/kubeadm/types/v1beta3/zz_generated.deepcopy.go index 558b2648ab3c..6d65c51997fa 100644 --- a/bootstrap/kubeadm/types/v1beta3/zz_generated.deepcopy.go +++ b/bootstrap/kubeadm/types/v1beta3/zz_generated.deepcopy.go @@ -354,6 +354,11 @@ func (in *InitConfiguration) DeepCopyInto(out *InitConfiguration) { } in.NodeRegistration.DeepCopyInto(&out.NodeRegistration) out.LocalAPIEndpoint = in.LocalAPIEndpoint + if in.SkipPhases != nil { + in, out := &in.SkipPhases, &out.SkipPhases + *out = make([]string, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InitConfiguration. @@ -385,6 +390,11 @@ func (in *JoinConfiguration) DeepCopyInto(out *JoinConfiguration) { *out = new(JoinControlPlane) **out = **in } + if in.SkipPhases != nil { + in, out := &in.SkipPhases, &out.SkipPhases + *out = make([]string, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JoinConfiguration. diff --git a/controlplane/kubeadm/config/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanes.yaml b/controlplane/kubeadm/config/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanes.yaml index 86cf1c599f6d..8f93b32d78be 100644 --- a/controlplane/kubeadm/config/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanes.yaml +++ b/controlplane/kubeadm/config/crd/bases/controlplane.cluster.x-k8s.io_kubeadmcontrolplanes.yaml @@ -1772,9 +1772,6 @@ spec: Server to bind to. Defaults to 6443. format: int32 type: integer - required: - - advertiseAddress - - bindPort type: object nodeRegistration: description: NodeRegistration holds fields that relate to @@ -1882,9 +1879,6 @@ spec: API Server to bind to. Defaults to 6443. format: int32 type: integer - required: - - advertiseAddress - - bindPort type: object type: object discovery: @@ -1929,7 +1923,6 @@ spec: type: boolean required: - token - - unsafeSkipCAVerification type: object file: description: File is used to specify a file or URL to @@ -1948,13 +1941,12 @@ spec: description: Timeout modifies the discovery timeout type: string tlsBootstrapToken: - description: 'TLSBootstrapToken is a token used for TLS + description: TLSBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication - information TODO: revisit when there is defaulting from - k/k' + information type: string type: object kind: