From e05decd3a4a84539d955cb94549bb1f98580bda9 Mon Sep 17 00:00:00 2001 From: Rafael da Fonseca Date: Sat, 25 May 2024 08:46:50 +0100 Subject: [PATCH 1/6] Fix broken compatibility with latest kops-operator --- Makefile | 2 +- .../v1alpha1/zz_generated.deepcopy.go | 1 - api/ec2.aws/v1alpha2/zz_generated.deepcopy.go | 1 - cmd/main.go | 8 +- ...rastructure.wildlife.io_clustermeshes.yaml | 309 +- .../ec2.aws.wildlife.io_securitygroups.yaml | 251 +- go.mod | 77 +- go.sum | 189 +- .../kubernetes-kops-operator.yaml | 8086 +++++++++++++++-- 9 files changed, 7613 insertions(+), 1311 deletions(-) diff --git a/Makefile b/Makefile index 5742c95..65045b8 100644 --- a/Makefile +++ b/Makefile @@ -156,7 +156,7 @@ GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint ## Tool Versions KUSTOMIZE_VERSION ?= v5.0.1 -CONTROLLER_TOOLS_VERSION ?= v0.12.0 +CONTROLLER_TOOLS_VERSION ?= v0.14.0 GOLANGCI_LINT_VERSION ?= v1.53.3 .PHONY: kustomize diff --git a/api/clustermesh.infrastructure/v1alpha1/zz_generated.deepcopy.go b/api/clustermesh.infrastructure/v1alpha1/zz_generated.deepcopy.go index 113dec6..be5d430 100644 --- a/api/clustermesh.infrastructure/v1alpha1/zz_generated.deepcopy.go +++ b/api/clustermesh.infrastructure/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/api/ec2.aws/v1alpha2/zz_generated.deepcopy.go b/api/ec2.aws/v1alpha2/zz_generated.deepcopy.go index 017caa2..53d443d 100644 --- a/api/ec2.aws/v1alpha2/zz_generated.deepcopy.go +++ b/api/ec2.aws/v1alpha2/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/cmd/main.go b/cmd/main.go index 029861c..acf783e 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -34,6 +34,7 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/healthz" "sigs.k8s.io/controller-runtime/pkg/log/zap" + "sigs.k8s.io/controller-runtime/pkg/metrics/server" clustermeshv1alpha1 "github.com/topfreegames/kubernetes-crossplane-infrastructure-operator/api/clustermesh.infrastructure/v1alpha1" securitygroupv1alpha2 "github.com/topfreegames/kubernetes-crossplane-infrastructure-operator/api/ec2.aws/v1alpha2" @@ -80,9 +81,10 @@ func main() { ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts))) mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ - Scheme: scheme, - MetricsBindAddress: metricsAddr, - Port: 9443, + Scheme: scheme, + Metrics: server.Options{ + BindAddress: metricsAddr, + }, HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "1334ff7b.infrastructure.wildlife.io", diff --git a/config/crd/bases/clustermesh.infrastructure.wildlife.io_clustermeshes.yaml b/config/crd/bases/clustermesh.infrastructure.wildlife.io_clustermeshes.yaml index 734298e..264c77c 100644 --- a/config/crd/bases/clustermesh.infrastructure.wildlife.io_clustermeshes.yaml +++ b/config/crd/bases/clustermesh.infrastructure.wildlife.io_clustermeshes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: clustermeshes.clustermesh.infrastructure.wildlife.io spec: group: clustermesh.infrastructure.wildlife.io @@ -24,14 +24,19 @@ spec: description: ClusterMesh is the Schema for the clustermeshes API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -70,37 +75,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -110,189 +115,189 @@ spec: type: array crossplanePeeringRef: items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." + description: |- + ObjectReference contains enough information to let you inspect or modify the referred object. + --- + New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. + 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. + 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". + Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. + 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. + + + Instead of using this type, create a locally provided and used type that is well-focused on your reference. + For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic type: array crossplaneSecurityGroupRef: items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." + description: |- + ObjectReference contains enough information to let you inspect or modify the referred object. + --- + New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. + 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. + 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". + Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. + 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. + + + Instead of using this type, create a locally provided and used type that is well-focused on your reference. + For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic type: array routesRef: items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." + description: |- + ObjectReference contains enough information to let you inspect or modify the referred object. + --- + New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. + 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. + 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". + Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. + 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. + + + Instead of using this type, create a locally provided and used type that is well-focused on your reference. + For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crd/bases/ec2.aws.wildlife.io_securitygroups.yaml b/config/crd/bases/ec2.aws.wildlife.io_securitygroups.yaml index f92efb0..94c0ed8 100644 --- a/config/crd/bases/ec2.aws.wildlife.io_securitygroups.yaml +++ b/config/crd/bases/ec2.aws.wildlife.io_securitygroups.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.0 + controller-gen.kubebuilder.io/version: v0.14.0 name: securitygroups.ec2.aws.wildlife.io spec: group: ec2.aws.wildlife.io @@ -30,14 +30,19 @@ spec: description: SecurityGroup is the Schema for the securitygroups API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -48,63 +53,63 @@ spec: description: InfrastructureRef is a reference to a provider-specific resource. items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." + description: |- + ObjectReference contains enough information to let you inspect or modify the referred object. + --- + New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. + 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. + 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". + Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. + 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. + + + Instead of using this type, create a locally provided and used type that is well-focused on your reference. + For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -121,17 +126,20 @@ spec: type: string type: array fromPort: - description: The start of port range for the TCP and UDP protocols, - or an ICMP code. A value of -1 indicates all ICMP codes. + description: |- + The start of port range for the TCP and UDP protocols, or an ICMP code. + A value of -1 indicates all ICMP codes. format: int32 type: integer ipProtocol: - description: The IP protocol name (tcp, udp, icmp) or number - (see Protocol Numbers (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). + description: |- + The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers + (http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)). type: string toPort: - description: The end of port range for the TCP and UDP protocols, - or an ICMP code. A value of -1 indicates all ICMP codes. + description: |- + The end of port range for the TCP and UDP protocols, or an ICMP code. + A value of -1 indicates all ICMP codes. format: int32 type: integer type: object @@ -147,37 +155,37 @@ spec: operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about - the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -186,71 +194,72 @@ spec: type: object type: array failureMessage: - description: ErrorMessage indicates that there is a terminal problem - reconciling the state, and will be set to a descriptive error message. + description: |- + ErrorMessage indicates that there is a terminal problem reconciling the + state, and will be set to a descriptive error message. type: string infrastructureRef: - description: AppliedInfrastructureRef is the currently applied attachments - to machine pools. At the end of the reconciliation this field is - updated with the current references + description: |- + AppliedInfrastructureRef is the currently applied attachments to machine pools. At + the end of the reconciliation this field is updated with the current references items: - description: "ObjectReference contains enough information to let - you inspect or modify the referred object. --- New uses of this - type are discouraged because of difficulty describing its usage - when embedded in APIs. 1. Ignored fields. It includes many fields - which are not generally honored. For instance, ResourceVersion - and FieldPath are both very rarely valid in actual usage. 2. Invalid - usage help. It is impossible to add specific help for individual - usage. In most embedded usages, there are particular restrictions - like, \"must refer only to types A and B\" or \"UID not honored\" - or \"name must be restricted\". Those cannot be well described - when embedded. 3. Inconsistent validation. Because the usages - are different, the validation rules are different by usage, which - makes it hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency is - on the group,resource tuple and the version of the actual struct - is irrelevant. 5. We cannot easily change it. Because this type - is embedded in many locations, updates to this type will affect - numerous schemas. Don't make new APIs embed an underspecified - API type they do not control. \n Instead of using this type, create - a locally provided and used type that is well-focused on your - reference. For example, ServiceReferences for admission registration: - https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." + description: |- + ObjectReference contains enough information to let you inspect or modify the referred object. + --- + New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs. + 1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage. + 2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular + restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted". + Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen. + 4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity + during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple + and the version of the actual struct is irrelevant. + 5. We cannot easily change it. Because this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control. + + + Instead of using this type, create a locally provided and used type that is well-focused on your reference. + For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 . properties: apiVersion: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic diff --git a/go.mod b/go.mod index ed6ce68..208af2d 100644 --- a/go.mod +++ b/go.mod @@ -1,11 +1,13 @@ module github.com/topfreegames/kubernetes-crossplane-infrastructure-operator -go 1.19 +go 1.21 + +toolchain go1.22.0 replace k8s.io/code-generator => k8s.io/code-generator v0.21.0 require ( - github.com/aws/aws-sdk-go v1.44.298 + github.com/aws/aws-sdk-go v1.49.24 github.com/aws/aws-sdk-go-v2 v1.17.8 github.com/aws/aws-sdk-go-v2/config v1.11.1 github.com/aws/aws-sdk-go-v2/service/autoscaling v1.28.3 @@ -16,34 +18,35 @@ require ( github.com/google/go-cmp v0.5.9 github.com/hashicorp/go-multierror v1.1.1 github.com/onsi/ginkgo/v2 v2.11.0 - github.com/onsi/gomega v1.27.8 + github.com/onsi/gomega v1.27.10 github.com/pkg/errors v0.9.1 - github.com/topfreegames/kubernetes-kops-operator v0.7.1-alpha - go.uber.org/zap v1.24.0 - k8s.io/api v0.27.3 - k8s.io/apimachinery v0.27.3 - k8s.io/client-go v0.27.3 - k8s.io/kops v1.27.1 - k8s.io/kubectl v0.27.3 + github.com/topfreegames/kubernetes-kops-operator v0.11.0-rc + go.uber.org/zap v1.25.0 + k8s.io/api v0.28.1 + k8s.io/apimachinery v0.28.1 + k8s.io/client-go v0.28.1 + k8s.io/kops v1.28.4 + k8s.io/kubectl v0.28.1 sigs.k8s.io/cluster-api v1.5.0 - sigs.k8s.io/controller-runtime v0.15.1 + sigs.k8s.io/controller-runtime v0.16.1 ) require ( github.com/aws/karpenter-core v0.29.0 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/google/gnostic-models v0.6.8 // indirect github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect - github.com/google/s2a-go v0.1.4 // indirect + github.com/google/s2a-go v0.1.5 // indirect github.com/samber/lo v1.38.1 // indirect - golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 // indirect - golang.org/x/tools v0.9.3 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect + golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect + golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577 // indirect gopkg.in/ini.v1 v1.67.0 // indirect knative.dev/pkg v0.0.0-20230502134655-db8a35330281 // indirect ) require ( - cloud.google.com/go/compute v1.20.1 // indirect + cloud.google.com/go/compute v1.23.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect github.com/Azure/azure-pipeline-go v0.2.3 // indirect github.com/Azure/azure-storage-blob-go v0.15.0 // indirect @@ -76,12 +79,11 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gnostic v0.6.9 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/uuid v1.3.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect - github.com/googleapis/gax-go/v2 v2.11.0 // indirect - github.com/gophercloud/gophercloud v1.4.0 // indirect + github.com/google/uuid v1.3.1 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect + github.com/googleapis/gax-go/v2 v2.12.0 // indirect + github.com/gophercloud/gophercloud v1.6.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect @@ -94,38 +96,37 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/pkg/sftp v1.13.5 // indirect + github.com/pkg/sftp v1.13.6 // indirect github.com/prometheus/client_golang v1.16.0 // indirect github.com/prometheus/client_model v0.4.0 // indirect - github.com/prometheus/common v0.43.0 // indirect + github.com/prometheus/common v0.44.0 // indirect github.com/prometheus/procfs v0.10.1 // indirect github.com/spf13/afero v1.9.5 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/spotinst/spotinst-sdk-go v1.334.0 go.opencensus.io v0.24.0 // indirect - go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.11.0 // indirect - golang.org/x/net v0.12.0 // indirect - golang.org/x/oauth2 v0.10.0 // indirect - golang.org/x/sys v0.10.0 // indirect - golang.org/x/term v0.10.0 // indirect - golang.org/x/text v0.11.0 // indirect + golang.org/x/crypto v0.14.0 // indirect + golang.org/x/net v0.17.0 // indirect + golang.org/x/oauth2 v0.11.0 // indirect + golang.org/x/sys v0.13.0 // indirect + golang.org/x/term v0.13.0 // indirect + golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect - gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect - google.golang.org/api v0.128.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect + google.golang.org/api v0.138.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/grpc v1.56.0 // indirect + google.golang.org/grpc v1.57.0 // indirect google.golang.org/protobuf v1.31.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.27.2 // indirect - k8s.io/component-base v0.27.3 // indirect + k8s.io/apiextensions-apiserver v0.28.0 // indirect + k8s.io/component-base v0.28.1 // indirect k8s.io/klog/v2 v2.100.1 // indirect - k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 // indirect - k8s.io/utils v0.0.0-20230505201702-9f6742963106 + k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect + k8s.io/utils v0.0.0-20230726121419-3b25d923346b sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/go.sum b/go.sum index 72244a3..3f182e8 100644 --- a/go.sum +++ b/go.sum @@ -23,8 +23,8 @@ cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvf cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg= -cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY= +cloud.google.com/go/compute v1.23.0/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= @@ -49,6 +49,7 @@ github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.22 h1:/GblQdIudfEM3AWWZ0mrYJQSd7JS4S/Mbzh6F0ov0Xc= +github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= @@ -58,13 +59,13 @@ github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUM github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/Pallinder/go-randomdata v1.2.0 h1:DZ41wBchNRb/0GfsePLiSwb0PHZmT67XY00lCDlaYPg= +github.com/Pallinder/go-randomdata v1.2.0/go.mod h1:yHmJgulpD2Nfrm0cR9tI/+oAgRqCQQixsA8HyRZfV9Y= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-cidr v1.1.0 h1:2mAhrMoF+nhXqxTzSZMUzDHkLjmIHC+Zzn4tdgBZjnU= github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= -github.com/aws/aws-sdk-go v1.44.298 h1:5qTxdubgV7PptZJmp/2qDwD2JL187ePL7VOxsSh1i3g= -github.com/aws/aws-sdk-go v1.44.298/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.49.24 h1:2ekq9ZvaoB2aRbTDfARzgVGUBB9N8XD2QYhFmTBlp+c= +github.com/aws/aws-sdk-go v1.49.24/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aws/aws-sdk-go-v2 v1.11.2/go.mod h1:SQfA+m2ltnu1cA0soUkj4dRSsmITiVQUJvBIZjzfPyQ= github.com/aws/aws-sdk-go-v2 v1.17.8 h1:GMupCNNI7FARX27L7GjCJM8NgivWbRgpjNI/hOQjFS8= github.com/aws/aws-sdk-go-v2 v1.17.8/go.mod h1:uzbQtefpm44goOPmdKyAlXSNcwlRgF3ePWVW6EtJvvw= @@ -104,8 +105,9 @@ github.com/aws/karpenter-core v0.29.0/go.mod h1:BiPQ/eMeJ1rkfNWctOHmBxvabf8s9IFA github.com/aws/smithy-go v1.9.0/go.mod h1:SObp3lf9smib00L/v3U2eAKG8FyQ7iLrJnQiAmR5n+E= github.com/aws/smithy-go v1.13.5 h1:hgz0X/DX0dGqTYpGALqXJoRKRj5oQ7150i5FdTePzO8= github.com/aws/smithy-go v1.13.5/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= +github.com/benbjohnson/clock v1.3.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= @@ -113,9 +115,8 @@ github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnweb github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/blendle/zapdriver v1.3.1 h1:C3dydBOWYRiOk+B8X9IVZ5IOe+7cl+tGOexN4QqHfpE= -github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= +github.com/blendle/zapdriver v1.3.1/go.mod h1:mdXfREi6u5MArG4j9fewC+FGnXaBR+T4Ox4J2u4eHCc= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -127,7 +128,6 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= @@ -139,7 +139,6 @@ github.com/crossplane/crossplane-runtime v0.19.0-rc.0.0.20220930073209-84e629b95 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/emicklei/go-restful/v3 v3.10.2 h1:hIovbnmBTLjHXkqEBUz3HGpXZdM7ZrE9fJIZIqlJLqE= github.com/emicklei/go-restful/v3 v3.10.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -147,14 +146,12 @@ github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.m github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= -github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= @@ -182,6 +179,7 @@ github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnD github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= +github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -215,8 +213,8 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= -github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= +github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= +github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -251,21 +249,21 @@ github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= -github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= +github.com/google/s2a-go v0.1.5 h1:8IYp3w9nysqv3JH+NJgXJzGbDHzLOTj43BmSkp+O7qg= +github.com/google/s2a-go v0.1.5/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.2.4 h1:uGy6JWR/uMIILU8wbf+OkstIrNiMjGpEIyhx8f6W7s4= -github.com/googleapis/enterprise-certificate-proxy v0.2.4/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= +github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.2.5 h1:UR4rDjcgpgEnqpIEvkiqTYKBCKLNmlge2eVjoZfySzM= +github.com/googleapis/enterprise-certificate-proxy v0.2.5/go.mod h1:RxW0N9901Cko1VOCW3SXCpWP+mlIEkk2tP7jnHy9a3w= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4= -github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= +github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= +github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= -github.com/gophercloud/gophercloud v1.4.0 h1:RqEu43vaX0lb0LanZr5BylK5ICVxjpFFoc0sxivyuHU= -github.com/gophercloud/gophercloud v1.4.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= +github.com/gophercloud/gophercloud v1.6.0 h1:JwJN1bauRnWPba5ueWs9IluONHteXPWjjK+MvfM4krY= +github.com/gophercloud/gophercloud v1.6.0/go.mod h1:aAVqcocTSXh2vYFZ1JTvx4EQmfgzxRcNupUfxZbBNDM= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= @@ -294,9 +292,9 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/kr/fs v0.1.0 h1:Jskdu9ieNAYnjxsi0LbQp1ulIKZV1LAFgK1tWhpZgl8= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -317,14 +315,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU= github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= -github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= -github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= +github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= +github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pkg/sftp v1.13.5 h1:a3RLUqkyjYRtBTZJZ1VRrKbN3zhuPLlUc3sphVz81go= -github.com/pkg/sftp v1.13.5/go.mod h1:wHDZ0IZX6JcBYRK1TH9bcVq8G7TLpVHYIGJRFnmPfxg= +github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo= +github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= @@ -332,23 +330,22 @@ github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lF github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY= github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU= -github.com/prometheus/common v0.43.0 h1:iq+BVjvYLei5f27wiuNiB1DN6DYQkp1c8Bx0Vykh5us= -github.com/prometheus/common v0.43.0/go.mod h1:NCvr5cQIh3Y/gy73/RdVtC9r8xxrxwJnB+2lB3BxrFc= +github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY= +github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY= github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/samber/lo v1.38.1 h1:j2XEAqXKb09Am4ebOg31SpvzUTTs6EN3VfgeLUhPdXM= github.com/samber/lo v1.38.1/go.mod h1:+m/ZKRl6ClXCE2Lgf3MsQlWfh4bn1bz6CXEOxnEXnEA= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spotinst/spotinst-sdk-go v1.334.0 h1:CniPPiBwJWNIs9RA8S47P6KXT9Qm0BMsSl5viepTKaI= github.com/spotinst/spotinst-sdk-go v1.334.0/go.mod h1:C6mrT7+mqOgPyabacjyYTvilu8Xm96mvTvrZQhj99WI= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= @@ -362,11 +359,9 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/topfreegames/kubernetes-kops-operator v0.7.1-alpha h1:kBxCqiPX/9EcF3t5aEw1IPZsjiPIzRPl3pAJkjVBO6Y= -github.com/topfreegames/kubernetes-kops-operator v0.7.1-alpha/go.mod h1:r+lWywKXTOzaT92lzmqFQE69aksR4l3wjQPGrrgbYHg= -github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= -github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= -github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/topfreegames/kubernetes-kops-operator v0.11.0-rc h1:L4WaAXgb+FM+D+oVJnJgxutOiwWTbCS+1uhpIhLzTqA= +github.com/topfreegames/kubernetes-kops-operator v0.11.0-rc/go.mod h1:PnaRBjLXOYvuTRDZEBppcE0xLAVvz8NH/5gwi//SUIc= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -383,15 +378,15 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= -go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= +go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= +go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c= +go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -401,12 +396,12 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= +golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -417,8 +412,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 h1:k/i9J1pBpvlfR+9QsetwPyERsqu1GIbi967PQMq3Ivc= -golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1/go.mod h1:V1LtkGg67GoY2N1AnLN78QLrzxkLyJw7RJb1gzOOz9w= +golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= +golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -444,7 +439,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= +golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= +golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -480,13 +476,12 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210610132358-84b48f89b13b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220630215102-69896b714898/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -496,8 +491,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8= -golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= +golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= +golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -511,6 +506,7 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -549,32 +545,30 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= +golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -631,14 +625,14 @@ golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= -golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= +golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E= +golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gomodules.xyz/jsonpatch/v2 v2.3.0 h1:8NFhfS6gzxNqjLIYnZxg319wZ5Qjnx4m/CcX+Klzazc= -gomodules.xyz/jsonpatch/v2 v2.3.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= +gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -658,8 +652,8 @@ google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz513 google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= -google.golang.org/api v0.128.0 h1:RjPESny5CnQRn9V6siglged+DZCgfu9l6mO9dkX9VOg= -google.golang.org/api v0.128.0/go.mod h1:Y611qgqaE92On/7g65MQgxYul3c0rEB894kniWLY750= +google.golang.org/api v0.138.0 h1:K/tVp05MxNVbHShRw9m7e9VJGdagNeTdMzqPH7AUqr0= +google.golang.org/api v0.138.0/go.mod h1:4xyob8CxC+0GChNBvEUAk8VBKNvYOTWM9T3v3UfRxuY= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -705,11 +699,12 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao= -google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5 h1:L6iMMGrtzgHsWofoFcihmDEMYeDR9KN/ThbPWGrh++g= +google.golang.org/genproto v0.0.0-20230803162519-f966b187b2e5/go.mod h1:oH/ZOT02u4kWEp7oYBGYFFkCdKS/uYR9Z7+0/xuuFp8= +google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5 h1:nIgk/EEq3/YlnmVVXVnm14rC2oxgs1o0ong4sD/rd44= +google.golang.org/genproto/googleapis/api v0.0.0-20230803162519-f966b187b2e5/go.mod h1:5DZzOUPCLYL3mNkQ0ms0F3EuUNZ7py1Bqeq6sxzI7/Q= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577 h1:wukfNtZmZUurLN/atp2hiIeTKn7QJWIQdHzqmsOnAOk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230807174057-1744710a1577/go.mod h1:+Bk1OCOj40wS2hwAMA+aCW9ypzm63QTBBHp6lQ3p+9M= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -728,10 +723,9 @@ google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= -google.golang.org/grpc v1.56.0 h1:+y7Bs8rtMd07LeXmL3NxcTLn7mUkbKZqEpPhMNkwJEE= -google.golang.org/grpc v1.56.0/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/grpc v1.57.0 h1:kfzNeI/klCGD2YPMUlaGNT3pxvYfga7smW3Vth8Zsiw= +google.golang.org/grpc v1.57.0/go.mod h1:Sd+9RMTACXwmub0zcNY2c4arhtrbBYD1AUHI/dt16Mo= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -744,12 +738,10 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= @@ -764,7 +756,6 @@ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -774,26 +765,26 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y= -k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg= -k8s.io/apiextensions-apiserver v0.27.2 h1:iwhyoeS4xj9Y7v8YExhUwbVuBhMr3Q4bd/laClBV6Bo= -k8s.io/apiextensions-apiserver v0.27.2/go.mod h1:Oz9UdvGguL3ULgRdY9QMUzL2RZImotgxvGjdWRq6ZXQ= -k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM= -k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8= -k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48= -k8s.io/component-base v0.27.3 h1:g078YmdcdTfrCE4fFobt7qmVXwS8J/3cI1XxRi/2+6k= -k8s.io/component-base v0.27.3/go.mod h1:JNiKYcGImpQ44iwSYs6dysxzR9SxIIgQalk4HaCNVUY= +k8s.io/api v0.28.1 h1:i+0O8k2NPBCPYaMB+uCkseEbawEt/eFaiRqUx8aB108= +k8s.io/api v0.28.1/go.mod h1:uBYwID+66wiL28Kn2tBjBYQdEU0Xk0z5qF8bIBqk/Dg= +k8s.io/apiextensions-apiserver v0.28.0 h1:CszgmBL8CizEnj4sj7/PtLGey6Na3YgWyGCPONv7E9E= +k8s.io/apiextensions-apiserver v0.28.0/go.mod h1:uRdYiwIuu0SyqJKriKmqEN2jThIJPhVmOWETm8ud1VE= +k8s.io/apimachinery v0.28.1 h1:EJD40og3GizBSV3mkIoXQBsws32okPOy+MkRyzh6nPY= +k8s.io/apimachinery v0.28.1/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw= +k8s.io/client-go v0.28.1 h1:pRhMzB8HyLfVwpngWKE8hDcXRqifh1ga2Z/PU9SXVK8= +k8s.io/client-go v0.28.1/go.mod h1:pEZA3FqOsVkCc07pFVzK076R+P/eXqsgx5zuuRWukNE= +k8s.io/component-base v0.28.1 h1:LA4AujMlK2mr0tZbQDZkjWbdhTV5bRyEyAFe0TJxlWg= +k8s.io/component-base v0.28.1/go.mod h1:jI11OyhbX21Qtbav7JkhehyBsIRfnO8oEgoAR12ArIU= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kops v1.27.1 h1:BjQquF/f/HTKNRFKxeMjrPAT/c7abkANfuLxC4UFzdY= -k8s.io/kops v1.27.1/go.mod h1:24+1YwPVOElhPHla/J1dTfmqSbbEwCZmtfxcTujAgVI= -k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5 h1:azYPdzztXxPSa8wb+hksEKayiz0o+PPisO/d+QhWnoo= -k8s.io/kube-openapi v0.0.0-20230515203736-54b630e78af5/go.mod h1:kzo02I3kQ4BTtEfVLaPbjvCkX97YqGve33wzlb3fofQ= -k8s.io/kubectl v0.27.3 h1:HyC4o+8rCYheGDWrkcOQHGwDmyLKR5bxXFgpvF82BOw= -k8s.io/kubectl v0.27.3/go.mod h1:g9OQNCC2zxT+LT3FS09ZYqnDhlvsKAfFq76oyarBcq4= -k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU= -k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kops v1.28.4 h1:vMKtEmmSfv5SJc9yxoFA+o/gCzk6XGXRCJAOMoZdH8w= +k8s.io/kops v1.28.4/go.mod h1:qaPEwbWXvrbAO4si3nEyFiOZ2hlFC43kYf+wkQUh6q4= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ= +k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM= +k8s.io/kubectl v0.28.1 h1:jAq4yKEqQL+fwkWcEsUWxhJ7uIRcOYQraJxx4SyAMTY= +k8s.io/kubectl v0.28.1/go.mod h1:a0nk/lMMeKBulp0lMTJAKbkjZg1ykqfLfz/d6dnv1ak= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= +k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= knative.dev/pkg v0.0.0-20230502134655-db8a35330281 h1:9mN8O5XO68DKlkzEhFAShUx+O/I+TQR71vmTvYt8oF4= knative.dev/pkg v0.0.0-20230502134655-db8a35330281/go.mod h1:2qWPP9Gjh9Q7ETti+WRHnBnGCSCq+6q7m3p/nmUQviE= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= @@ -801,11 +792,11 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/cluster-api v1.5.0 h1:pwXvzScbAwnrB7EWHTApzW+VQfrj2OSrWAQDC9+bcbU= sigs.k8s.io/cluster-api v1.5.0/go.mod h1:ZSEP01t8oT6104gB4ljsOwwp5uJcI8SWy8IFp2HUvrc= -sigs.k8s.io/controller-runtime v0.15.1 h1:9UvgKD4ZJGcj24vefUFgZFP3xej/3igL9BsOUTb/+4c= -sigs.k8s.io/controller-runtime v0.15.1/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk= +sigs.k8s.io/controller-runtime v0.16.1 h1:+15lzrmHsE0s2kNl0Dl8cTchI5Cs8qofo5PGcPrV9z0= +sigs.k8s.io/controller-runtime v0.16.1/go.mod h1:vpMu3LpI5sYWtujJOa2uPK61nB5rbwlN7BAB8aSLvGU= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= +sigs.k8s.io/structured-merge-diff/v4 v4.3.0 h1:UZbZAZfX0wV2zr7YZorDz6GXROfDFj6LvqCRm4VUVKk= +sigs.k8s.io/structured-merge-diff/v4 v4.3.0/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/hack/assets/dependencies/kubernetes-kops-operator.yaml b/hack/assets/dependencies/kubernetes-kops-operator.yaml index 6fff2e7..83850cb 100644 --- a/hack/assets/dependencies/kubernetes-kops-operator.yaml +++ b/hack/assets/dependencies/kubernetes-kops-operator.yaml @@ -1,19 +1,29 @@ -apiVersion: v1 +apiVersion: v1 kind: Namespace -metadata: - labels: +metadata: + labels: control-plane: controller-manager name: kubernetes-kops-operator-system ---- +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.14.0 labels: cluster.x-k8s.io/v1beta1: v1alpha1 name: kopscontrolplanes.controlplane.cluster.x-k8s.io spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook-service + namespace: system + path: /convert + conversionReviewVersions: + - v1 group: controlplane.cluster.x-k8s.io names: kind: KopsControlPlane @@ -34,16 +44,26 @@ spec: - jsonPath: .spec.controllerClass name: ControllerClass type: string + deprecated: true name: v1alpha1 schema: openAPIV3Schema: description: KopsControlPlane is the Schema for the kopscontrolplanes API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -252,29 +272,45 @@ spec: oidc: properties: clientID: - description: ClientID is the client ID for the OpenID Connect client. Must be set if issuerURL is set. + description: |- + ClientID is the client ID for the OpenID Connect client. Must be set + if issuerURL is set. type: string groupsClaims: - description: GroupsClaims are the names of the custom OpenID Connect claims for specifying user groups (optional). + description: |- + GroupsClaims are the names of the custom OpenID Connect claims for + specifying user groups (optional). items: type: string type: array groupsPrefix: - description: GroupsPrefix is the prefix prepended to group claims to prevent clashes with existing names (such as 'system:' groups). + description: |- + GroupsPrefix is the prefix prepended to group claims to prevent + clashes with existing names (such as 'system:' groups). type: string issuerURL: - description: IssuerURL is the URL of the OpenID issuer. Only the HTTPS scheme will be accepted. If set, will be used to verify the OIDC JSON Web Token (JWT). + description: |- + IssuerURL is the URL of the OpenID issuer. Only the HTTPS scheme will + be accepted. + If set, will be used to verify the OIDC JSON Web Token (JWT). type: string requiredClaims: additionalProperties: type: string - description: RequiredClaims are key/value pairs that describe required claims in the ID Token. If set, the claims are verified to be present in the ID Token with corresponding values. + description: |- + RequiredClaims are key/value pairs that describe required claims in the ID Token. + If set, the claims are verified to be present in the ID Token with corresponding values. type: object usernameClaim: - description: UsernameClaim is the OpenID claim to use as the username. Note that claims other than the default ('sub') are not guaranteed to be unique and immutable. + description: |- + UsernameClaim is the OpenID claim to use as the username. + Note that claims other than the default ('sub') are not guaranteed to be + unique and immutable. type: string usernamePrefix: - description: UsernamePrefix is the prefix prepended to username claims to prevent clashes with existing names (such as 'system:' users). + description: |- + UsernamePrefix is the prefix prepended to username claims to prevent + clashes with existing names (such as 'system:' users). type: string type: object type: object @@ -290,10 +326,14 @@ spec: description: CertManager determines the metrics server configuration. properties: defaultIssuer: - description: 'defaultIssuer sets a default clusterIssuer Default: none' + description: |- + defaultIssuer sets a default clusterIssuer + Default: none type: string enabled: - description: 'Enabled enables the cert manager. Default: false' + description: |- + Enabled enables the cert manager. + Default: false type: boolean hostedZoneIDs: description: HostedZoneIDs is a list of route53 hostedzone IDs that cert-manager will be allowed to do dns-01 validation for @@ -301,13 +341,19 @@ spec: type: string type: array image: - description: 'Image is the docker container used. Default: the latest supported image for the specified kubernetes version.' + description: |- + Image is the docker container used. + Default: the latest supported image for the specified kubernetes version. type: string managed: - description: Managed controls if cert-manager is manged and deployed by kOps. The deployment of cert-manager is skipped if this is set to false. + description: |- + Managed controls if cert-manager is manged and deployed by kOps. + The deployment of cert-manager is skipped if this is set to false. type: boolean nameservers: - description: 'nameservers is a list of nameserver IP addresses to use instead of the pod defaults. Default: none' + description: |- + nameservers is a list of nameserver IP addresses to use instead of the pod defaults. + Default: none items: type: string type: array @@ -319,14 +365,18 @@ spec: description: CloudConfiguration defines the cloud provider configuration properties: manageStorageClasses: - description: ManageStorageClasses specifies whether kOps should create and maintain a set of StorageClasses, one of which it nominates as the default class for the cluster. + description: |- + ManageStorageClasses specifies whether kOps should create and maintain a set of + StorageClasses, one of which it nominates as the default class for the cluster. type: boolean type: object cloudControllerManager: description: CloudControllerManagerConfig is the configuration of the cloud controller properties: allocateNodeCIDRs: - description: AllocateNodeCIDRs enables CIDRs for Pods to be allocated and, if ConfigureCloudRoutes is true, to be set on the cloud provider. + description: |- + AllocateNodeCIDRs enables CIDRs for Pods to be allocated and, if + ConfigureCloudRoutes is true, to be set on the cloud provider. type: boolean allowUntaggedCloud: description: Allow the cluster to run without the cluster-id on cloud instances @@ -355,7 +405,9 @@ spec: anyOf: - type: integer - type: string - description: 'CPURequest of NodeTerminationHandler container. Default: 200m' + description: |- + CPURequest of NodeTerminationHandler container. + Default: 200m pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true enableLeaderMigration: @@ -368,16 +420,27 @@ spec: description: LeaderElection defines the configuration of leader election client. properties: leaderElect: - description: leaderElect enables a leader election client to gain leadership before executing the main loop. Enable this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaderElectLeaseDuration: - description: leaderElectLeaseDuration is the length in time non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate + description: |- + leaderElectLeaseDuration is the length in time non-leader candidates + will wait after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced by another candidate type: string leaderElectRenewDeadlineDuration: - description: LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. + description: |- + LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. type: string leaderElectResourceLock: - description: LeaderElectResourceLock is the type of resource object that is used for locking during leader election. Supported options are endpoints (default) and `configmaps`. + description: |- + LeaderElectResourceLock is the type of resource object that is used for locking during + leader election. Supported options are endpoints (default) and `configmaps`. type: string leaderElectResourceName: description: LeaderElectResourceName is the name of resource object that is used for locking during leader election. @@ -386,7 +449,9 @@ spec: description: LeaderElectResourceNamespace is the namespace of resource object that is used for locking during leader election. type: string leaderElectRetryPeriod: - description: LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. + description: |- + LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition + and renewal of a leadership. This is only applicable if leader election is enabled. type: string type: object logLevel: @@ -418,46 +483,71 @@ spec: description: BinariesLocation is the location of the AWS cloud provider binaries. type: string disableSecurityGroupIngress: - description: DisableSecurityGroupIngress disables the Cloud Controller Manager's creation of an AWS Security Group for each load balancer provisioned for a Service. + description: |- + DisableSecurityGroupIngress disables the Cloud Controller Manager's creation + of an AWS Security Group for each load balancer provisioned for a Service. type: boolean ebsCSIDriver: description: EBSCSIDriverSpec is the config for the EBS CSI driver. properties: enabled: - description: 'Enabled enables the AWS EBS CSI driver Default: false' + description: |- + Enabled enables the AWS EBS CSI driver + Default: false type: boolean managed: - description: Managed controls if aws-ebs-csi-driver is manged and deployed by kOps. The deployment of aws-ebs-csi-driver is skipped if this is set to false. + description: |- + Managed controls if aws-ebs-csi-driver is manged and deployed by kOps. + The deployment of aws-ebs-csi-driver is skipped if this is set to false. type: boolean podAnnotations: additionalProperties: type: string - description: 'PodAnnotations are the annotations added to AWS EBS CSI node and controller Pods. Default: none' + description: |- + PodAnnotations are the annotations added to AWS EBS CSI node and controller Pods. + Default: none type: object version: - description: 'Version is the container image tag used. Default: The latest stable release which is compatible with your Kubernetes version' + description: |- + Version is the container image tag used. + Default: The latest stable release which is compatible with your Kubernetes version type: string volumeAttachLimit: - description: 'VolumeAttachLimit is the maximum number of volumes attachable per node. If specified, the limit applies to all nodes. If not specified, the value is approximated from the instance type. Default: -' + description: |- + VolumeAttachLimit is the maximum number of volumes attachable per node. + If specified, the limit applies to all nodes. + If not specified, the value is approximated from the instance type. + Default: - type: integer type: object elbSecurityGroup: - description: ElbSecurityGroup specifies an existing AWS Security group for the Cloud Controller Manager to assign to each ELB provisioned for a Service, instead of creating one per ELB. + description: |- + ElbSecurityGroup specifies an existing AWS Security group for the Cloud Controller + Manager to assign to each ELB provisioned for a Service, instead of creating + one per ELB. type: string loadBalancerController: description: LoadbalancerController determines the Load Balancer Controller configuration. properties: enableShield: - description: 'EnableShield specifies whether the controller can enable Shield Advanced. Default: false' + description: |- + EnableShield specifies whether the controller can enable Shield Advanced. + Default: false type: boolean enableWAF: - description: 'EnableWAF specifies whether the controller can use WAFs (Classic Regional). Default: false' + description: |- + EnableWAF specifies whether the controller can use WAFs (Classic Regional). + Default: false type: boolean enableWAFv2: - description: 'EnableWAFv2 specifies whether the controller can use WAFs (V2). Default: false' + description: |- + EnableWAFv2 specifies whether the controller can use WAFs (V2). + Default: false type: boolean enabled: - description: 'Enabled enables the loadbalancer controller. Default: false' + description: |- + Enabled enables the loadbalancer controller. + Default: false type: boolean version: description: Version is the container image tag used. @@ -475,42 +565,68 @@ spec: anyOf: - type: integer - type: string - description: 'CPURequest of NodeTerminationHandler container. Default: 50m' + description: |- + CPURequest of NodeTerminationHandler container. + Default: 50m pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true enableRebalanceDraining: - description: 'EnableRebalanceDraining makes node termination handler drain nodes when the rebalance recommendation notice is received. Default: false' + description: |- + EnableRebalanceDraining makes node termination handler drain nodes when the rebalance recommendation notice is received. + Default: false type: boolean enableRebalanceMonitoring: - description: 'EnableRebalanceMonitoring makes node termination handler cordon nodes when the rebalance recommendation notice is received. In queue-processor mode, cannot be enabled without rebalance draining. Default: false' + description: |- + EnableRebalanceMonitoring makes node termination handler cordon nodes when the rebalance recommendation notice is received. + In queue-processor mode, cannot be enabled without rebalance draining. + Default: false type: boolean enableSQSTerminationDraining: - description: 'EnableSQSTerminationDraining enables queue-processor mode which drains nodes when an SQS termination event is received. Default: true' + description: |- + EnableSQSTerminationDraining enables queue-processor mode which drains nodes when an SQS termination event is received. + Default: true type: boolean enableScheduledEventDraining: - description: 'EnableScheduledEventDraining makes node termination handler drain nodes before the maintenance window starts for an EC2 instance scheduled event. Cannot be disabled in queue-processor mode. Default: true' + description: |- + EnableScheduledEventDraining makes node termination handler drain nodes before the maintenance window starts for an EC2 instance scheduled event. + Cannot be disabled in queue-processor mode. + Default: true type: boolean enableSpotInterruptionDraining: - description: 'EnableSpotInterruptionDraining makes node termination handler drain nodes when spot interruption termination notice is received. Cannot be disabled in queue-processor mode. Default: true' + description: |- + EnableSpotInterruptionDraining makes node termination handler drain nodes when spot interruption termination notice is received. + Cannot be disabled in queue-processor mode. + Default: true type: boolean enabled: - description: 'Enabled enables the node termination handler. Default: true' + description: |- + Enabled enables the node termination handler. + Default: true type: boolean excludeFromLoadBalancers: - description: 'ExcludeFromLoadBalancers makes node termination handler will mark for exclusion from load balancers before node are cordoned. Default: true' + description: |- + ExcludeFromLoadBalancers makes node termination handler will mark for exclusion from load balancers before node are cordoned. + Default: true type: boolean managedASGTag: - description: ManagedASGTag is the tag used to determine which nodes NTH can take action on This field has kept its name even though it now maps to the --managed-tag flag due to keeping the API stable. Node termination handler does no longer check the ASG for this tag, but the actual EC2 instances. + description: |- + ManagedASGTag is the tag used to determine which nodes NTH can take action on + This field has kept its name even though it now maps to the --managed-tag flag due to keeping the API stable. + Node termination handler does no longer check the ASG for this tag, but the actual EC2 instances. type: string memoryRequest: anyOf: - type: integer - type: string - description: 'MemoryRequest of NodeTerminationHandler container. Default: 64Mi' + description: |- + MemoryRequest of NodeTerminationHandler container. + Default: 64Mi pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true prometheusEnable: - description: 'EnablePrometheusMetrics enables the "/metrics" endpoint. Default: false' + description: |- + EnablePrometheusMetrics enables the "/metrics" endpoint. + Default: false type: boolean version: description: Version is the container image tag used. @@ -533,10 +649,16 @@ spec: description: WarmPool defines the default warm pool settings for instance groups. properties: enableLifecycleHook: - description: EnableLifecyleHook determines if an ASG lifecycle hook will be added ensuring that nodeup runs to completion. Note that the metadata API must be protected from arbitrary Pods when this is enabled. + description: |- + EnableLifecyleHook determines if an ASG lifecycle hook will be added ensuring that nodeup runs to completion. + Note that the metadata API must be protected from arbitrary Pods when this is enabled. type: boolean maxSize: - description: MaxSize is the maximum size of the warm pool. The desired size of the instance group is subtracted from this number to determine the desired size of the warm pool (unless the resulting number is smaller than MinSize). The default is the instance group's MaxSize. + description: |- + MaxSize is the maximum size of the warm pool. The desired size of the instance group + is subtracted from this number to determine the desired size of the warm pool + (unless the resulting number is smaller than MinSize). + The default is the instance group's MaxSize. format: int64 type: integer minSize: @@ -552,7 +674,14 @@ spec: description: AdminUser specifies the admin user of VMs. type: string resourceGroupName: - description: ResourceGroupName specifies the name of the resource group where the cluster is built. If this is empty, kops will create a new resource group whose name is same as the cluster name. If this is not empty, kops will not create a new resource group, and it will just reuse the existing resource group of the name. This follows the model that kops takes for AWS VPC. + description: |- + ResourceGroupName specifies the name of the resource group + where the cluster is built. + If this is empty, kops will create a new resource group + whose name is same as the cluster name. If this is not + empty, kops will not create a new resource group, and + it will just reuse the existing resource group of the name. + This follows the model that kops takes for AWS VPC. type: string routeTableName: description: RouteTableName is the name of the route table attached to the subnet that the cluster is deployed in. @@ -711,42 +840,65 @@ spec: description: ClusterAutoscaler defines the cluster autoscaler configuration. properties: awsUseStaticInstanceList: - description: 'AWSUseStaticInstanceList makes cluster autoscaler to use statically defined set of AWS EC2 Instance List. Default: false' + description: |- + AWSUseStaticInstanceList makes cluster autoscaler to use statically defined set of AWS EC2 Instance List. + Default: false type: boolean balanceSimilarNodeGroups: - description: 'BalanceSimilarNodeGroups makes the cluster autoscaler treat similar node groups as one. Default: false' + description: |- + BalanceSimilarNodeGroups makes the cluster autoscaler treat similar node groups as one. + Default: false type: boolean cordonNodeBeforeTerminating: - description: 'CordonNodeBeforeTerminating should CA cordon nodes before terminating during downscale process Default: false' + description: |- + CordonNodeBeforeTerminating should CA cordon nodes before terminating during downscale process + Default: false type: boolean cpuRequest: anyOf: - type: integer - type: string - description: 'CPURequest of cluster autoscaler container. Default: 100m' + description: |- + CPURequest of cluster autoscaler container. + Default: 100m pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true createPriorityExpanderConfig: - description: 'CreatePriorityExpenderConfig makes kOps create the priority-expander ConfigMap Default: true' + description: |- + CreatePriorityExpenderConfig makes kOps create the priority-expander ConfigMap + Default: true type: boolean customPriorityExpanderConfig: additionalProperties: items: type: string type: array - description: CustomPriorityExpanderConfig overides the priority-expander ConfigMap with the provided configuration. Any InstanceGroup configuration will be ignored if this is set. This could be useful in order to use regex on priorities configuration + description: |- + CustomPriorityExpanderConfig overides the priority-expander ConfigMap with the provided configuration. Any InstanceGroup configuration will be ignored if this is set. + This could be useful in order to use regex on priorities configuration type: object enabled: - description: 'Enabled enables the cluster autoscaler. Default: false' + description: |- + Enabled enables the cluster autoscaler. + Default: false type: boolean expander: - description: 'Expander determines the strategy for which instance group gets expanded. Supported values: least-waste, most-pods, random, price, priority. The price expander is only supported on GCE. By default, kOps will generate the priority expander ConfigMap based on the `autoscale` and `autoscalePriority` fields in the InstanceGroup specs. Default: least-waste' + description: |- + Expander determines the strategy for which instance group gets expanded. + Supported values: least-waste, most-pods, random, price, priority. + The price expander is only supported on GCE. + By default, kOps will generate the priority expander ConfigMap based on the `autoscale` and `autoscalePriority` fields in the InstanceGroup specs. + Default: least-waste type: string ignoreDaemonSetsUtilization: - description: 'IgnoreDaemonSetsUtilization causes the cluster autoscaler to ignore DaemonSet-managed pods when calculating resource utilization for scaling down. Default: false' + description: |- + IgnoreDaemonSetsUtilization causes the cluster autoscaler to ignore DaemonSet-managed pods when calculating resource utilization for scaling down. + Default: false type: boolean image: - description: 'Image is the docker container used. Default: the latest supported image for the specified kubernetes version.' + description: |- + Image is the docker container used. + Default: the latest supported image for the specified kubernetes version. type: string maxNodeProvisionTime: description: MaxNodeProvisionTime determines how long CAS will wait for a node to join the cluster. @@ -755,45 +907,74 @@ spec: anyOf: - type: integer - type: string - description: 'MemoryRequest of cluster autoscaler container. Default: 300Mi' + description: |- + MemoryRequest of cluster autoscaler container. + Default: 300Mi pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true newPodScaleUpDelay: - description: 'NewPodScaleUpDelay causes the cluster autoscaler to ignore unschedulable pods until they are a certain "age", regardless of the scan-interval Default: 0s' + description: |- + NewPodScaleUpDelay causes the cluster autoscaler to ignore unschedulable pods until they are a certain "age", regardless of the scan-interval + Default: 0s type: string podAnnotations: additionalProperties: type: string - description: 'PodAnnotations are the annotations added to cluster autoscaler pods when they are created. Default: none' + description: |- + PodAnnotations are the annotations added to cluster autoscaler pods when they are created. + Default: none type: object scaleDownDelayAfterAdd: - description: 'ScaleDownDelayAfterAdd determines the time after scale up that scale down evaluation resumes Default: 10m0s' + description: |- + ScaleDownDelayAfterAdd determines the time after scale up that scale down evaluation resumes + Default: 10m0s type: string scaleDownUnneededTime: - description: 'scaleDownUnneededTime determines the time a node should be unneeded before it is eligible for scale down Default: 10m0s' + description: |- + scaleDownUnneededTime determines the time a node should be unneeded before it is eligible for scale down + Default: 10m0s type: string scaleDownUnreadyTime: - description: 'ScaleDownUnreadyTime determines the time an unready node should be unneeded before it is eligible for scale down Default: 20m0s' + description: |- + ScaleDownUnreadyTime determines the time an unready node should be unneeded before it is eligible for scale down + Default: 20m0s type: string scaleDownUtilizationThreshold: - description: 'ScaleDownUtilizationThreshold determines the utilization threshold for node scale-down. Default: 0.5' + description: |- + ScaleDownUtilizationThreshold determines the utilization threshold for node scale-down. + Default: 0.5 type: string skipNodesWithLocalStorage: - description: 'SkipNodesWithLocalStorage makes the cluster autoscaler skip scale-down of nodes with local storage. Default: true' + description: |- + SkipNodesWithLocalStorage makes the cluster autoscaler skip scale-down of nodes with local storage. + Default: true type: boolean skipNodesWithSystemPods: - description: 'SkipNodesWithSystemPods makes the cluster autoscaler skip scale-down of nodes with non-DaemonSet pods in the kube-system namespace. Default: true' + description: |- + SkipNodesWithSystemPods makes the cluster autoscaler skip scale-down of nodes with non-DaemonSet pods in the kube-system namespace. + Default: true type: boolean type: object clusterDNSDomain: description: ClusterDNSDomain is the suffix we use for internal DNS names (normally cluster.local) type: string - configBase: - description: ConfigBase is the path where we store configuration for the cluster This might be different than the location where the cluster spec itself is stored, both because this must be accessible to the cluster, and because it might be on a different cloud or storage system (etcd vs S3) - type: string configStore: - description: ConfigStore is the VFS path to where the configuration (Cluster, InstanceGroups etc) is stored - type: string + description: ConfigStore configures the stores that nodes use to get their configuration. + properties: + base: + description: |- + Base is the VFS path where we store configuration for the cluster + This might be different than the location where the cluster spec itself is stored, + both because this must be accessible to the cluster, + and because it might be on a different cloud or storage system (etcd vs S3). + type: string + keypairs: + description: Keypairs is the VFS path to where certificates and corresponding private keys are stored. + type: string + secrets: + description: Secrets is the VFS path to where secrets are stored. + type: string + type: object containerRuntime: description: Container runtime to use for Kubernetes type: string @@ -820,10 +1001,14 @@ spec: type: boolean type: object enabled: - description: Enabled determines if kOps will install the Nvidia GPU runtime and drivers. They will only be installed on intances that has an Nvidia GPU. + description: |- + Enabled determines if kOps will install the Nvidia GPU runtime and drivers. + They will only be installed on intances that has an Nvidia GPU. type: boolean package: - description: Package is the name of the nvidia driver package that will be installed. Default is "nvidia-headless-510-server". + description: |- + Package is the name of the nvidia driver package that will be installed. + Default is "nvidia-headless-510-server". type: string type: object packages: @@ -875,6 +1060,9 @@ spec: description: Version used to pick the runc package. type: string type: object + selinuxEnabled: + description: SelinuxEnabled enables SELinux support + type: boolean skipInstall: description: SkipInstall prevents kOps from installing and modifying containerd in any way (default "false"). type: boolean @@ -886,7 +1074,9 @@ spec: type: string type: object controlPlaneKubelet: - description: ControlPlaneKubelet is the kubelet configuration for nodes belonging to the control plane It can be overridden by the kubelet configuration specified in the instance group. + description: |- + ControlPlaneKubelet is the kubelet configuration for nodes belonging to the control plane + It can be overridden by the kubelet configuration specified in the instance group. properties: allowPrivileged: description: AllowPrivileged enables containers to request privileged mode (defaults to false) @@ -1000,7 +1190,9 @@ spec: description: ExperimentalAllocatableIgnoreEviction enables ignoring Hard Eviction Thresholds while calculating Node Allocatable type: boolean experimentalAllowedUnsafeSysctls: - description: ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 + description: |- + ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls + Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 items: type: string type: array @@ -1013,7 +1205,16 @@ spec: description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. type: object hairpinMode: - description: 'How should the kubelet configure the container bridge for hairpin packets. Setting this flag allows endpoints in a Service to loadbalance back to themselves if they should try to access their own Service. Values: "promiscuous-bridge": make the container bridge promiscuous. "hairpin-veth": set the hairpin flag on container veth interfaces. "none": do nothing. Setting --configure-cbr0 to false implies that to achieve hairpin NAT one must set --hairpin-mode=veth-flag, because bridge assumes the existence of a container bridge named cbr0.' + description: |- + How should the kubelet configure the container bridge for hairpin packets. + Setting this flag allows endpoints in a Service to loadbalance back to + themselves if they should try to access their own Service. Values: + "promiscuous-bridge": make the container bridge promiscuous. + "hairpin-veth": set the hairpin flag on container veth interfaces. + "none": do nothing. + Setting --configure-cbr0 to false implies that to achieve hairpin NAT + one must set --hairpin-mode=veth-flag, because bridge assumes the + existence of a container bridge named cbr0. type: string hostnameOverride: description: HostnameOverride is the hostname used to identify the kubelet instead of the actual hostname. @@ -1022,15 +1223,22 @@ spec: description: HousekeepingInterval allows to specify interval between container housekeepings. type: string imageGCHighThresholdPercent: - description: ImageGCHighThresholdPercent is the percent of disk usage after which image garbage collection is always run. + description: |- + ImageGCHighThresholdPercent is the percent of disk usage after which + image garbage collection is always run. format: int32 type: integer imageGCLowThresholdPercent: - description: ImageGCLowThresholdPercent is the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. + description: |- + ImageGCLowThresholdPercent is the percent of disk usage before which + image garbage collection is never run. Lowest disk usage to garbage + collect to. format: int32 type: integer imagePullProgressDeadline: - description: ImagePullProgressDeadline is the timeout for image pulls If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) + description: |- + ImagePullProgressDeadline is the timeout for image pulls + If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) type: string kernelMemcgNotification: description: Integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling. @@ -1050,7 +1258,10 @@ spec: description: KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. type: string logFormat: - description: 'LogFormat is the logging format of the kubelet. Supported values: text, json. Default: text' + description: |- + LogFormat is the logging format of the kubelet. + Supported values: text, json. + Default: text type: string logLevel: description: LogLevel is the logging level of the kubelet @@ -1061,10 +1272,15 @@ spec: format: int32 type: integer memorySwapBehavior: - description: 'MemorySwapBehavior defines how swap is used by container workloads. Supported values: LimitedSwap, "UnlimitedSwap.' + description: |- + MemorySwapBehavior defines how swap is used by container workloads. + Supported values: LimitedSwap, "UnlimitedSwap. type: string networkPluginMTU: - description: NetworkPluginMTU is the MTU to be passed to the network plugin, and overrides the default MTU for cases where it cannot be automatically computed (such as IPSEC). + description: |- + NetworkPluginMTU is the MTU to be passed to the network plugin, + and overrides the default MTU for cases where it cannot be automatically + computed (such as IPSEC). format: int32 type: integer networkPluginName: @@ -1076,7 +1292,9 @@ spec: description: NodeLabels to add when registering the node in the cluster. type: object nodeStatusUpdateFrequency: - description: NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. + description: |- + NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) + must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. type: string nonMasqueradeCIDR: description: 'NonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.' @@ -1086,7 +1304,9 @@ spec: format: int32 type: integer podCIDR: - description: PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. In cluster mode, this is obtained from the master. + description: |- + PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. + In cluster mode, this is obtained from the master. type: string podInfraContainerImage: description: PodInfraContainerImage is the image whose network/ipc containers in each pod will use. @@ -1099,14 +1319,18 @@ spec: format: int64 type: integer protectKernelDefaults: - description: 'Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. (DEPRECATED: This parameter should be set via the config file specified by the Kubelet''s --config flag.' + description: |- + Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. + (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. type: boolean readOnlyPort: description: ReadOnlyPort is the port used by the kubelet api for read-only access (default 10255) format: int32 type: integer reconcileCIDR: - description: ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the API server. No-op if register-node or configure-cbr0 is false. + description: |- + ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the + API server. No-op if register-node or configure-cbr0 is false. type: boolean registerNode: description: RegisterNode enables automatic registration with the apiserver. @@ -1140,23 +1364,37 @@ spec: runtimeRequestTimeout: description: RuntimeRequestTimeout is timeout for runtime requests on - pull, logs, exec and attach type: string + seccompDefault: + description: SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. + type: boolean seccompProfileRoot: description: SeccompProfileRoot is the directory path for seccomp profiles. type: string serializeImagePulls: - description: '// SerializeImagePulls when enabled, tells the Kubelet to pull images one // at a time. We recommend *not* changing the default value on nodes that // run docker daemon with version < 1.9 or an Aufs storage backend. // Issue #10959 has more details.' + description: |- + // SerializeImagePulls when enabled, tells the Kubelet to pull images one + // at a time. We recommend *not* changing the default value on nodes that + // run docker daemon with version < 1.9 or an Aufs storage backend. + // Issue #10959 has more details. type: boolean shutdownGracePeriod: - description: 'ShutdownGracePeriod specifies the total duration that the node should delay the shutdown by. Default: 30s' + description: |- + ShutdownGracePeriod specifies the total duration that the node should delay the shutdown by. + Default: 30s type: string shutdownGracePeriodCriticalPods: - description: 'ShutdownGracePeriodCriticalPods specifies the duration used to terminate critical pods during a node shutdown. Default: 10s' + description: |- + ShutdownGracePeriodCriticalPods specifies the duration used to terminate critical pods during a node shutdown. + Default: 10s type: string streamingConnectionIdleTimeout: description: StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed type: string systemCgroups: - description: SystemCgroups is absolute name of cgroups in which to place all non-kernel processes that are not already in a container. Empty for no container. Rolling back the flag requires a reboot. + description: |- + SystemCgroups is absolute name of cgroups in which to place + all non-kernel processes that are not already in a container. Empty + for no container. Rolling back the flag requires a reboot. type: string systemReserved: additionalProperties: @@ -1219,7 +1457,13 @@ spec: type: string type: object dnsZone: - description: DNSZone is the DNS zone we should use when configuring DNS This is because some clouds let us define a managed zone foo.bar, and then have kubernetes.dev.foo.bar, without needing to define dev.foo.bar as a hosted zone. DNSZone will probably be a suffix of the MasterPublicName. Note that DNSZone can either by the host name of the zone (containing dots), or can be an identifier for the zone. + description: |- + DNSZone is the DNS zone we should use when configuring DNS + This is because some clouds let us define a managed zone foo.bar, and then have + kubernetes.dev.foo.bar, without needing to define dev.foo.bar as a hosted zone. + DNSZone will probably be a suffix of the MasterPublicName. + Note that DNSZone can either by the host name of the zone (containing dots), + or can be an identifier for the zone. type: string docker: description: DockerConfig is the configuration for docker @@ -1446,7 +1690,11 @@ spec: description: DiscoveryPollInterval which is used for discovering other cluster members. The default is 60 seconds. type: string env: - description: Env allows users to pass in env variables to the etcd-manager container. Variables starting with ETCD_ will be further passed down to the etcd process. This allows etcd setting to be overwriten. No config validation is done. A list of etcd config ENV vars can be found at https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/configuration.md + description: |- + Env allows users to pass in env variables to the etcd-manager container. + Variables starting with ETCD_ will be further passed down to the etcd process. + This allows etcd setting to be overwriten. No config validation is done. + A list of etcd config ENV vars can be found at https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/configuration.md items: description: EnvVar represents an environment variable present in a Container. properties: @@ -1454,7 +1702,15 @@ spec: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string required: - name @@ -1463,8 +1719,15 @@ spec: image: description: Image is the etcd manager image to use. type: string + listenMetricsURLs: + description: ListenMetricsURLs is the list of URLs to listen on that will respond to both the /metrics and /health endpoints + items: + type: string + type: array logLevel: - description: LogLevel allows the klog library verbose log level to be set for etcd-manager. The default is 6. https://github.com/google/glog#verbose-logging + description: |- + LogLevel allows the klog library verbose log level to be set for etcd-manager. The default is 6. + https://github.com/google/glog#verbose-logging format: int32 type: integer type: object @@ -1479,7 +1742,9 @@ spec: description: Name is the name of the etcd cluster (main, events etc) type: string provider: - description: 'Provider is the provider used to run etcd: Manager, Legacy. Defaults to Manager.' + description: |- + Provider is the provider used to run etcd: Manager, Legacy. + Defaults to Manager. type: string version: description: Version is the version of etcd to run. @@ -1490,10 +1755,15 @@ spec: description: ExternalDNSConfig are options of the dns-controller properties: provider: - description: Provider determines which implementation of ExternalDNS to use. 'dns-controller' will use kOps DNS Controller. 'external-dns' will use kubernetes-sigs/external-dns. + description: |- + Provider determines which implementation of ExternalDNS to use. + 'dns-controller' will use kOps DNS Controller. + 'external-dns' will use kubernetes-sigs/external-dns. type: string watchIngress: - description: 'WatchIngress indicates you want the dns-controller to watch and create dns entries for ingress resources. Default: true if provider is ''external-dns'', false otherwise.' + description: |- + WatchIngress indicates you want the dns-controller to watch and create dns entries for ingress resources. + Default: true if provider is 'external-dns', false otherwise. type: boolean watchNamespace: description: WatchNamespace is namespace to watch, defaults to all (use to control whom can creates dns entries) @@ -1601,7 +1871,10 @@ spec: type: string type: array useRawManifest: - description: UseRawManifest indicates that the contents of Manifest should be used as the contents of the systemd unit, unmodified. Before and Requires are ignored when used together with this value (and validation shouldn't allow them to be set) + description: |- + UseRawManifest indicates that the contents of Manifest should be used as the contents + of the systemd unit, unmodified. Before and Requires are ignored when used together + with this value (and validation shouldn't allow them to be set) type: boolean type: object type: array @@ -1643,7 +1916,9 @@ spec: type: object type: array useServiceAccountExternalPermissions: - description: UseServiceAccountExternalPermissions determines if managed ServiceAccounts will use external permissions directly. If this is set to false, ServiceAccounts will assume external permissions from the instances they run on. + description: |- + UseServiceAccountExternalPermissions determines if managed ServiceAccounts will use external permissions directly. + If this is set to false, ServiceAccounts will assume external permissions from the instances they run on. type: boolean required: - legacy @@ -1651,6 +1926,12 @@ spec: karpenter: description: Karpenter defines the Karpenter configuration. properties: + cpuRequest: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true enabled: type: boolean image: @@ -1659,10 +1940,19 @@ spec: type: string logLevel: type: string + memoryLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memoryRequest: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object - keyStore: - description: KeyStore is the VFS path to where SSL keys and certificates are stored - type: string kubeAPIServer: description: KubeAPIServerConfig defines the configuration for the kube api properties: @@ -1687,7 +1977,11 @@ spec: description: AnonymousAuth indicates if anonymous authentication is permitted type: boolean apiAudiences: - description: Identifiers of the API. The service account token authenticator will validate that tokens used against the API are bound to at least one of these audiences. If the --service-account-issuer flag is configured and this flag is not, this field defaults to a single element list containing the issuer URL. + description: |- + Identifiers of the API. The service account token authenticator will validate that + tokens used against the API are bound to at least one of these audiences. If the + --service-account-issuer flag is configured and this flag is not, this field + defaults to a single element list containing the issuer URL. items: type: string type: array @@ -1792,7 +2086,9 @@ spec: description: CloudProvider is the name of the cloudProvider we are using, aws, gce etcd type: string corsAllowedOrigins: - description: CorsAllowedOrigins is a list of origins for CORS. An allowed origin can be a regular expression to support subdomain matching. If this list is empty CORS will not be enabled. + description: |- + CorsAllowedOrigins is a list of origins for CORS. An allowed origin can be a regular + expression to support subdomain matching. If this list is empty CORS will not be enabled. items: type: string type: array @@ -1905,7 +2201,10 @@ spec: type: string type: array logFormat: - description: 'LogFormat is the logging format of the api. Supported values: text, json. Default: text' + description: |- + LogFormat is the logging format of the api. + Supported values: text, json. + Default: text type: string logLevel: description: LogLevel is the logging level of the api @@ -1934,11 +2233,15 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true minRequestTimeout: - description: MinRequestTimeout configures the minimum number of seconds a handler must keep a request open before timing it out. Currently only honored by the watch request handler + description: |- + MinRequestTimeout configures the minimum number of seconds a handler must keep a request open before timing it out. + Currently only honored by the watch request handler format: int32 type: integer oidcCAFile: - description: OIDCCAFile if set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file + description: |- + OIDCCAFile if set, the OpenID server's certificate will be verified by one + of the authorities in the oidc-ca-file type: string proxyClientCertFile: description: The apiserver's client certificate used for outbound requests. @@ -1982,18 +2285,25 @@ spec: format: int32 type: integer serviceAccountIssuer: - description: Identifier of the service account token issuer. The issuer will assert this identifier in "iss" claim of issued tokens. This value is a string or URI. + description: |- + Identifier of the service account token issuer. The issuer will assert this identifier + in "iss" claim of issued tokens. This value is a string or URI. type: string serviceAccountJWKSURI: description: ServiceAccountJWKSURI overrides the path for the jwks document; this is useful when we are republishing the service account discovery information elsewhere. type: string serviceAccountKeyFile: - description: File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. The specified file can contain multiple keys, and the flag can be specified multiple times with different files. If unspecified, --tls-private-key-file is used. + description: |- + File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. + The specified file can contain multiple keys, and the flag can be specified multiple times with different files. + If unspecified, --tls-private-key-file is used. items: type: string type: array serviceAccountSigningKeyFile: - description: Path to the file that contains the current private key of the service account token issuer. The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.) + description: |- + Path to the file that contains the current private key of the service account token issuer. + The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.) type: string serviceClusterIPRange: description: ServiceClusterIPRange is the service address range @@ -2029,11 +2339,16 @@ spec: kubeControllerManager: description: KubeControllerManagerConfig is the configuration for the controller properties: + ClusterSigningDuration: + description: ClusterSigningDuration is the max length of duration that the signed certificates will be given. (default 365*24h) + type: string allocateNodeCIDRs: description: AllocateNodeCIDRs enables CIDRs for Pods to be allocated and, if ConfigureCloudRoutes is true, to be set on the cloud provider. type: boolean attachDetachReconcileSyncPeriod: - description: AttachDetachReconcileSyncPeriod is the amount of time the reconciler sync states loop wait between successive executions. Is set to 1 min by kops by default + description: |- + AttachDetachReconcileSyncPeriod is the amount of time the reconciler sync states loop + wait between successive executions. Is set to 1 min by kops by default type: string authenticationKubeconfig: description: AuthenticationKubeconfig is the path to an Authentication Kubeconfig @@ -2099,7 +2414,9 @@ spec: type: string type: array disableAttachDetachReconcileSync: - description: DisableAttachDetachReconcileSync disables the reconcile sync loop in the attach-detach controller. This can cause volumes to become mismatched with pods + description: |- + DisableAttachDetachReconcileSync disables the reconcile sync loop in the attach-detach controller. + This can cause volumes to become mismatched with pods type: boolean enableLeaderMigration: description: EnableLeaderMigration enables controller leader migration. @@ -2107,11 +2424,28 @@ spec: enableProfiling: description: EnableProfiling enables profiling via web interface host:port/debug/pprof/ type: boolean + endpointSliceUpdatesBatchPeriod: + description: |- + The length of endpoint slice updates batching period. Processing of pod changes will be delayed by this duration + to join them with potential upcoming updates and reduce the overall number of endpoints updates. + Larger number = higher endpoint programming latency, but lower number of endpoints revision generated. + type: string + endpointUpdatesBatchPeriod: + description: |- + The length of endpoint updates batching period. Processing of pod changes will be delayed by this duration + to join them with potential upcoming updates and reduce the overall number of endpoints updates. + Larger number = higher endpoint programming latency, but lower number of endpoints revision generated + type: string experimentalClusterSigningDuration: - description: ExperimentalClusterSigningDuration is the duration that determines the length of duration that the signed certificates will be given. (default 8760h0m0s) + description: |- + ExperimentalClusterSigningDuration is the max length of duration that the signed certificates will be given. (default 365*24h) + Deprecated - use cluster-signing-duration instead type: string externalCloudVolumePlugin: - description: ExternalCloudVolumePlugin is a fallback mechanism that allows a legacy, in-tree cloudprovider to be used for volume plugins even when an external cloud controller manager is being used. This can be used instead of installing CSI. The value should be the same as is used for the --cloud-provider flag, i.e. "aws". + description: |- + ExternalCloudVolumePlugin is a fallback mechanism that allows a legacy, in-tree cloudprovider to be used for volume plugins + even when an external cloud controller manager is being used. This can be used instead of installing CSI. The value should + be the same as is used for the --cloud-provider flag, i.e. "aws". type: string featureGates: additionalProperties: @@ -2119,32 +2453,53 @@ spec: description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. type: object horizontalPodAutoscalerCpuInitializationPeriod: - description: HorizontalPodAutoscalerCPUInitializationPeriod is the period after pod start when CPU samples might be skipped. (default 5m) + description: |- + HorizontalPodAutoscalerCPUInitializationPeriod is the period after pod start + when CPU samples might be skipped. (default 5m) type: string horizontalPodAutoscalerDownscaleDelay: - description: HorizontalPodAutoscalerDownscaleDelay is a duration that specifies how long the autoscaler has to wait before another downscale operation can be performed after the current one has completed. + description: |- + HorizontalPodAutoscalerDownscaleDelay is a duration that specifies + how long the autoscaler has to wait before another downscale + operation can be performed after the current one has completed. type: string horizontalPodAutoscalerDownscaleStabilization: - description: HorizontalPodAutoscalerDownscaleStabilization is the period for which autoscaler will look backwards and not scale down below any recommendation it made during that period. + description: |- + HorizontalPodAutoscalerDownscaleStabilization is the period for which + autoscaler will look backwards and not scale down below any + recommendation it made during that period. type: string horizontalPodAutoscalerInitialReadinessDelay: - description: HorizontalPodAutoscalerInitialReadinessDelay is the period after pod start during which readiness changes will be treated as initial readiness. (default 30s) + description: |- + HorizontalPodAutoscalerInitialReadinessDelay is the period after pod start + during which readiness changes will be treated as initial readiness. (default 30s) type: string horizontalPodAutoscalerSyncPeriod: - description: HorizontalPodAutoscalerSyncPeriod is the amount of time between syncs During each period, the controller manager queries the resource utilization against the metrics specified in each HorizontalPodAutoscaler definition. + description: |- + HorizontalPodAutoscalerSyncPeriod is the amount of time between syncs + During each period, the controller manager queries the resource utilization + against the metrics specified in each HorizontalPodAutoscaler definition. type: string horizontalPodAutoscalerTolerance: anyOf: - type: integer - type: string - description: HorizontalPodAutoscalerTolerance is the minimum change (from 1.0) in the desired-to-actual metrics ratio for the horizontal pod autoscaler to consider scaling. + description: |- + HorizontalPodAutoscalerTolerance is the minimum change (from 1.0) in the + desired-to-actual metrics ratio for the horizontal pod autoscaler to + consider scaling. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true horizontalPodAutoscalerUpscaleDelay: - description: HorizontalPodAutoscalerUpscaleDelay is a duration that specifies how long the autoscaler has to wait before another upscale operation can be performed after the current one has completed. + description: |- + HorizontalPodAutoscalerUpscaleDelay is a duration that specifies how + long the autoscaler has to wait before another upscale operation can + be performed after the current one has completed. type: string horizontalPodAutoscalerUseRestClients: - description: HorizontalPodAutoscalerUseRestClients determines if the new-style clients should be used if support for custom metrics is enabled. + description: |- + HorizontalPodAutoscalerUseRestClients determines if the new-style clients + should be used if support for custom metrics is enabled. type: boolean image: description: Image is the docker image to use @@ -2164,16 +2519,27 @@ spec: description: LeaderElection defines the configuration of leader election client. properties: leaderElect: - description: leaderElect enables a leader election client to gain leadership before executing the main loop. Enable this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaderElectLeaseDuration: - description: leaderElectLeaseDuration is the length in time non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate + description: |- + leaderElectLeaseDuration is the length in time non-leader candidates + will wait after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced by another candidate type: string leaderElectRenewDeadlineDuration: - description: LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. + description: |- + LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. type: string leaderElectResourceLock: - description: LeaderElectResourceLock is the type of resource object that is used for locking during leader election. Supported options are endpoints (default) and `configmaps`. + description: |- + LeaderElectResourceLock is the type of resource object that is used for locking during + leader election. Supported options are endpoints (default) and `configmaps`. type: string leaderElectResourceName: description: LeaderElectResourceName is the name of resource object that is used for locking during leader election. @@ -2182,11 +2548,16 @@ spec: description: LeaderElectResourceNamespace is the namespace of resource object that is used for locking during leader election. type: string leaderElectRetryPeriod: - description: LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. + description: |- + LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition + and renewal of a leadership. This is only applicable if leader election is enabled. type: string type: object logFormat: - description: 'LogFormat is the logging format of the controler manager. Supported values: text, json. Default: text' + description: |- + LogFormat is the logging format of the controler manager. + Supported values: text, json. + Default: text type: string logLevel: description: LogLevel is the defined logLevel @@ -2196,14 +2567,18 @@ spec: description: Master is the url for the kube api master type: string minResyncPeriod: - description: MinResyncPeriod indicates the resync period in reflectors. The resync period will be random between MinResyncPeriod and 2*MinResyncPeriod. (default 12h0m0s) + description: |- + MinResyncPeriod indicates the resync period in reflectors. + The resync period will be random between MinResyncPeriod and 2*MinResyncPeriod. (default 12h0m0s) type: string nodeCIDRMaskSize: description: NodeCIDRMaskSize set the size for the mask of the nodes. format: int32 type: integer nodeMonitorGracePeriod: - description: NodeMonitorGracePeriod is the amount of time which we allow running Node to be unresponsive before marking it unhealthy. (default 40s) Must be N-1 times more than kubelet's nodeStatusUpdateFrequency, where N means number of retries allowed for kubelet to post node status. + description: |- + NodeMonitorGracePeriod is the amount of time which we allow running Node to be unresponsive before marking it unhealthy. (default 40s) + Must be N-1 times more than kubelet's nodeStatusUpdateFrequency, where N means number of retries allowed for kubelet to post node status. type: string nodeMonitorPeriod: description: NodeMonitorPeriod is the period for syncing NodeStatus in NodeController. (default 5s) @@ -2218,7 +2593,10 @@ spec: description: ServiceAccountPrivateKeyFile is the location of the private key for service account token signing. type: string terminatedPodGCThreshold: - description: TerminatedPodGCThreshold is the number of terminated pods that can exist before the terminated pod garbage collector starts deleting terminated pods. If <= 0, the terminated pod garbage collector is disabled. + description: |- + TerminatedPodGCThreshold is the number of terminated pods that can exist + before the terminated pod garbage collector starts deleting terminated pods. + If <= 0, the terminated pod garbage collector is disabled. format: int32 type: integer tlsCertFile: @@ -2249,9 +2627,20 @@ spec: description: Describes node affinity scheduling rules for the pod. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the corresponding weight. @@ -2259,16 +2648,25 @@ spec: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -2280,16 +2678,25 @@ spec: matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -2310,26 +2717,43 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -2341,16 +2765,25 @@ spec: matchFields: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -2371,7 +2804,16 @@ spec: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: @@ -2384,16 +2826,24 @@ spec: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2405,26 +2855,42 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2436,23 +2902,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -2461,9 +2941,22 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: description: A label query over a set of resources, in this case pods. @@ -2471,16 +2964,24 @@ spec: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2492,26 +2993,42 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2523,17 +3040,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -2544,7 +3073,16 @@ spec: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. items: description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) properties: @@ -2557,16 +3095,24 @@ spec: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2578,26 +3124,42 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2609,23 +3171,37 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey type: object weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. format: int32 type: integer required: @@ -2634,9 +3210,22 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running properties: labelSelector: description: A label query over a set of resources, in this case pods. @@ -2644,16 +3233,24 @@ spec: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2665,26 +3262,42 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaceSelector: - description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. properties: matchExpressions: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. items: type: string type: array @@ -2696,17 +3309,29 @@ spec: matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic namespaces: - description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". items: type: string type: array topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. type: string required: - topologyKey @@ -2791,7 +3416,9 @@ spec: podAnnotations: additionalProperties: type: string - description: 'PodAnnotations makes possible to add additional annotations to node-local-dns. Default: none' + description: |- + PodAnnotations makes possible to add additional annotations to node-local-dns. + Default: none type: object type: object provider: @@ -2810,23 +3437,39 @@ spec: tolerations: description: "Tolerations\tare tolerations to apply to the kube-dns deployment" items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array @@ -2955,16 +3598,27 @@ spec: description: LeaderElection defines the configuration of leader election client. properties: leaderElect: - description: leaderElect enables a leader election client to gain leadership before executing the main loop. Enable this when running replicated components for high availability. + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. type: boolean leaderElectLeaseDuration: - description: leaderElectLeaseDuration is the length in time non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate + description: |- + leaderElectLeaseDuration is the length in time non-leader candidates + will wait after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced by another candidate type: string leaderElectRenewDeadlineDuration: - description: LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. + description: |- + LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. type: string leaderElectResourceLock: - description: LeaderElectResourceLock is the type of resource object that is used for locking during leader election. Supported options are endpoints (default) and `configmaps`. + description: |- + LeaderElectResourceLock is the type of resource object that is used for locking during + leader election. Supported options are endpoints (default) and `configmaps`. type: string leaderElectResourceName: description: LeaderElectResourceName is the name of resource object that is used for locking during leader election. @@ -2973,11 +3627,16 @@ spec: description: LeaderElectResourceNamespace is the namespace of resource object that is used for locking during leader election. type: string leaderElectRetryPeriod: - description: LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. + description: |- + LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition + and renewal of a leadership. This is only applicable if leader election is enabled. type: string type: object logFormat: - description: 'LogFormat is the logging format of the scheduler. Supported values: text, json. Default: text' + description: |- + LogFormat is the logging format of the scheduler. + Supported values: text, json. + Default: text type: string logLevel: description: LogLevel is the logging level @@ -2987,7 +3646,11 @@ spec: description: Master is a url to the kube master type: string maxPersistentVolumes: - description: 'MaxPersistentVolumes changes the maximum number of persistent volumes the scheduler will scheduler onto the same node. Only takes effect if value is positive. This corresponds to the KUBE_MAX_PD_VOLS environment variable. The default depends on the version and the cloud provider as outlined: https://kubernetes.io/docs/concepts/storage/storage-limits/' + description: |- + MaxPersistentVolumes changes the maximum number of persistent volumes the scheduler will scheduler onto the same + node. Only takes effect if value is positive. This corresponds to the KUBE_MAX_PD_VOLS environment variable. + The default depends on the version and the cloud provider + as outlined: https://kubernetes.io/docs/concepts/storage/storage-limits/ format: int32 type: integer qps: @@ -3008,7 +3671,9 @@ spec: type: boolean type: object kubelet: - description: Kubelet is the kubelet configuration for nodes not belonging to the control plane. It can be overridden by the kubelet configuration specified in the instance group. + description: |- + Kubelet is the kubelet configuration for nodes not belonging to the control plane. + It can be overridden by the kubelet configuration specified in the instance group. properties: allowPrivileged: description: AllowPrivileged enables containers to request privileged mode (defaults to false) @@ -3122,7 +3787,9 @@ spec: description: ExperimentalAllocatableIgnoreEviction enables ignoring Hard Eviction Thresholds while calculating Node Allocatable type: boolean experimentalAllowedUnsafeSysctls: - description: ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 + description: |- + ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls + Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 items: type: string type: array @@ -3135,7 +3802,16 @@ spec: description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. type: object hairpinMode: - description: 'How should the kubelet configure the container bridge for hairpin packets. Setting this flag allows endpoints in a Service to loadbalance back to themselves if they should try to access their own Service. Values: "promiscuous-bridge": make the container bridge promiscuous. "hairpin-veth": set the hairpin flag on container veth interfaces. "none": do nothing. Setting --configure-cbr0 to false implies that to achieve hairpin NAT one must set --hairpin-mode=veth-flag, because bridge assumes the existence of a container bridge named cbr0.' + description: |- + How should the kubelet configure the container bridge for hairpin packets. + Setting this flag allows endpoints in a Service to loadbalance back to + themselves if they should try to access their own Service. Values: + "promiscuous-bridge": make the container bridge promiscuous. + "hairpin-veth": set the hairpin flag on container veth interfaces. + "none": do nothing. + Setting --configure-cbr0 to false implies that to achieve hairpin NAT + one must set --hairpin-mode=veth-flag, because bridge assumes the + existence of a container bridge named cbr0. type: string hostnameOverride: description: HostnameOverride is the hostname used to identify the kubelet instead of the actual hostname. @@ -3144,15 +3820,22 @@ spec: description: HousekeepingInterval allows to specify interval between container housekeepings. type: string imageGCHighThresholdPercent: - description: ImageGCHighThresholdPercent is the percent of disk usage after which image garbage collection is always run. + description: |- + ImageGCHighThresholdPercent is the percent of disk usage after which + image garbage collection is always run. format: int32 type: integer imageGCLowThresholdPercent: - description: ImageGCLowThresholdPercent is the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. + description: |- + ImageGCLowThresholdPercent is the percent of disk usage before which + image garbage collection is never run. Lowest disk usage to garbage + collect to. format: int32 type: integer imagePullProgressDeadline: - description: ImagePullProgressDeadline is the timeout for image pulls If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) + description: |- + ImagePullProgressDeadline is the timeout for image pulls + If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) type: string kernelMemcgNotification: description: Integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling. @@ -3172,7 +3855,10 @@ spec: description: KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. type: string logFormat: - description: 'LogFormat is the logging format of the kubelet. Supported values: text, json. Default: text' + description: |- + LogFormat is the logging format of the kubelet. + Supported values: text, json. + Default: text type: string logLevel: description: LogLevel is the logging level of the kubelet @@ -3183,10 +3869,15 @@ spec: format: int32 type: integer memorySwapBehavior: - description: 'MemorySwapBehavior defines how swap is used by container workloads. Supported values: LimitedSwap, "UnlimitedSwap.' + description: |- + MemorySwapBehavior defines how swap is used by container workloads. + Supported values: LimitedSwap, "UnlimitedSwap. type: string networkPluginMTU: - description: NetworkPluginMTU is the MTU to be passed to the network plugin, and overrides the default MTU for cases where it cannot be automatically computed (such as IPSEC). + description: |- + NetworkPluginMTU is the MTU to be passed to the network plugin, + and overrides the default MTU for cases where it cannot be automatically + computed (such as IPSEC). format: int32 type: integer networkPluginName: @@ -3198,7 +3889,9 @@ spec: description: NodeLabels to add when registering the node in the cluster. type: object nodeStatusUpdateFrequency: - description: NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. + description: |- + NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) + must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. type: string nonMasqueradeCIDR: description: 'NonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.' @@ -3208,7 +3901,9 @@ spec: format: int32 type: integer podCIDR: - description: PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. In cluster mode, this is obtained from the master. + description: |- + PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. + In cluster mode, this is obtained from the master. type: string podInfraContainerImage: description: PodInfraContainerImage is the image whose network/ipc containers in each pod will use. @@ -3221,14 +3916,18 @@ spec: format: int64 type: integer protectKernelDefaults: - description: 'Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. (DEPRECATED: This parameter should be set via the config file specified by the Kubelet''s --config flag.' + description: |- + Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. + (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. type: boolean readOnlyPort: description: ReadOnlyPort is the port used by the kubelet api for read-only access (default 10255) format: int32 type: integer reconcileCIDR: - description: ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the API server. No-op if register-node or configure-cbr0 is false. + description: |- + ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the + API server. No-op if register-node or configure-cbr0 is false. type: boolean registerNode: description: RegisterNode enables automatic registration with the apiserver. @@ -3262,23 +3961,37 @@ spec: runtimeRequestTimeout: description: RuntimeRequestTimeout is timeout for runtime requests on - pull, logs, exec and attach type: string + seccompDefault: + description: SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. + type: boolean seccompProfileRoot: description: SeccompProfileRoot is the directory path for seccomp profiles. type: string serializeImagePulls: - description: '// SerializeImagePulls when enabled, tells the Kubelet to pull images one // at a time. We recommend *not* changing the default value on nodes that // run docker daemon with version < 1.9 or an Aufs storage backend. // Issue #10959 has more details.' + description: |- + // SerializeImagePulls when enabled, tells the Kubelet to pull images one + // at a time. We recommend *not* changing the default value on nodes that + // run docker daemon with version < 1.9 or an Aufs storage backend. + // Issue #10959 has more details. type: boolean shutdownGracePeriod: - description: 'ShutdownGracePeriod specifies the total duration that the node should delay the shutdown by. Default: 30s' + description: |- + ShutdownGracePeriod specifies the total duration that the node should delay the shutdown by. + Default: 30s type: string shutdownGracePeriodCriticalPods: - description: 'ShutdownGracePeriodCriticalPods specifies the duration used to terminate critical pods during a node shutdown. Default: 10s' + description: |- + ShutdownGracePeriodCriticalPods specifies the duration used to terminate critical pods during a node shutdown. + Default: 10s type: string streamingConnectionIdleTimeout: description: StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed type: string systemCgroups: - description: SystemCgroups is absolute name of cgroups in which to place all non-kernel processes that are not already in a container. Empty for no container. Rolling back the flag requires a reboot. + description: |- + SystemCgroups is absolute name of cgroups in which to place + all non-kernel processes that are not already in a container. Empty + for no container. Rolling back the flag requires a reboot. type: string systemReserved: additionalProperties: @@ -3324,20 +4037,29 @@ spec: description: MetricsServer determines the metrics server configuration. properties: enabled: - description: 'Enabled enables the metrics server. Default: false' + description: |- + Enabled enables the metrics server. + Default: false type: boolean image: - description: 'Image is the docker container used. Default: the latest supported image for the specified kubernetes version.' + description: |- + Image is the docker container used. + Default: the latest supported image for the specified kubernetes version. type: string insecure: - description: 'Insecure determines if API server will validate metrics server TLS cert. Default: true' + description: |- + Insecure determines if API server will validate metrics server TLS cert. + Default: true type: boolean type: object networking: description: Networking configures networking. properties: additionalNetworkCIDRs: - description: AdditionalNetworkCIDRs is a list of additional CIDR used for the AWS VPC or otherwise allocated to k8s. This is a real CIDR, not the internal k8s network On AWS, it maps to any additional CIDRs added to a VPC. + description: |- + AdditionalNetworkCIDRs is a list of additional CIDR used for the AWS VPC + or otherwise allocated to k8s. This is a real CIDR, not the internal k8s network + On AWS, it maps to any additional CIDRs added to a VPC. items: type: string type: array @@ -3353,7 +4075,15 @@ spec: description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + description: |- + Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string required: - name @@ -3370,25 +4100,42 @@ spec: description: CalicoNetworkingSpec declares that we want Calico networking properties: allowIPForwarding: - description: 'AllowIPForwarding enable ip_forwarding setting within the container namespace. (default: false)' + description: |- + AllowIPForwarding enable ip_forwarding setting within the container namespace. + (default: false) type: boolean awsSrcDstCheck: - description: 'AWSSrcDstCheck enables/disables ENI source/destination checks (AWS IPv4 only) Options: Disable (default for IPv4), Enable, or DoNothing' + description: |- + AWSSrcDstCheck enables/disables ENI source/destination checks (AWS IPv4 only) + Options: Disable (default for IPv4), Enable, or DoNothing type: string bpfEnabled: description: BPFEnabled enables the eBPF dataplane mode. type: boolean bpfExternalServiceMode: - description: 'BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled. In Tunnel mode, packet is tunneled from the ingress host to the host with the backing pod and back again. In DSR mode, traffic is tunneled to the host with the backing pod and then returned directly; this requires a network that allows direct return. Default: Tunnel (other options: DSR)' + description: |- + BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled. + In Tunnel mode, packet is tunneled from the ingress host to the host with the backing pod and back again. + In DSR mode, traffic is tunneled to the host with the backing pod and then returned directly; + this requires a network that allows direct return. + Default: Tunnel (other options: DSR) type: string bpfKubeProxyIptablesCleanupEnabled: - description: BPFKubeProxyIptablesCleanupEnabled controls whether Felix will clean up the iptables rules created by the Kubernetes kube-proxy; should only be enabled if kube-proxy is not running. + description: |- + BPFKubeProxyIptablesCleanupEnabled controls whether Felix will clean up the iptables rules + created by the Kubernetes kube-proxy; should only be enabled if kube-proxy is not running. type: boolean bpfLogLevel: - description: 'BPFLogLevel controls the log level used by the BPF programs. The logs are emitted to the BPF trace pipe, accessible with the command tc exec BPF debug. Default: Off (other options: Info, Debug)' + description: |- + BPFLogLevel controls the log level used by the BPF programs. The logs are emitted + to the BPF trace pipe, accessible with the command tc exec BPF debug. + Default: Off (other options: Info, Debug) type: string chainInsertMode: - description: 'ChainInsertMode controls whether Felix inserts rules to the top of iptables chains, or appends to the bottom. Leaving the default option is safest to prevent accidentally breaking connectivity. Default: ''insert'' (other options: ''append'')' + description: |- + ChainInsertMode controls whether Felix inserts rules to the top of iptables chains, or + appends to the bottom. Leaving the default option is safest to prevent accidentally + breaking connectivity. Default: 'insert' (other options: 'append') type: string cpuRequest: anyOf: @@ -3401,19 +4148,41 @@ spec: description: CrossSubnet is deprecated as of kOps 1.22 and has no effect type: boolean encapsulationMode: - description: 'EncapsulationMode specifies the network packet encapsulation protocol for Calico to use, employing such encapsulation at the necessary scope per the related CrossSubnet field. In "ipip" mode, Calico will use IP-in-IP encapsulation as needed. In "vxlan" mode, Calico will encapsulate packets as needed using the VXLAN scheme. Options: ipip (default) or vxlan' + description: |- + EncapsulationMode specifies the network packet encapsulation protocol for Calico to use, + employing such encapsulation at the necessary scope per the related CrossSubnet field. In + "ipip" mode, Calico will use IP-in-IP encapsulation as needed. In "vxlan" mode, Calico will + encapsulate packets as needed using the VXLAN scheme. + Options: ipip (default) or vxlan type: string ipipMode: - description: 'IPIPMode determines when to use IP-in-IP encapsulation for the default Calico IPv4 pool. It is conveyed to the "calico-node" daemon container via the CALICO_IPV4POOL_IPIP environment variable. EncapsulationMode must be set to "ipip". Options: "CrossSubnet", "Always", or "Never". Default: "CrossSubnet" if EncapsulationMode is "ipip", "Never" otherwise.' + description: |- + IPIPMode determines when to use IP-in-IP encapsulation for the default Calico IPv4 pool. + It is conveyed to the "calico-node" daemon container via the CALICO_IPV4POOL_IPIP + environment variable. EncapsulationMode must be set to "ipip". + Options: "CrossSubnet", "Always", or "Never". + Default: "CrossSubnet" if EncapsulationMode is "ipip", "Never" otherwise. type: string iptablesBackend: - description: 'IptablesBackend controls which variant of iptables binary Felix uses Default: Auto (other options: Legacy, NFT)' + description: |- + IptablesBackend controls which variant of iptables binary Felix uses + Default: Auto (other options: Legacy, NFT) type: string ipv4AutoDetectionMethod: - description: 'IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route between nodes. This should be set when the host has multiple interfaces and it is important to select the interface used. Options: "first-found" (default), "can-reach=DESTINATION", "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"' + description: |- + IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route + between nodes. This should be set when the host has multiple interfaces + and it is important to select the interface used. + Options: "first-found" (default), "can-reach=DESTINATION", + "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX" type: string ipv6AutoDetectionMethod: - description: 'IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route between nodes. This should be set when the host has multiple interfaces and it is important to select the interface used. Options: "first-found" (default), "can-reach=DESTINATION", "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"' + description: |- + IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route + between nodes. This should be set when the host has multiple interfaces + and it is important to select the interface used. + Options: "first-found" (default), "can-reach=DESTINATION", + "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX" type: string logSeverityScreen: description: 'LogSeverityScreen lets us set the desired log level. (Default: info)' @@ -3426,10 +4195,14 @@ spec: description: PrometheusGoMetricsEnabled enables Prometheus Go runtime metrics collection type: boolean prometheusMetricsEnabled: - description: 'PrometheusMetricsEnabled can be set to enable the experimental Prometheus metrics server (default: false)' + description: |- + PrometheusMetricsEnabled can be set to enable the experimental Prometheus + metrics server (default: false) type: boolean prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the experimental Prometheus metrics server should bind to (default: 9091)' + description: |- + PrometheusMetricsPort is the TCP port that the experimental Prometheus + metrics server should bind to (default: 9091) format: int32 type: integer prometheusProcessMetricsEnabled: @@ -3439,10 +4212,14 @@ spec: description: Registry overrides the Calico container image registry. type: string typhaPrometheusMetricsEnabled: - description: 'TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha (default: false)' + description: |- + TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha + (default: false) type: boolean typhaPrometheusMetricsPort: - description: 'TyphaPrometheusMetricsPort is the TCP port the typha Prometheus metrics server should bind to (default: 9093)' + description: |- + TyphaPrometheusMetricsPort is the TCP port the typha Prometheus metrics server + should bind to (default: 9093) format: int32 type: integer typhaReplicas: @@ -3453,17 +4230,27 @@ spec: description: Version overrides the Calico container image tag. type: string vxlanMode: - description: 'VXLANMode determines when to use VXLAN encapsulation for the default Calico IPv4 pool. It is conveyed to the "calico-node" daemon container via the CALICO_IPV4POOL_VXLAN environment variable. EncapsulationMode must be set to "vxlan". Options: "CrossSubnet", "Always", or "Never". Default: "CrossSubnet" if EncapsulationMode is "vxlan", "Never" otherwise.' + description: |- + VXLANMode determines when to use VXLAN encapsulation for the default Calico IPv4 pool. + It is conveyed to the "calico-node" daemon container via the CALICO_IPV4POOL_VXLAN + environment variable. EncapsulationMode must be set to "vxlan". + Options: "CrossSubnet", "Always", or "Never". + Default: "CrossSubnet" if EncapsulationMode is "vxlan", "Never" otherwise. type: string wireguardEnabled: - description: 'WireguardEnabled enables WireGuard encryption for all on-the-wire pod-to-pod traffic (default: false)' + description: |- + WireguardEnabled enables WireGuard encryption for all on-the-wire pod-to-pod traffic + (default: false) type: boolean type: object canal: description: CanalNetworkingSpec declares that we want Canal networking properties: chainInsertMode: - description: 'ChainInsertMode controls whether Felix inserts rules to the top of iptables chains, or appends to the bottom. Leaving the default option is safest to prevent accidentally breaking connectivity. Default: ''insert'' (other options: ''append'')' + description: |- + ChainInsertMode controls whether Felix inserts rules to the top of iptables chains, or + appends to the bottom. Leaving the default option is safest to prevent accidentally + breaking connectivity. Default: 'insert' (other options: 'append') type: string cpuRequest: anyOf: @@ -3473,16 +4260,25 @@ spec: pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true defaultEndpointToHostAction: - description: 'DefaultEndpointToHostAction allows users to configure the default behaviour for traffic between pod to host after calico rules have been processed. Default: ACCEPT (other options: DROP, RETURN)' + description: |- + DefaultEndpointToHostAction allows users to configure the default behaviour + for traffic between pod to host after calico rules have been processed. + Default: ACCEPT (other options: DROP, RETURN) type: string flanneldIptablesForwardRules: - description: 'FlanneldIptablesForwardRules configures Flannel to add the default ACCEPT traffic rules to the iptables FORWARD chain. (default: true)' + description: |- + FlanneldIptablesForwardRules configures Flannel to add the + default ACCEPT traffic rules to the iptables FORWARD chain. (default: true) type: boolean iptablesBackend: - description: 'IptablesBackend controls which variant of iptables binary Felix uses Default: Auto (other options: Legacy, NFT)' + description: |- + IptablesBackend controls which variant of iptables binary Felix uses + Default: Auto (other options: Legacy, NFT) type: string logSeveritySys: - description: 'LogSeveritySys the severity to set for logs which are sent to syslog Default: INFO (other options: DEBUG, WARNING, ERROR, CRITICAL, NONE)' + description: |- + LogSeveritySys the severity to set for logs which are sent to syslog + Default: INFO (other options: DEBUG, WARNING, ERROR, CRITICAL, NONE) type: string mtu: description: 'MTU to be set in the cni-network-config (default: 1500)' @@ -3492,20 +4288,28 @@ spec: description: PrometheusGoMetricsEnabled enables Prometheus Go runtime metrics collection type: boolean prometheusMetricsEnabled: - description: 'PrometheusMetricsEnabled can be set to enable the experimental Prometheus metrics server (default: false)' + description: |- + PrometheusMetricsEnabled can be set to enable the experimental Prometheus + metrics server (default: false) type: boolean prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the experimental Prometheus metrics server should bind to (default: 9091)' + description: |- + PrometheusMetricsPort is the TCP port that the experimental Prometheus + metrics server should bind to (default: 9091) format: int32 type: integer prometheusProcessMetricsEnabled: description: PrometheusProcessMetricsEnabled enables Prometheus process metrics collection type: boolean typhaPrometheusMetricsEnabled: - description: 'TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha (default: false)' + description: |- + TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha + (default: false) type: boolean typhaPrometheusMetricsPort: - description: 'TyphaPrometheusMetricsPort is the TCP port the typha Prometheus metrics server should bind to (default: 9093)' + description: |- + TyphaPrometheusMetricsPort is the TCP port the typha Prometheus metrics server + should bind to (default: 9093) format: int32 type: integer typhaReplicas: @@ -3519,44 +4323,80 @@ spec: agentPodAnnotations: additionalProperties: type: string - description: 'AgentPodAnnotations makes possible to add additional annotations to cilium agent. Default: none' + description: |- + AgentPodAnnotations makes possible to add additional annotations to cilium agent. + Default: none type: object agentPrometheusPort: - description: AgentPrometheusPort is the port to listen to for Prometheus metrics. Defaults to 9090. + description: |- + AgentPrometheusPort is the port to listen to for Prometheus metrics. + Defaults to 9090. type: integer autoDirectNodeRoutes: - description: 'AutoDirectNodeRoutes adds automatic L2 routing between nodes. Default: false' + description: |- + AutoDirectNodeRoutes adds automatic L2 routing between nodes. + Default: false type: boolean bpfCTGlobalAnyMax: - description: 'BPFCTGlobalAnyMax is the maximum number of entries in the non-TCP CT table. Default: 262144' + description: |- + BPFCTGlobalAnyMax is the maximum number of entries in the non-TCP CT table. + Default: 262144 type: integer bpfCTGlobalTCPMax: - description: 'BPFCTGlobalTCPMax is the maximum number of entries in the TCP CT table. Default: 524288' + description: |- + BPFCTGlobalTCPMax is the maximum number of entries in the TCP CT table. + Default: 524288 type: integer bpfLBAlgorithm: - description: 'BPFLBAlgorithm is the load balancing algorithm ("random", "maglev"). Default: random' + description: |- + BPFLBAlgorithm is the load balancing algorithm ("random", "maglev"). + Default: random type: string bpfLBMaglevTableSize: - description: 'BPFLBMaglevTableSize is the per service backend table size when going with Maglev (parameter M). Default: 16381' + description: |- + BPFLBMaglevTableSize is the per service backend table size when going with Maglev (parameter M). + Default: 16381 type: string bpfLBMapMax: - description: 'BPFLBMapMax is the maximum number of entries in bpf lb service, backend and affinity maps. Default: 65536' + description: |- + BPFLBMapMax is the maximum number of entries in bpf lb service, backend and affinity maps. + Default: 65536 type: integer bpfLBSockHostNSOnly: - description: 'BPFLBSockHostNSOnly enables skipping socket LB for services when inside a pod namespace, in favor of service LB at the pod interface. Socket LB is still used when in the host namespace. Required by service mesh (e.g., Istio, Linkerd). Default: false' + description: |- + BPFLBSockHostNSOnly enables skipping socket LB for services when inside a pod namespace, + in favor of service LB at the pod interface. Socket LB is still used when in the host namespace. + Required by service mesh (e.g., Istio, Linkerd). + Default: false type: boolean bpfNATGlobalMax: - description: 'BPFNATGlobalMax is the the maximum number of entries in the BPF NAT table. Default: 524288' + description: |- + BPFNATGlobalMax is the the maximum number of entries in the BPF NAT table. + Default: 524288 type: integer bpfNeighGlobalMax: - description: 'BPFNeighGlobalMax is the the maximum number of entries in the BPF Neighbor table. Default: 524288' + description: |- + BPFNeighGlobalMax is the the maximum number of entries in the BPF Neighbor table. + Default: 524288 type: integer bpfPolicyMapMax: - description: 'BPFPolicyMapMax is the maximum number of entries in endpoint policy map. Default: 16384' + description: |- + BPFPolicyMapMax is the maximum number of entries in endpoint policy map. + Default: 16384 type: integer chainingMode: - description: 'ChainingMode allows using Cilium in combination with other CNI plugins. With Cilium CNI chaining, the base network connectivity and IP address management is managed by the non-Cilium CNI plugin, but Cilium attaches eBPF programs to the network devices created by the non-Cilium plugin to provide L3/L4 network visibility, policy enforcement and other advanced features. Default: none' + description: |- + ChainingMode allows using Cilium in combination with other CNI plugins. + With Cilium CNI chaining, the base network connectivity and IP address management is managed + by the non-Cilium CNI plugin, but Cilium attaches eBPF programs to the network devices created + by the non-Cilium plugin to provide L3/L4 network visibility, policy enforcement and other advanced features. + Default: none type: string + clusterID: + description: |- + ClusterID is the ID of the cluster. It is only relevant when building a mesh of clusters. + Must be a number between 1 and 255. + type: integer clusterName: description: ClusterName is the name of the cluster. It is only relevant when building a mesh of clusters. type: string @@ -3574,46 +4414,77 @@ spec: description: DisableCNPStatusUpdates determines if CNP NodeStatus updates will be sent to the Kubernetes api-server. type: boolean disableEndpointCRD: - description: 'DisableEndpointCRD disables usage of CiliumEndpoint CRD. Default: false' + description: |- + DisableEndpointCRD disables usage of CiliumEndpoint CRD. + Default: false type: boolean enableBPFMasquerade: - description: 'EnableBPFMasquerade enables masquerading packets from endpoints leaving the host with BPF instead of iptables. Default: false' + description: |- + EnableBPFMasquerade enables masquerading packets from endpoints leaving the host with BPF instead of iptables. + Default: false type: boolean enableEncryption: - description: 'EnableEncryption enables Cilium Encryption. Default: false' + description: |- + EnableEncryption enables Cilium Encryption. + Default: false type: boolean enableEndpointHealthChecking: - description: 'EnableEndpointHealthChecking enables connectivity health checking between virtual endpoints. Default: true' + description: |- + EnableEndpointHealthChecking enables connectivity health checking between virtual endpoints. + Default: true type: boolean enableHostReachableServices: - description: 'EnableHostReachableServices configures Cilium to enable services to be reached from the host namespace in addition to pod namespaces. https://docs.cilium.io/en/v1.9/gettingstarted/host-services/ Default: false' + description: |- + EnableHostReachableServices configures Cilium to enable services to be + reached from the host namespace in addition to pod namespaces. + https://docs.cilium.io/en/v1.9/gettingstarted/host-services/ + Default: false type: boolean enableL7Proxy: - description: 'EnableL7Proxy enables L7 proxy for L7 policy enforcement. Default: true' + description: |- + EnableL7Proxy enables L7 proxy for L7 policy enforcement. + Default: true type: boolean enableNodePort: - description: 'EnableNodePort replaces kube-proxy with Cilium''s BPF implementation. Requires spec.kubeProxy.enabled be set to false. Default: false' + description: |- + EnableNodePort replaces kube-proxy with Cilium's BPF implementation. + Requires spec.kubeProxy.enabled be set to false. + Default: false type: boolean enablePolicy: - description: 'EnablePolicy specifies the policy enforcement mode. "default": Follows Kubernetes policy enforcement. "always": Cilium restricts all traffic if no policy is in place. "never": Cilium allows all traffic regardless of policies in place. If unspecified, "default" policy mode will be used.' + description: |- + EnablePolicy specifies the policy enforcement mode. + "default": Follows Kubernetes policy enforcement. + "always": Cilium restricts all traffic if no policy is in place. + "never": Cilium allows all traffic regardless of policies in place. + If unspecified, "default" policy mode will be used. type: string enablePrometheusMetrics: description: EnablePrometheusMetrics enables the Cilium "/metrics" endpoint for both the agent and the operator. type: boolean enableRemoteNodeIdentity: - description: 'EnableRemoteNodeIdentity enables the remote-node-identity. Default: true' + description: |- + EnableRemoteNodeIdentity enables the remote-node-identity. + Default: true type: boolean enableServiceTopology: description: EnableServiceTopology determine if cilium should use topology aware hints. type: boolean enableUnreachableRoutes: - description: 'EnableUnreachableRoutes enables unreachable routes on pod deletion. Default: false' + description: |- + EnableUnreachableRoutes enables unreachable routes on pod deletion. + Default: false type: boolean encryptionType: - description: 'EncryptionType specifies Cilium Encryption method ("ipsec", "wireguard"). Default: ipsec' + description: |- + EncryptionType specifies Cilium Encryption method ("ipsec", "wireguard"). + Default: ipsec type: string etcdManaged: - description: 'EtcdManagd installs an additional etcd cluster that is used for Cilium state change. The cluster is operated by cilium-etcd-operator. Default: false' + description: |- + EtcdManagd installs an additional etcd cluster that is used for Cilium state change. + The cluster is operated by cilium-etcd-operator. + Default: false type: boolean hubble: description: Hubble configures the Hubble service on the Cilium agent. @@ -3622,25 +4493,42 @@ spec: description: Enabled decides if Hubble is enabled on the agent or not type: boolean metrics: - description: Metrics is a list of metrics to collect. If empty or null, metrics are disabled. See https://docs.cilium.io/en/stable/configuration/metrics/#hubble-exported-metrics + description: |- + Metrics is a list of metrics to collect. If empty or null, metrics are disabled. + See https://docs.cilium.io/en/stable/configuration/metrics/#hubble-exported-metrics items: type: string type: array type: object identityAllocationMode: - description: 'IdentityAllocationMode specifies in which backend identities are stored ("crd", "kvstore"). Default: crd' + description: |- + IdentityAllocationMode specifies in which backend identities are stored ("crd", "kvstore"). + Default: crd type: string identityChangeGracePeriod: - description: 'IdentityChangeGracePeriod specifies the duration to wait before using a changed identity. Default: 5s' + description: |- + IdentityChangeGracePeriod specifies the duration to wait before using a changed identity. + Default: 5s type: string installIptablesRules: - description: 'InstallIptablesRules enables installing the base IPTables rules used for masquerading and kube-proxy. Default: true' + description: |- + InstallIptablesRules enables installing the base IPTables rules used for masquerading and kube-proxy. + Default: true type: boolean ipam: - description: 'IPAM specifies the IP address allocation mode to use. Possible values are "crd" and "eni". "eni" will use AWS native networking for pods. Eni requires masquerade to be set to false. "crd" will use CRDs for controlling IP address management. "hostscope" will use hostscope IPAM mode. "kubernetes" will use addersing based on node pod CIDR. Default: "kubernetes".' + description: |- + IPAM specifies the IP address allocation mode to use. + Possible values are "crd" and "eni". + "eni" will use AWS native networking for pods. Eni requires masquerade to be set to false. + "crd" will use CRDs for controlling IP address management. + "hostscope" will use hostscope IPAM mode. + "kubernetes" will use addersing based on node pod CIDR. + Default: "kubernetes". type: string masquerade: - description: 'Masquerade enables masquerading IPv4 traffic to external destinations behind the node IP. Default: false if IPAM is "eni" or in IPv6 mode, otherwise true' + description: |- + Masquerade enables masquerading IPv4 traffic to external destinations behind the node IP. + Default: false if IPAM is "eni" or in IPv6 mode, otherwise true type: boolean memoryRequest: anyOf: @@ -3655,37 +4543,61 @@ spec: type: string type: array monitorAggregation: - description: 'MonitorAggregation sets the level of packet monitoring. Possible values are "low", "medium", or "maximum". Default: medium' - type: string + description: |- + MonitorAggregation sets the level of packet monitoring. Possible values are "low", "medium", or "maximum". + Default: medium + type: string + nodeEncryption: + description: |- + NodeEncryption enables encryption for pure node to node traffic. + Default: false + type: boolean operatorPodAnnotations: additionalProperties: type: string - description: 'OperatorPodAnnotations makes possible to add additional annotations to cilium operator. Default: none' + description: |- + OperatorPodAnnotations makes possible to add additional annotations to cilium operator. + Default: none type: object preallocateBPFMaps: - description: 'PreallocateBPFMaps reduces the per-packet latency at the expense of up-front memory allocation. Default: true' + description: |- + PreallocateBPFMaps reduces the per-packet latency at the expense of up-front memory allocation. + Default: true type: boolean registry: description: Registry overrides the default Cilium container registry (quay.io) type: string sidecarIstioProxyImage: - description: 'SidecarIstioProxyImage is the regular expression matching compatible Istio sidecar istio-proxy container image names. Default: cilium/istio_proxy' + description: |- + SidecarIstioProxyImage is the regular expression matching compatible Istio sidecar istio-proxy + container image names. + Default: cilium/istio_proxy type: string toFQDNsDNSRejectResponseCode: - description: 'ToFQDNsDNSRejectResponseCode sets the DNS response code for rejecting DNS requests. Possible values are "nameError" or "refused". Default: refused' + description: |- + ToFQDNsDNSRejectResponseCode sets the DNS response code for rejecting DNS requests. + Possible values are "nameError" or "refused". + Default: refused type: string toFQDNsEnablePoller: - description: 'ToFQDNsEnablePoller replaces the DNS proxy-based implementation of FQDN policies with the less powerful legacy implementation. Default: false' + description: |- + ToFQDNsEnablePoller replaces the DNS proxy-based implementation of FQDN policies + with the less powerful legacy implementation. + Default: false type: boolean tunnel: - description: 'Tunnel specifies the Cilium tunnelling mode. Possible values are "vxlan", "geneve", or "disabled". Default: vxlan' + description: |- + Tunnel specifies the Cilium tunnelling mode. Possible values are "vxlan", "geneve", or "disabled". + Default: vxlan type: string version: description: Version is the version of the Cilium agent and the Cilium Operator. type: string type: object classic: - description: ClassicNetworkingSpec is the specification of classic networking mode, integrated into kubernetes. Support been removed since Kubernetes 1.4. + description: |- + ClassicNetworkingSpec is the specification of classic networking mode, integrated into kubernetes. + Support been removed since Kubernetes 1.4. type: object cni: description: CNINetworkingSpec is the specification for networking that is implemented by a user-provided Daemonset, which uses the CNI kubelet networking plugin. @@ -3720,11 +4632,18 @@ spec: format: int32 type: integer type: object - gce: - description: GCENetworkingSpec is the specification of GCE's native networking mode, using IP aliases + gcp: + description: GCPNetworkingSpec is the specification of GCP's native networking mode, using IP aliases. type: object isolateControlPlane: - description: 'IsolateControlPlane determines whether we should lock down masters so that they are not on the pod network. true is the kube-up behaviour, but it is very surprising: it means that daemonsets only work on the master if they have hostNetwork=true. false is now the default, and it will: * give the master a normal PodCIDR * run kube-proxy on the master * enable debugging handlers on the master, so kubectl logs works' + description: |- + IsolateControlPlane determines whether we should lock down masters so that they are not on the pod network. + true is the kube-up behaviour, but it is very surprising: it means that daemonsets only work on the master + if they have hostNetwork=true. + false is now the default, and it will: + * give the master a normal PodCIDR + * run kube-proxy on the master + * enable debugging handlers on the master, so kubectl logs works type: boolean kopeio: description: KopeioNetworkingSpec declares that we want Kopeio networking @@ -3736,7 +4655,9 @@ spec: description: KubenetNetworkingSpec is the specification for kubenet networking, largely integrated but intended to replace classic type: object lyftvpc: - description: LyftVPCNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking. Lyft VPC is deprecated as of kOps 1.22 and removed as of kOps 1.23. + description: |- + LyftVPCNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking. + Lyft VPC is deprecated as of kOps 1.22 and removed as of kOps 1.23. properties: subnetTags: additionalProperties: @@ -3744,19 +4665,28 @@ spec: type: object type: object networkCIDR: - description: NetworkCIDR is the primary IPv4 CIDR used for the cloud provider's network. It is not required on GCE. On DO, it maps to the VPC CIDR. + description: |- + NetworkCIDR is the primary IPv4 CIDR used for the cloud provider's network. + It is not required on GCE. + On DO, it maps to the VPC CIDR. type: string networkID: - description: NetworkID is the cloud provider's identifier of the existing network (for example, AWS VPC) the cluster should use. If not specified, kOps will create a new network. + description: |- + NetworkID is the cloud provider's identifier of the existing network (for example, AWS VPC) the cluster should use. + If not specified, kOps will create a new network. type: string nonMasqueradeCIDR: - description: NonMasqueradeCIDR is the CIDR for the internal k8s network (on which pods & services live) It cannot overlap ServiceClusterIPRange + description: |- + NonMasqueradeCIDR is the CIDR for the internal k8s network (on which pods & services live) + It cannot overlap ServiceClusterIPRange type: string podCIDR: description: PodCIDR is the CIDR from which we allocate IPs for pods type: string romana: - description: RomanaNetworkingSpec declares that we want Romana networking Romana is deprecated as of kOps 1.18 and removed as of kOps 1.19. + description: |- + RomanaNetworkingSpec declares that we want Romana networking + Romana is deprecated as of kOps 1.18 and removed as of kOps 1.19. properties: daemonServiceIP: description: DaemonServiceIP is the Kubernetes Service IP for the romana-daemon pod @@ -3771,7 +4701,9 @@ spec: subnets: description: Subnets are the subnets that the cluster can use. items: - description: 'ClusterSubnetSpec defines a subnet TODO: move to networking.go' + description: |- + ClusterSubnetSpec defines a subnet + TODO: move to networking.go properties: additionalRoutes: description: AdditionalRoutes to attach to the subnet's route table @@ -3818,10 +4750,18 @@ spec: description: 'TagSubnets controls if tags are added to subnets to enable use by load balancers (AWS only). Default: true.' type: boolean topology: - description: Topology defines the type of network topology to use on the cluster - default public This is heavily weighted towards AWS for the time being, but should also be agnostic enough to port out to GCE later if needed + description: |- + Topology defines the type of network topology to use on the cluster - default public + This is heavily weighted towards AWS for the time being, but should also be agnostic enough + to port out to GCE later if needed properties: bastion: - description: Bastion provide an external facing point of entry into a network containing private network instances. This host can provide a single point of fortification or audit and can be started and stopped to enable or disable inbound SSH communication from the Internet. Some call the bastion the "jump server". + description: |- + Bastion provide an external facing point of entry into a network + containing private network instances. This host can provide a single + point of fortification or audit and can be started and stopped to enable + or disable inbound SSH communication from the Internet. Some call the bastion + the "jump server". properties: loadBalancer: description: LoadBalancer contains settings for the load balancer fronting bastion instances. @@ -3834,15 +4774,9 @@ spec: description: PublicName is the domain name for the bastion load balancer. type: string type: object - controlPlane: - description: ControlPlane specifies the environment for launching the control plane nodes. (public, private) - type: string dns: description: DNS specifies the environment for hosted DNS zones. (Public, Private, None) type: string - nodes: - description: Nodes specifies the environment for launching the worker nodes. (public, private) - type: string type: object weave: description: WeaveNetworkingSpec declares that we want Weave networking @@ -3969,18 +4903,24 @@ spec: anyOf: - type: integer - type: string - description: 'CPULimit of NodeProblemDetector container. Default: 10m' + description: |- + CPULimit of NodeProblemDetector container. + Default: 10m pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true cpuRequest: anyOf: - type: integer - type: string - description: 'CPURequest of NodeProblemDetector container. Default: 10m' + description: |- + CPURequest of NodeProblemDetector container. + Default: 10m pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true enabled: - description: 'Enabled enables the NodeProblemDetector. Default: false' + description: |- + Enabled enables the NodeProblemDetector. + Default: false type: boolean image: description: Image is the NodeProblemDetector docker container used. @@ -3989,14 +4929,18 @@ spec: anyOf: - type: integer - type: string - description: 'MemoryLimit of NodeProblemDetector container. Default: 80Mi' + description: |- + MemoryLimit of NodeProblemDetector container. + Default: 80Mi pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memoryRequest: anyOf: - type: integer - type: string - description: 'MemoryRequest of NodeProblemDetector container. Default: 80Mi' + description: |- + MemoryRequest of NodeProblemDetector container. + Default: 80Mi pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -4004,31 +4948,53 @@ spec: description: NTPConfig is the configuration for NTP. properties: managed: - description: Managed controls if the NTP configuration is managed by kOps. The NTP configuration task is skipped if this is set to false. + description: |- + Managed controls if the NTP configuration is managed by kOps. + The NTP configuration task is skipped if this is set to false. type: boolean type: object rollingUpdate: description: RollingUpdate defines the default rolling-update settings for instance groups. properties: drainAndTerminate: - description: DrainAndTerminate enables draining and terminating nodes during rolling updates. Defaults to true. + description: |- + DrainAndTerminate enables draining and terminating nodes during rolling updates. + Defaults to true. type: boolean maxSurge: anyOf: - type: integer - type: string - description: 'MaxSurge is the maximum number of extra nodes that can be created during the update. The value can be an absolute number (for example 5) or a percentage of desired machines (for example 10%). The absolute number is calculated from a percentage by rounding up. Has no effect on instance groups with role "Master". Defaults to 1 on AWS, 0 otherwise. Example: when this is set to 30%, the InstanceGroup can be scaled up immediately when the rolling update starts, such that the total number of old and new nodes do not exceed 130% of desired nodes.' + description: |- + MaxSurge is the maximum number of extra nodes that can be created + during the update. + The value can be an absolute number (for example 5) or a percentage of + desired machines (for example 10%). + The absolute number is calculated from a percentage by rounding up. + Has no effect on instance groups with role "Master". + Defaults to 1 on AWS, 0 otherwise. + Example: when this is set to 30%, the InstanceGroup can be scaled + up immediately when the rolling update starts, such that the total + number of old and new nodes do not exceed 130% of desired + nodes. x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: integer - type: string - description: 'MaxUnavailable is the maximum number of nodes that can be unavailable during the update. The value can be an absolute number (for example 5) or a percentage of desired nodes (for example 10%). The absolute number is calculated from a percentage by rounding down. Defaults to 1 if MaxSurge is 0, otherwise defaults to 0. Example: when this is set to 30%, the InstanceGroup can be scaled down to 70% of desired nodes immediately when the rolling update starts. Once new nodes are ready, more old nodes can be drained, ensuring that the total number of nodes available at all times during the update is at least 70% of desired nodes.' + description: |- + MaxUnavailable is the maximum number of nodes that can be unavailable during the update. + The value can be an absolute number (for example 5) or a percentage of desired + nodes (for example 10%). + The absolute number is calculated from a percentage by rounding down. + Defaults to 1 if MaxSurge is 0, otherwise defaults to 0. + Example: when this is set to 30%, the InstanceGroup can be scaled + down to 70% of desired nodes immediately when the rolling update + starts. Once new nodes are ready, more old nodes can be drained, + ensuring that the total number of nodes available at all times + during the update is at least 70% of desired nodes. x-kubernetes-int-or-string: true type: object - secretStore: - description: SecretStore is the VFS path to where secrets are stored - type: string serviceAccountIssuerDiscovery: description: ServiceAccountIssuerDiscovery configures the OIDC Issuer for ServiceAccounts. properties: @@ -4063,7 +5029,10 @@ spec: description: SSHKeyName specifies a preexisting SSH key to use type: string sysctlParameters: - description: SysctlParameters will configure kernel parameters using sysctl(8). When specified, each parameter must follow the form variable=value, the way it would appear in sysctl.conf. + description: |- + SysctlParameters will configure kernel parameters using sysctl(8). When + specified, each parameter must follow the form variable=value, the way + it would appear in sysctl.conf. items: type: string type: array @@ -4086,11 +5055,19 @@ spec: type: object type: object updatePolicy: - description: 'UpdatePolicy determines the policy for applying upgrades automatically. Valid values: ''automatic'' (default): apply updates automatically (apply OS security upgrades, avoiding rebooting when possible) ''external'': do not apply updates automatically; they are applied manually or by an external system' + description: |- + UpdatePolicy determines the policy for applying upgrades automatically. + Valid values: + 'automatic' (default): apply updates automatically (apply OS security upgrades, avoiding rebooting when possible) + 'external': do not apply updates automatically; they are applied manually or by an external system type: string useHostCertificates: - description: UseHostCertificates will mount /etc/ssl/certs to inside needed containers. This is needed if some APIs do have self-signed certs + description: |- + UseHostCertificates will mount /etc/ssl/certs to inside needed containers. + This is needed if some APIs do have self-signed certs type: boolean + required: + - configStore type: object kopsSecret: description: KopsSecret is a reference to the Kubernetes Secret that holds a list of Kops Secrets @@ -4099,22 +5076,40 @@ spec: description: API version of the referent. type: string fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic @@ -4145,23 +5140,37 @@ spec: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -4170,7 +5179,9 @@ spec: type: object type: array failureMessage: - description: ErrorMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message. + description: |- + ErrorMessage indicates that there is a terminal problem reconciling the + state, and will be set to a descriptive error message. type: string paused: default: false @@ -4178,7 +5189,9 @@ spec: type: boolean ready: default: false - description: Ready denotes that the API Server is ready to receive requests. + description: |- + Ready denotes that the API Server is ready to + receive requests. type: boolean secrets: description: Secrets are the list of custom secrets created with the controller @@ -4188,175 +5201,5586 @@ spec: type: object type: object served: true - storage: true + storage: false subresources: status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.10.0 - creationTimestamp: null - labels: - cluster.x-k8s.io/v1beta1: v1alpha1 - name: kopsmachinepools.infrastructure.cluster.x-k8s.io -spec: - group: infrastructure.cluster.x-k8s.io - names: - kind: KopsMachinePool - listKind: KopsMachinePoolList - plural: kopsmachinepools - shortNames: - - kmp - singular: kopsmachinepool - scope: Namespaced - versions: - additionalPrinterColumns: + - jsonPath: .status.paused + name: Paused + type: string - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1alpha1 + - jsonPath: .spec.controllerClass + name: ControllerClass + type: string + name: v1alpha2 schema: openAPIV3Schema: - description: KopsMachinePool is the Schema for the kopsmachinepools API + description: KopsControlPlane is the Schema for the kopscontrolplanes API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: - description: KopsMachinePoolSpec defines the desired state of KopsMachinePool + description: KopsControlPlaneSpec defines the desired state of KopsControlPlane properties: - clusterName: - description: ClusterName is the name of the Cluster this object belongs to. - minLength: 1 + SSHPublicKey: + description: SSHPublicKey is the SSH public key added in the nodes; required on AWS type: string - karpenterProvisioners: - description: KarpenterProvisioners is the list of provisioners to be applied. - items: - description: Provisioner is the Schema for the Provisioners API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + controllerClass: + description: ControllerClass is the identifier associated with the controllers that defines which controller will reconcile the resource. + type: string + identityRef: + description: IdentityRef is a reference to a identity to be used when reconciling this cluster + properties: + kind: + type: string + name: + type: string + namespace: + type: string + required: + - kind + - name + - namespace + type: object + kopsClusterAddons: + description: 'KopsClusterAddons is intended to pass additional objects to the cluster: https://kops.sigs.k8s.io/addon_objects/#kubeschedulerconfiguration-group-kubeschedulerconfigk8sio' + type: string + kopsClusterSpec: + description: 'KopsClusterSpec declare the desired Cluster Kops resource: https://kops.sigs.k8s.io/cluster_spec/' + properties: + DisableSubnetTags: + description: DisableSubnetTags controls if subnets are tagged in AWS + type: boolean + additionalNetworkCIDRs: + description: |- + AdditionalNetworkCIDRs is a list of additional CIDR used for the AWS VPC + or otherwise allocated to k8s. This is a real CIDR, not the internal k8s network + On AWS, it maps to any additional CIDRs added to a VPC. + items: type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: array + additionalPolicies: + additionalProperties: type: string - metadata: + description: Additional policies to add for roles + type: object + additionalSans: + description: AdditionalSANs adds additional Subject Alternate Names to apiserver cert that kops generates + items: + type: string + type: array + addons: + description: Additional addons that should be installed on the cluster + items: + description: AddonSpec defines an addon that we want to install in the cluster properties: - annotations: - additionalProperties: - type: string - type: object - finalizers: - items: - type: string - type: array - labels: - additionalProperties: - type: string - type: object - name: - type: string - namespace: + manifest: + description: Manifest is a path to the manifest that defines the addon type: string type: object - spec: - description: ProvisionerSpec is the top level provisioner specification. Provisioners launch nodes in response to pods that are unschedulable. A single provisioner is capable of managing a diverse set of nodes. Node properties are determined from a combination of provisioner and pod scheduling constraints. - properties: - annotations: - additionalProperties: - type: string - description: Annotations are applied to every node. - type: object - consolidation: - description: Consolidation are the consolidation parameters - properties: - enabled: - description: Enabled enables consolidation if it has been set - type: boolean - type: object - kubeletConfiguration: - description: KubeletConfiguration are options passed to the kubelet when provisioning nodes - properties: - clusterDNS: - description: clusterDNS is a list of IP addresses for the cluster DNS server. Note that not all providers may use all addresses. - items: - type: string - type: array - containerRuntime: - description: ContainerRuntime is the container runtime to be used with your worker nodes. - type: string - cpuCFSQuota: - description: CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits. - type: boolean - evictionHard: - additionalProperties: - type: string - description: EvictionHard is the map of signal names to quantities that define hard eviction thresholds - type: object - evictionMaxPodGracePeriod: - description: EvictionMaxPodGracePeriod is the maximum allowed grace period (in seconds) to use when terminating pods in response to soft eviction thresholds being met. - format: int32 - type: integer - evictionSoft: - additionalProperties: + type: array + api: + description: API field controls how the API is exposed outside the cluster + properties: + dns: + description: DNS will be used to provide config on kube-apiserver ELB DNS + type: object + loadBalancer: + description: LoadBalancer is the configuration for the kube-apiserver ELB + properties: + accessLog: + description: AccessLog is the configuration of access logs + properties: + bucket: + description: Bucket is S3 bucket name to store the logs in type: string - description: EvictionSoft is the map of signal names to quantities that define soft eviction thresholds - type: object - evictionSoftGracePeriod: - additionalProperties: + bucketPrefix: + description: BucketPrefix is S3 bucket prefix. Logs are stored in the root if not configured. type: string - description: EvictionSoftGracePeriod is the map of signal names to quantities that define grace periods for each eviction signal - type: object - imageGCHighThresholdPercent: - description: ImageGCHighThresholdPercent is the percent of disk usage after which image garbage collection is always run. The percent is calculated by dividing this field value by 100, so this field must be between 0 and 100, inclusive. When specified, the value must be greater than ImageGCLowThresholdPercent. - format: int32 - maximum: 100 - minimum: 0 - type: integer - imageGCLowThresholdPercent: - description: ImageGCLowThresholdPercent is the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. The percent is calculated by dividing this field value by 100, so the field value must be between 0 and 100, inclusive. When specified, the value must be less than imageGCHighThresholdPercent - format: int32 - maximum: 100 - minimum: 0 - type: integer - kubeReserved: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: KubeReserved contains resources reserved for Kubernetes system components. - type: object - maxPods: - description: MaxPods is an override for the maximum number of pods that can run on a worker node instance. - format: int32 - minimum: 0 - type: integer - podsPerCore: - description: PodsPerCore is an override for the number of pods that can run on a worker node instance based on the number of cpu cores. This value cannot exceed MaxPods, so, if MaxPods is a lower value, that value will be used. - format: int32 - minimum: 0 - type: integer - systemReserved: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: SystemReserved contains resources reserved for OS system daemons and kernel memory. - type: object - type: object - labels: - additionalProperties: + interval: + description: Interval is publishing interval in minutes. This parameter is only used with classic load balancer. + type: integer + type: object + additionalSecurityGroups: + description: AdditionalSecurityGroups attaches additional security groups (e.g. sg-123456). + items: + type: string + type: array + class: + description: 'LoadBalancerClass specifies the class of load balancer to create: Classic, Network' + type: string + crossZoneLoadBalancing: + description: CrossZoneLoadBalancing allows you to enable the cross zone load balancing + type: boolean + idleTimeoutSeconds: + description: IdleTimeoutSeconds sets the timeout of the api loadbalancer. + format: int64 + type: integer + securityGroupOverride: + description: SecurityGroupOverride overrides the default Kops created SG for the load balancer. + type: string + sslCertificate: + description: SSLCertificate allows you to specify the ACM cert to be used the LB + type: string + sslPolicy: + description: SSLPolicy allows you to overwrite the LB listener's Security Policy + type: string + subnets: + description: Subnets allows you to specify the subnets that must be used for the load balancer + items: + description: LoadBalancerSubnetSpec provides configuration for subnets used for a load balancer + properties: + allocationId: + description: AllocationID specifies the Elastic IP Allocation ID for use by a NLB + type: string + name: + description: Name specifies the name of the cluster subnet + type: string + privateIPv4Address: + description: PrivateIPv4Address specifies the private IPv4 address to use for a NLB + type: string + type: object + type: array + type: + description: Type of load balancer to create may Public or Internal. + type: string + useForInternalApi: + description: UseForInternalAPI indicates whether the LB should be used by the kubelet + type: boolean + type: object + type: object + assets: + description: Alternative locations for files and containers + properties: + containerProxy: + description: ContainerProxy is a url for a pull-through proxy of a docker registry + type: string + containerRegistry: + description: ContainerRegistry is a url for to a docker registry + type: string + fileRepository: + description: FileRepository is the url for a private file serving repository + type: string + type: object + authentication: + description: Authentication field controls how the cluster is configured for authentication + properties: + aws: + properties: + backendMode: + description: BackendMode is the AWS IAM Authenticator backend to use. Default MountedFile + type: string + clusterID: + description: ClusterID identifies the cluster performing authentication to prevent certain replay attacks. Default master public DNS name + type: string + cpuLimit: + anyOf: + - type: integer + - type: string + description: CPULimit CPU limit of AWS IAM Authenticator container. Default 10m + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cpuRequest: + anyOf: + - type: integer + - type: string + description: CPURequest CPU request of AWS IAM Authenticator container. Default 10m + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + identityMappings: + description: IdentityMappings maps IAM Identities to Kubernetes users/groups + items: + properties: + arn: + description: Arn of the IAM User or IAM Role to be allowed to authenticate + type: string + groups: + description: Groups to be attached to your users/roles + items: + type: string + type: array + username: + description: Username that Kubernetes will see the user as + type: string + type: object + type: array + image: + description: Image is the AWS IAM Authenticator docker image to uses + type: string + memoryLimit: + anyOf: + - type: integer + - type: string + description: MemoryLimit memory limit of AWS IAM Authenticator container. Default 20Mi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memoryRequest: + anyOf: + - type: integer + - type: string + description: MemoryRequest memory request of AWS IAM Authenticator container. Default 20Mi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + kopeio: + type: object + type: object + authorization: + description: Authorization field controls how the cluster is configured for authorization + properties: + alwaysAllow: + type: object + rbac: + type: object + type: object + awsLoadBalancerController: + description: AWSLoadbalancerControllerConfig determines the AWS LB controller configuration. + properties: + enableShield: + description: |- + EnableShield specifies whether the controller can enable Shield Advanced. + Default: false + type: boolean + enableWAF: + description: |- + EnableWAF specifies whether the controller can use WAFs (Classic Regional). + Default: false + type: boolean + enableWAFv2: + description: |- + EnableWAFv2 specifies whether the controller can use WAFs (V2). + Default: false + type: boolean + enabled: + description: |- + Enabled enables the loadbalancer controller. + Default: false + type: boolean + version: + description: Version is the container image tag used. + type: string + type: object + certManager: + description: CertManager determines the metrics server configuration. + properties: + defaultIssuer: + description: |- + defaultIssuer sets a default clusterIssuer + Default: none + type: string + enabled: + description: |- + Enabled enables the cert manager. + Default: false + type: boolean + hostedZoneIDs: + description: HostedZoneIDs is a list of route53 hostedzone IDs that cert-manager will be allowed to do dns-01 validation for + items: + type: string + type: array + image: + description: |- + Image is the docker container used. + Default: the latest supported image for the specified kubernetes version. + type: string + managed: + description: |- + Managed controls if cert-manager is manged and deployed by kOps. + The deployment of cert-manager is skipped if this is set to false. + type: boolean + nameservers: + description: |- + nameservers is a list of nameserver IP addresses to use instead of the pod defaults. + Default: none + items: + type: string + type: array + type: object + channel: + description: The Channel we are following + type: string + cloudConfig: + description: CloudConfiguration defines the cloud provider configuration + properties: + awsEBSCSIDriver: + description: AWSEBSCSIDriver is the config for the AWS EBS CSI driver + properties: + enabled: + description: |- + Enabled enables the AWS EBS CSI driver + Default: false + type: boolean + managed: + description: |- + Managed controls if aws-ebs-csi-driver is manged and deployed by kOps. + The deployment of aws-ebs-csi-driver is skipped if this is set to false. + type: boolean + podAnnotations: + additionalProperties: + type: string + description: |- + PodAnnotations are the annotations added to AWS EBS CSI node and controller Pods. + Default: none + type: object + version: + description: |- + Version is the container image tag used. + Default: The latest stable release which is compatible with your Kubernetes version + type: string + volumeAttachLimit: + description: |- + VolumeAttachLimit is the maximum number of volumes attachable per node. + If specified, the limit applies to all nodes. + If not specified, the value is approximated from the instance type. + Default: - + type: integer + type: object + azure: + description: Azure cloud-config options + properties: + adminUser: + description: AdminUser specifies the admin user of VMs. + type: string + resourceGroupName: + description: |- + ResourceGroupName specifies the name of the resource group + where the cluster is built. + If this is empty, kops will create a new resource group + whose name is same as the cluster name. If this is not + empty, kops will not create a new resource group, and + it will just reuse the existing resource group of the name. + This follows the model that kops takes for AWS VPC. + type: string + routeTableName: + description: RouteTableName is the name of the route table attached to the subnet that the cluster is deployed in. + type: string + subscriptionId: + description: SubscriptionID specifies the subscription used for the cluster installation. + type: string + tenantId: + description: TenantID is the ID of the tenant that the cluster is deployed in. + type: string + required: + - tenantId + type: object + disableSecurityGroupIngress: + description: |- + DisableSecurityGroupIngress disables the Cloud Controller Manager's creation + of an AWS Security Group for each load balancer provisioned for a Service (AWS only). + type: boolean + elbSecurityGroup: + description: |- + ElbSecurityGroup specifies an existing AWS Security group for the Cloud Controller + Manager to assign to each ELB provisioned for a Service, instead of creating + one per ELB (AWS only). + type: string + gceServiceAccount: + description: GCEServiceAccount specifies the service account with which the GCE VM runs + type: string + gcpPDCSIDriver: + description: GCPPDCSIDriver is the config for the GCP PD CSI driver + properties: + enabled: + description: Enabled enables the GCP PD CSI driver + type: boolean + type: object + manageStorageClasses: + description: |- + ManageStorageClasses specifies whether kOps should create and maintain a set of + StorageClasses, one of which it nominates as the default class for the cluster. + type: boolean + multizone: + description: GCE cloud-config options + type: boolean + nodeIPFamilies: + description: NodeIPFamilies controls the IP families reported for each node (AWS only). + items: + type: string + type: array + nodeInstancePrefix: + type: string + nodeTags: + type: string + openstack: + description: Openstack cloud-config options + properties: + blockStorage: + properties: + bs-version: + type: string + clusterName: + description: ClusterName sets the --cluster flag for the cinder-csi-plugin to the provided name + type: string + createStorageClass: + description: CreateStorageClass provisions a default class for the Cinder plugin + type: boolean + csiPluginImage: + type: string + csiTopologySupport: + type: boolean + ignore-volume-az: + type: boolean + ignore-volume-microversion: + type: boolean + metricsEnabled: + type: boolean + override-volume-az: + type: string + type: object + insecureSkipVerify: + type: boolean + loadbalancer: + description: OpenstackLoadbalancerConfig defines the config for a neutron loadbalancer + properties: + enableIngressHostname: + type: boolean + flavorID: + type: string + floatingNetwork: + type: string + floatingNetworkID: + type: string + floatingSubnet: + type: string + ingressHostnameSuffix: + type: string + manageSecurityGroups: + type: boolean + method: + type: string + provider: + type: string + subnetID: + type: string + useOctavia: + type: boolean + type: object + metadata: + description: OpenstackMetadata defines config for metadata service related settings + properties: + configDrive: + description: ConfigDrive specifies to use config drive for retrieving user data instead of the metadata service when launching instances + type: boolean + type: object + monitor: + description: OpenstackMonitor defines the config for a health monitor + properties: + delay: + type: string + maxRetries: + type: integer + timeout: + type: string + type: object + network: + description: OpenstackNetwork defines the config for a network + properties: + addressSortOrder: + type: string + availabilityZoneHints: + items: + type: string + type: array + internalNetworkNames: + items: + type: string + type: array + ipv6SupportDisabled: + type: boolean + publicNetworkNames: + items: + type: string + type: array + type: object + router: + description: OpenstackRouter defines the config for a router + properties: + availabilityZoneHints: + items: + type: string + type: array + dnsServers: + type: string + externalNetwork: + type: string + externalSubnet: + type: string + type: object + type: object + spotinstOrientation: + type: string + spotinstProduct: + description: Spotinst cloud-config specs + type: string + vSphereCoreDNSServer: + description: VSphereCoreDNSServer is unused. + type: string + vSphereDatacenter: + description: VShpereDatacenter is unused. + type: string + vSphereDatastore: + description: VSphereDatastore is unused. + type: string + vSpherePassword: + description: VSpherePassword is unused. + type: string + vSphereResourcePool: + description: VSphereResourcePool is unused. + type: string + vSphereServer: + description: VSphereServer is unused. + type: string + vSphereUsername: + description: VSphereUsername is unused. + type: string + type: object + cloudControllerManager: + description: CloudControllerManagerConfig is the configuration of the cloud controller + properties: + allocateNodeCIDRs: + description: |- + AllocateNodeCIDRs enables CIDRs for Pods to be allocated and, if + ConfigureCloudRoutes is true, to be set on the cloud provider. + type: boolean + allowUntaggedCloud: + description: Allow the cluster to run without the cluster-id on cloud instances + type: boolean + cidrAllocatorType: + description: CIDRAllocatorType specifies the type of CIDR allocator to use. + type: string + cloudProvider: + description: CloudProvider is the provider for cloud services. + type: string + clusterCIDR: + description: ClusterCIDR is CIDR Range for Pods in cluster. + type: string + clusterName: + description: ClusterName is the instance prefix for the cluster. + type: string + configureCloudRoutes: + description: ConfigureCloudRoutes enables CIDRs allocated with to be configured on the cloud provider. + type: boolean + controllers: + description: Controllers is a list of controllers to enable on the controller-manager + items: + type: string + type: array + cpuRequest: + anyOf: + - type: integer + - type: string + description: |- + CPURequest of CloudControllerManager container. + Default: 200m + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + enableLeaderMigration: + description: EnableLeaderMigration enables controller leader migration. + type: boolean + image: + description: Image is the OCI image of the cloud controller manager. + type: string + leaderElection: + description: LeaderElection defines the configuration of leader election client. + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaderElectLeaseDuration: + description: |- + leaderElectLeaseDuration is the length in time non-leader candidates + will wait after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced by another candidate + type: string + leaderElectRenewDeadlineDuration: + description: |- + LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. + type: string + leaderElectResourceLock: + description: |- + LeaderElectResourceLock is the type of resource object that is used for locking during + leader election. Supported options are endpoints (default) and `configmaps`. + type: string + leaderElectResourceName: + description: LeaderElectResourceName is the name of resource object that is used for locking during leader election. + type: string + leaderElectResourceNamespace: + description: LeaderElectResourceNamespace is the namespace of resource object that is used for locking during leader election. + type: string + leaderElectRetryPeriod: + description: |- + LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition + and renewal of a leadership. This is only applicable if leader election is enabled. + type: string + type: object + logLevel: + description: LogLevel is the verbosity of the logs. + format: int32 + type: integer + master: + description: Master is the url for the kube api master. + type: string + nodeStatusUpdateFrequency: + description: 'NodeStatusUpdateFrequency is the duration between node status updates. (default: 5m)' + type: string + useServiceAccountCredentials: + description: UseServiceAccountCredentials controls whether we use individual service account credentials for each controller. + type: boolean + type: object + cloudLabels: + additionalProperties: + type: string + description: CloudLabels defines additional tags or labels on cloud provider resources + type: object + cloudProvider: + description: The CloudProvider to use (aws or gce) + type: string + clusterAutoscaler: + description: ClusterAutoscaler defines the cluaster autoscaler configuration. + properties: + awsUseStaticInstanceList: + description: |- + AWSUseStaticInstanceList makes the cluster autoscaler to use statically defined set of AWS EC2 Instance List. + Default: false + type: boolean + balanceSimilarNodeGroups: + description: |- + BalanceSimilarNodeGroups makes the cluster autoscaler treat similar node groups as one. + Default: false + type: boolean + cordonNodeBeforeTerminating: + description: |- + CordonNodeBeforeTerminating should CA cordon nodes before terminating during downscale process + Default: false + type: boolean + cpuRequest: + anyOf: + - type: integer + - type: string + description: |- + CPURequest of cluster autoscaler container. + Default: 100m + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + createPriorityExpanderConfig: + description: |- + CreatePriorityExpenderConfig makes kOps create the priority-expander ConfigMap + Default: true + type: boolean + customPriorityExpanderConfig: + additionalProperties: + items: + type: string + type: array + description: |- + CustomPriorityExpanderConfig overides the priority-expander ConfigMap with the provided configuration. Any InstanceGroup configuration will be ignored if this is set. + This could be useful in order to use regex on priorities configuration + type: object + enabled: + description: |- + Enabled enables the cluster autoscaler. + Default: false + type: boolean + expander: + description: |- + Expander determines the strategy for which instance group gets expanded. + Supported values: least-waste, most-pods, random, price, priority. + The price expander is only supported on GCE. + By default, kOps will generate the priority expander ConfigMap based on the `autoscale` and `autoscalePriority` fields in the InstanceGroup specs. + Default: least-waste + type: string + ignoreDaemonSetsUtilization: + description: |- + IgnoreDaemonSetsUtilization causes the cluster autoscaler to ignore DaemonSet-managed pods when calculating resource utilization for scaling down. + Default: false + type: boolean + image: + description: |- + Image is the docker container used. + Default: the latest supported image for the specified kubernetes version. + type: string + maxNodeProvisionTime: + description: MaxNodeProvisionTime determines how long CAS will wait for a node to join the cluster. + type: string + memoryRequest: + anyOf: + - type: integer + - type: string + description: |- + MemoryRequest of cluster autoscaler container. + Default: 300Mi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + newPodScaleUpDelay: + description: |- + NewPodScaleUpDelay causes the cluster autoscaler to ignore unschedulable pods until they are a certain "age", regardless of the scan-interval + Default: 0s + type: string + podAnnotations: + additionalProperties: + type: string + description: |- + PodAnnotations are the annotations added to cluster autoscaler pods when they are created. + Default: none + type: object + scaleDownDelayAfterAdd: + description: |- + ScaleDownDelayAfterAdd determines the time after scale up that scale down evaluation resumes + Default: 10m0s + type: string + scaleDownUnneededTime: + description: |- + scaleDownUnneededTime determines the time a node should be unneeded before it is eligible for scale down + Default: 10m0s + type: string + scaleDownUnreadyTime: + description: |- + ScaleDownUnreadyTime determines the time an unready node should be unneeded before it is eligible for scale down + Default: 20m0s + type: string + scaleDownUtilizationThreshold: + description: |- + ScaleDownUtilizationThreshold determines the utilization threshold for node scale-down. + Default: 0.5 + type: string + skipNodesWithLocalStorage: + description: |- + SkipNodesWithLocalStorage makes the cluster autoscaler skip scale-down of nodes with local storage. + Default: true + type: boolean + skipNodesWithSystemPods: + description: |- + SkipNodesWithSystemPods makes the cluster autoscaler skip scale-down of nodes with non-DaemonSet pods in the kube-system namespace. + Default: true + type: boolean + type: object + clusterDNSDomain: + description: ClusterDNSDomain is the suffix we use for internal DNS names (normally cluster.local) + type: string + configBase: + description: |- + ConfigBase is the path where we store configuration for the cluster + This might be different that the location when the cluster spec itself is stored, + both because this must be accessible to the cluster, + and because it might be on a different cloud or storage system (etcd vs S3) + type: string + configStore: + description: ConfigStore is unused. + type: string + containerRuntime: + description: Container runtime to use for Kubernetes + type: string + containerd: + description: Component configurations + properties: + address: + description: Address of containerd's GRPC server (default "/run/containerd/containerd.sock"). + type: string + configOverride: + description: ConfigOverride is the complete containerd config file provided by the user. + type: string + logLevel: + description: LogLevel controls the logging details [trace, debug, info, warn, error, fatal, panic] (default "info"). + type: string + nvidiaGPU: + description: NvidiaGPU configures the Nvidia GPU runtime. + properties: + dcgmExporter: + description: DCGMExporterConfig configures the DCGM exporter + properties: + enabled: + description: Enabled determines if kOps will install the DCGM exporter + type: boolean + type: object + enabled: + description: |- + Enabled determines if kOps will install the Nvidia GPU runtime and drivers. + They will only be installed on intances that has an Nvidia GPU. + type: boolean + package: + description: |- + Package is the name of the nvidia driver package that will be installed. + Default is "nvidia-headless-460-server". + type: string + type: object + packages: + description: Packages overrides the URL and hash for the packages. + properties: + hashAmd64: + description: HashAmd64 overrides the hash for the AMD64 package. + type: string + hashArm64: + description: HashArm64 overrides the hash for the ARM64 package. + type: string + urlAmd64: + description: UrlAmd64 overrides the URL for the AMD64 package. + type: string + urlArm64: + description: UrlArm64 overrides the URL for the ARM64 package. + type: string + type: object + registryMirrors: + additionalProperties: + items: + type: string + type: array + description: RegistryMirrors is list of image registries + type: object + root: + description: Root directory for persistent data (default "/var/lib/containerd"). + type: string + runc: + description: Runc configures the runc runtime. + properties: + packages: + description: Packages overrides the URL and hash for the packages. + properties: + hashAmd64: + description: HashAmd64 overrides the hash for the AMD64 package. + type: string + hashArm64: + description: HashArm64 overrides the hash for the ARM64 package. + type: string + urlAmd64: + description: UrlAmd64 overrides the URL for the AMD64 package. + type: string + urlArm64: + description: UrlArm64 overrides the URL for the ARM64 package. + type: string + type: object + version: + description: Version used to pick the runc package. + type: string + type: object + selinuxEnabled: + description: SelinuxEnabled enables SELinux support + type: boolean + skipInstall: + description: SkipInstall prevents kOps from installing and modifying containerd in any way (default "false"). + type: boolean + state: + description: State directory for execution state files (default "/run/containerd"). + type: string + version: + description: Version used to pick the containerd package. + type: string + type: object + dnsControllerGossipConfig: + description: DNSControllerGossipConfig for the cluster assuming the use of gossip DNS + properties: + listen: + type: string + protocol: + type: string + secondary: + properties: + listen: + type: string + protocol: + type: string + secret: + type: string + seed: + type: string + type: object + secret: + type: string + seed: + type: string + type: object + dnsZone: + description: |- + DNSZone is the DNS zone we should use when configuring DNS + This is because some clouds let us define a managed zone foo.bar, and then have + kubernetes.dev.foo.bar, without needing to define dev.foo.bar as a hosted zone. + DNSZone will probably be a suffix of the MasterPublicName. + Note that DNSZone can either by the host name of the zone (containing dots), + or can be an identifier for the zone. + type: string + docker: + description: DockerConfig is the configuration for docker + properties: + authorizationPlugins: + description: AuthorizationPlugins is a list of authorization plugins + items: + type: string + type: array + bridge: + description: Bridge is the network interface containers should bind onto + type: string + bridgeIP: + description: BridgeIP is a specific IP address and netmask for the docker0 bridge, using standard CIDR notation + type: string + dataRoot: + description: DataRoot is the root directory of persistent docker state (default "/var/lib/docker") + type: string + defaultRuntime: + description: DefaultRuntime is the default OCI runtime for containers (default "runc") + type: string + defaultUlimit: + description: DefaultUlimit is the ulimits for containers + items: + type: string + type: array + dns: + description: DNS is the IP address of the DNS server + items: + type: string + type: array + execOpt: + description: ExecOpt is a series of options passed to the runtime + items: + type: string + type: array + execRoot: + description: ExecRoot is the root directory for execution state files (default "/var/run/docker") + type: string + experimental: + description: Experimental features permits enabling new features such as dockerd metrics + type: boolean + healthCheck: + description: HealthCheck enables the periodic health-check service + type: boolean + hosts: + description: Hosts enables you to configure the endpoints the docker daemon listens on i.e. tcp://0.0.0.0.2375 or unix:///var/run/docker.sock etc + items: + type: string + type: array + insecureRegistries: + description: InsecureRegistries enables multiple insecure docker registry communications + items: + type: string + type: array + insecureRegistry: + description: InsecureRegistry enable insecure registry communication @question according to dockers this a list?? + type: string + ipMasq: + description: IPMasq enables ip masquerading for containers + type: boolean + ipTables: + description: IPtables enables addition of iptables rules + type: boolean + liveRestore: + description: LiveRestore enables live restore of docker when containers are still running + type: boolean + logDriver: + description: LogDriver is the default driver for container logs (default "json-file") + type: string + logLevel: + description: LogLevel is the logging level ("debug", "info", "warn", "error", "fatal") (default "info") + type: string + logOpt: + description: Logopt is a series of options given to the log driver options for containers + items: + type: string + type: array + maxConcurrentDownloads: + description: MaxConcurrentDownloads sets the max concurrent downloads for each pull + format: int32 + type: integer + maxConcurrentUploads: + description: MaxConcurrentUploads sets the max concurrent uploads for each push + format: int32 + type: integer + maxDownloadAttempts: + description: MaxDownloadAttempts sets the max download attempts for each pull + format: int32 + type: integer + metricsAddress: + description: Metrics address is the endpoint to serve with Prometheus format metrics + type: string + mtu: + description: MTU is the containers network MTU + format: int32 + type: integer + packages: + description: Packages overrides the URL and hash for the packages. + properties: + hashAmd64: + description: HashAmd64 overrides the hash for the AMD64 package. + type: string + hashArm64: + description: HashArm64 overrides the hash for the ARM64 package. + type: string + urlAmd64: + description: UrlAmd64 overrides the URL for the AMD64 package. + type: string + urlArm64: + description: UrlArm64 overrides the URL for the ARM64 package. + type: string + type: object + registryMirrors: + description: RegistryMirrors is a referred list of docker registry mirror + items: + type: string + type: array + runtimes: + description: Runtimes registers an additional OCI compatible runtime (default []) + items: + type: string + type: array + selinuxEnabled: + description: SelinuxEnabled enables SELinux support + type: boolean + skipInstall: + description: SkipInstall when set to true will prevent kops from installing and modifying Docker in any way + type: boolean + storage: + description: Storage is the docker storage driver to use + type: string + storageOpts: + description: StorageOpts is a series of options passed to the storage driver + items: + type: string + type: array + userNamespaceRemap: + description: UserNamespaceRemap sets the user namespace remapping option for the docker daemon + type: string + version: + description: Version is consumed by the nodeup and used to pick the docker version + type: string + type: object + egressProxy: + description: HTTPProxy defines connection information to support use of a private cluster behind an forward HTTP Proxy + properties: + excludes: + type: string + httpProxy: + properties: + host: + type: string + port: + type: integer + type: object + type: object + encryptionConfig: + description: EncryptionConfig holds the encryption config + type: boolean + etcdClusters: + description: EtcdClusters stores the configuration for each cluster + items: + description: EtcdClusterSpec is the etcd cluster specification + properties: + backups: + description: Backups describes how we do backups of etcd + properties: + backupStore: + description: BackupStore is the VFS path where we will read/write backup data + type: string + image: + description: Image is the etcd backup manager image to use. Setting this will create a sidecar container in the etcd pod with the specified image. + type: string + type: object + cpuRequest: + anyOf: + - type: integer + - type: string + description: CPURequest specifies the cpu requests of each etcd container in the cluster. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + enableEtcdTLS: + description: EnableEtcdTLS is unused. + type: boolean + enableTLSAuth: + description: EnableTLSAuth is unused. + type: boolean + etcdMembers: + description: Members stores the configurations for each member of the cluster (including the data volume) + items: + description: EtcdMemberSpec is a specification for a etcd member + properties: + encryptedVolume: + description: EncryptedVolume indicates you want to encrypt the volume + type: boolean + instanceGroup: + description: InstanceGroup is the instanceGroup this volume is associated + type: string + kmsKeyId: + description: KmsKeyID is a AWS KMS ID used to encrypt the volume + type: string + name: + description: Name is the name of the member within the etcd cluster + type: string + volumeIops: + description: If volume type is io1, then we need to specify the number of IOPS. + format: int32 + type: integer + volumeSize: + description: VolumeSize is the underlying cloud volume size + format: int32 + type: integer + volumeThroughput: + description: Parameter for disks that support provisioned throughput + format: int32 + type: integer + volumeType: + description: VolumeType is the underlying cloud storage class + type: string + type: object + type: array + heartbeatInterval: + description: HeartbeatInterval is the time (in milliseconds) for an etcd heartbeat interval + type: string + image: + description: Image is the etcd docker image to use. Setting this will ignore the Version specified. + type: string + leaderElectionTimeout: + description: LeaderElectionTimeout is the time (in milliseconds) for an etcd leader election timeout + type: string + manager: + description: Manager describes the manager configuration + properties: + backupInterval: + description: BackupInterval which is used for backups. The default is 15 minutes. + type: string + backupRetentionDays: + description: BackupRetentionDays which is used for backups. The default is 90 days. + format: int32 + type: integer + discoveryPollInterval: + description: DiscoveryPollInterval which is used for discovering other cluster members. The default is 60 seconds. + type: string + env: + description: |- + Env allows users to pass in env variables to the etcd-manager container. + Variables starting with ETCD_ will be further passed down to the etcd process. + This allows etcd setting to be configured/overwriten. No config validation is done. + A list of etcd config ENV vars can be found at https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/configuration.md + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + required: + - name + type: object + type: array + image: + description: Image is the etcd manager image to use. + type: string + listenMetricsURLs: + description: ListenMetricsURLs is the list of URLs to listen on that will respond to both the /metrics and /health endpoints + items: + type: string + type: array + logLevel: + description: |- + LogLevel allows the klog library verbose log level to be set for etcd-manager. The default is 6. + https://github.com/google/glog#verbose-logging + format: int32 + type: integer + type: object + memoryRequest: + anyOf: + - type: integer + - type: string + description: MemoryRequest specifies the memory requests of each etcd container in the cluster. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: Name is the name of the etcd cluster (main, events etc) + type: string + provider: + description: |- + Provider is the provider used to run etcd: Manager, Legacy. + Defaults to Manager. + type: string + version: + description: Version is the version of etcd to run. + type: string + type: object + type: array + externalDns: + description: ExternalDNSConfig are options of the dns-controller + properties: + disable: + description: Disable indicates we do not wish to run the dns-controller addon + type: boolean + provider: + description: |- + Provider determines which implementation of ExternalDNS to use. + 'dns-controller' will use kOps DNS Controller. + 'external-dns' will use kubernetes-sigs/external-dns. + type: string + watchIngress: + description: |- + WatchIngress indicates you want the dns-controller to watch and create dns entries for ingress resources. + Default: true if provider is 'external-dns', false otherwise. + type: boolean + watchNamespace: + description: WatchNamespace is namespace to watch, defaults to all (use to control whom can creates dns entries) + type: string + type: object + externalPolicies: + additionalProperties: + items: + type: string + type: array + description: ExternalPolicies allows the insertion of pre-existing managed policies on IG Roles + type: object + fileAssets: + description: A collection of files assets for deployed cluster wide + items: + description: FileAssetSpec defines the structure for a file asset + properties: + content: + description: Content is the contents of the file + type: string + isBase64: + description: IsBase64 indicates the contents is base64 encoded + type: boolean + mode: + description: Mode is this file's mode and permission bits + type: string + name: + description: Name is a shortened reference to the asset + type: string + path: + description: Path is the location this file should reside + type: string + roles: + description: Roles is a list of roles the file asset should be applied, defaults to all + items: + description: InstanceGroupRole string describes the roles of the nodes in this InstanceGroup (master or nodes) + type: string + type: array + type: object + type: array + gossipConfig: + description: GossipConfig for the cluster assuming the use of gossip DNS + properties: + listen: + type: string + protocol: + type: string + secondary: + properties: + listen: + type: string + protocol: + type: string + secret: + type: string + type: object + secret: + type: string + type: object + hooks: + description: Hooks for custom actions e.g. on first installation + items: + description: HookSpec is a definition hook + properties: + before: + description: Before is a series of systemd units which this hook must run before + items: + type: string + type: array + disabled: + description: Disabled indicates if you want the unit switched off + type: boolean + execContainer: + description: ExecContainer is the image itself + properties: + command: + description: Command is the command supplied to the above image + items: + type: string + type: array + environment: + additionalProperties: + type: string + description: Environment is a map of environment variables added to the hook + type: object + image: + description: Image is the docker image + type: string + type: object + manifest: + description: Manifest is a raw systemd unit file + type: string + name: + description: Name is an optional name for the hook, otherwise the name is kops-hook- + type: string + requires: + description: Requires is a series of systemd units the action requires + items: + type: string + type: array + roles: + description: Roles is an optional list of roles the hook should be rolled out to, defaults to all + items: + description: InstanceGroupRole string describes the roles of the nodes in this InstanceGroup (master or nodes) + type: string + type: array + useRawManifest: + description: |- + UseRawManifest indicates that the contents of Manifest should be used as the contents + of the systemd unit, unmodified. Before and Requires are ignored when used together + with this value (and validation shouldn't allow them to be set) + type: boolean + type: object + type: array + iam: + description: IAM field adds control over the IAM security policies applied to resources + properties: + allowContainerRegistry: + type: boolean + legacy: + type: boolean + permissionsBoundary: + type: string + serviceAccountExternalPermissions: + description: ServiceAccountExternalPermissions defines the relationship between Kubernetes ServiceAccounts and permissions with external resources. + items: + description: ServiceAccountExternalPermissions grants a ServiceAccount permissions to external resources. + properties: + aws: + description: AWS grants permissions to AWS resources. + properties: + inlinePolicy: + description: InlinePolicy is an IAM Policy that will be attached inline to the IAM Role. + type: string + policyARNs: + description: PolicyARNs is a list of existing IAM Policies. + items: + type: string + type: array + type: object + name: + description: Name is the name of the Kubernetes ServiceAccount. + type: string + namespace: + description: Namespace is the namespace of the Kubernetes ServiceAccount. + type: string + required: + - name + - namespace + type: object + type: array + useServiceAccountExternalPermissions: + description: |- + UseServiceAccountExternalPermissions determines if managed ServiceAccounts will use external permissions directly. + If this is set to false, ServiceAccounts will assume external permissions from the instances they run on. + type: boolean + required: + - legacy + type: object + isolateMasters: + description: |- + IsolateMasters determines whether we should lock down masters so that they are not on the pod network. + true is the kube-up behaviour, but it is very surprising: it means that daemonsets only work on the master + if they have hostNetwork=true. + false is now the default, and it will: + * give the master a normal PodCIDR + * run kube-proxy on the master + * enable debugging handlers on the master, so kubectl logs works + type: boolean + karpenter: + description: Karpenter defines the Karpenter configuration. + properties: + cpuRequest: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + enabled: + type: boolean + image: + type: string + logEncoding: + type: string + logLevel: + type: string + memoryLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memoryRequest: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + keyStore: + description: KeyStore is the VFS path to where SSL keys and certificates are stored + type: string + kubeAPIServer: + description: KubeAPIServerConfig defines the configuration for the kube api + properties: + address: + description: 'Address is the binding address for the kube api: Deprecated - use insecure-bind-address and bind-address' + type: string + admissionControl: + description: 'AdmissionControl is a list of admission controllers to use: Deprecated - use enable-admission-plugins instead' + items: + type: string + type: array + admissionControlConfigFile: + description: AdmissionControlConfigFile is the location of the admission-control-config-file + type: string + advertiseAddress: + description: AdvertiseAddress is the IP address on which to advertise the apiserver to members of the cluster. + type: string + allowPrivileged: + description: AllowPrivileged indicates if we can run privileged containers + type: boolean + anonymousAuth: + description: AnonymousAuth indicates if anonymous authentication is permitted + type: boolean + apiAudiences: + description: |- + Identifiers of the API. The service account token authenticator will validate that + tokens used against the API are bound to at least one of these audiences. If the + --service-account-issuer flag is configured and this flag is not, this field + defaults to a single element list containing the issuer URL. + items: + type: string + type: array + apiServerCount: + description: APIServerCount is the number of api servers + format: int32 + type: integer + appendAdmissionPlugins: + description: AppendAdmissionPlugins appends list of enabled admission plugins + items: + type: string + type: array + auditDynamicConfiguration: + description: AuditDynamicConfiguration enables dynamic audit configuration via AuditSinks + type: boolean + auditLogFormat: + description: AuditLogFormat flag specifies the format type for audit log files. + type: string + auditLogMaxAge: + description: The maximum number of days to retain old audit log files based on the timestamp encoded in their filename. + format: int32 + type: integer + auditLogMaxBackups: + description: The maximum number of old audit log files to retain. + format: int32 + type: integer + auditLogMaxSize: + description: The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB. + format: int32 + type: integer + auditLogPath: + description: If set, all requests coming to the apiserver will be logged to this file. + type: string + auditPolicyFile: + description: AuditPolicyFile is the full path to a advanced audit configuration file e.g. /srv/kubernetes/audit.conf + type: string + auditWebhookBatchBufferSize: + description: AuditWebhookBatchBufferSize is The size of the buffer to store events before batching and writing. Only used in batch mode. (default 10000) + format: int32 + type: integer + auditWebhookBatchMaxSize: + description: AuditWebhookBatchMaxSize is The maximum size of a batch. Only used in batch mode. (default 400) + format: int32 + type: integer + auditWebhookBatchMaxWait: + description: AuditWebhookBatchMaxWait is The amount of time to wait before force writing the batch that hadn't reached the max size. Only used in batch mode. (default 30s) + type: string + auditWebhookBatchThrottleBurst: + description: AuditWebhookBatchThrottleBurst is Maximum number of requests sent at the same moment if ThrottleQPS was not utilized before. Only used in batch mode. (default 15) + format: int32 + type: integer + auditWebhookBatchThrottleEnable: + description: AuditWebhookBatchThrottleEnable is Whether batching throttling is enabled. Only used in batch mode. (default true) + type: boolean + auditWebhookBatchThrottleQps: + anyOf: + - type: integer + - type: string + description: AuditWebhookBatchThrottleQps is Maximum average number of batches per second. Only used in batch mode. (default 10) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + auditWebhookConfigFile: + description: AuditWebhookConfigFile is Path to a kubeconfig formatted file that defines the audit webhook configuration. Requires the 'AdvancedAuditing' feature gate. + type: string + auditWebhookInitialBackoff: + description: AuditWebhookInitialBackoff is The amount of time to wait before retrying the first failed request. (default 10s) + type: string + auditWebhookMode: + description: AuditWebhookMode is Strategy for sending audit events. Blocking indicates sending events should block server responses. Batch causes the backend to buffer and write events asynchronously. Known modes are batch,blocking. (default "batch") + type: string + authenticationTokenWebhookCacheTtl: + description: The duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s) + type: string + authenticationTokenWebhookConfigFile: + description: File with webhook configuration for token authentication in kubeconfig format. The API server will query the remote service to determine authentication for bearer tokens. + type: string + authorizationMode: + description: AuthorizationMode is the authorization mode the kubeapi is running in + type: string + authorizationRbacSuperUser: + description: AuthorizationRBACSuperUser is the name of the superuser for default rbac + type: string + authorizationWebhookCacheAuthorizedTtl: + description: The duration to cache authorized responses from the webhook token authorizer. Default is 5m. (default 5m0s) + type: string + authorizationWebhookCacheUnauthorizedTtl: + description: The duration to cache authorized responses from the webhook token authorizer. Default is 30s. (default 30s) + type: string + authorizationWebhookConfigFile: + description: File with webhook configuration for authorization in kubeconfig format. The API server will query the remote service to determine whether to authorize the request. + type: string + basicAuthFile: + description: 'TODO: Remove unused BasicAuthFile' + type: string + bindAddress: + description: BindAddress is the binding address for the secure kubernetes API + type: string + clientCAFile: + description: ClientCAFile is the file used by apisever that contains the client CA + type: string + cloudProvider: + description: CloudProvider is the name of the cloudProvider we are using, aws, gce etcd + type: string + corsAllowedOrigins: + description: |- + CorsAllowedOrigins is a list of origins for CORS. An allowed origin can be a regular + expression to support subdomain matching. If this list is empty CORS will not be enabled. + items: + type: string + type: array + cpuLimit: + anyOf: + - type: integer + - type: string + description: CPULimit, cpu limit compute resource for api server e.g. "500m" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cpuRequest: + anyOf: + - type: integer + - type: string + description: CPURequest, cpu request compute resource for api server. Defaults to "150m" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + defaultNotReadyTolerationSeconds: + description: DefaultNotReadyTolerationSeconds + format: int64 + type: integer + defaultUnreachableTolerationSeconds: + description: DefaultUnreachableTolerationSeconds + format: int64 + type: integer + disableAdmissionPlugins: + description: DisableAdmissionPlugins is a list of disabled admission plugins + items: + type: string + type: array + disableBasicAuth: + description: DisableBasicAuth removes the --basic-auth-file flag + type: boolean + enableAdmissionPlugins: + description: EnableAdmissionPlugins is a list of enabled admission plugins + items: + type: string + type: array + enableAggregatorRouting: + description: EnableAggregatorRouting enables aggregator routing requests to endpoints IP rather than cluster IP + type: boolean + enableBootstrapTokenAuth: + description: EnableBootstrapAuthToken enables 'bootstrap.kubernetes.io/token' in the 'kube-system' namespace to be used for TLS bootstrapping authentication + type: boolean + enableProfiling: + description: EnableProfiling enables profiling via web interface host:port/debug/pprof/ + type: boolean + encryptionProviderConfig: + description: EncryptionProviderConfig enables encryption at rest for secrets. + type: string + etcdCaFile: + description: EtcdCAFile is the path to a ca certificate + type: string + etcdCertFile: + description: EtcdCertFile is the path to a certificate + type: string + etcdKeyFile: + description: EtcdKeyFile is the path to a private key + type: string + etcdQuorumRead: + description: EtcdQuorumRead configures the etcd-quorum-read flag, which forces consistent reads from etcd + type: boolean + etcdServers: + description: EtcdServers is a list of the etcd service to connect + items: + type: string + type: array + etcdServersOverrides: + description: 'EtcdServersOverrides is per-resource etcd servers overrides, comma separated. The individual override format: group/resource#servers, where servers are http://ip:port, semicolon separated' + items: + type: string + type: array + eventTTL: + description: Amount of time to retain Kubernetes events + type: string + experimentalEncryptionProviderConfig: + description: ExperimentalEncryptionProviderConfig enables encryption at rest for secrets. + type: string + featureGates: + additionalProperties: + type: string + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. + type: object + http2MaxStreamsPerConnection: + description: HTTP2MaxStreamsPerConnection sets the limit that the server gives to clients for the maximum number of streams in an HTTP/2 connection. Zero means to use golang's default. + format: int32 + type: integer + image: + description: Image is the docker container used + type: string + insecureBindAddress: + description: InsecureBindAddress is the binding address for the InsecurePort for the insecure kubernetes API + type: string + insecurePort: + description: InsecurePort is the port the insecure api runs + format: int32 + type: integer + kubeletCertificateAuthority: + description: KubeletCertificateAuthority is the path of a certificate authority for secure communication between api and kubelet. + type: string + kubeletClientCertificate: + description: KubeletClientCertificate is the path of a certificate for secure communication between api and kubelet + type: string + kubeletClientKey: + description: KubeletClientKey is the path of a private to secure communication between api and kubelet + type: string + kubeletPreferredAddressTypes: + description: KubeletPreferredAddressTypes is a list of the preferred NodeAddressTypes to use for kubelet connections + items: + type: string + type: array + logFormat: + description: |- + LogFormat is the logging format of the api. + Supported values: text, json. + Default: text + type: string + logLevel: + description: LogLevel is the logging level of the api + format: int32 + type: integer + maxMutatingRequestsInflight: + description: MaxMutatingRequestsInflight The maximum number of mutating requests in flight at a given time. Defaults to 200 + format: int32 + type: integer + maxRequestsInflight: + description: MaxRequestsInflight The maximum number of non-mutating requests in flight at a given time. + format: int32 + type: integer + memoryLimit: + anyOf: + - type: integer + - type: string + description: MemoryLimit, memory limit compute resource for api server e.g. "30Mi" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memoryRequest: + anyOf: + - type: integer + - type: string + description: MemoryRequest, memory request compute resource for api server e.g. "30Mi" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + minRequestTimeout: + description: |- + MinRequestTimeout configures the minimum number of seconds a handler must keep a request open before timing it out. + Currently only honored by the watch request handler + format: int32 + type: integer + oidcCAFile: + description: |- + OIDCCAFile if set, the OpenID server's certificate will be verified by one + of the authorities in the oidc-ca-file + type: string + oidcClientID: + description: |- + OIDCClientID is the client ID for the OpenID Connect client, must be set + if oidc-issuer-url is set. + type: string + oidcGroupsClaim: + description: |- + OIDCGroupsClaim if provided, the name of a custom OpenID Connect claim for + specifying user groups. + The claim value is expected to be a string or array of strings. + type: string + oidcGroupsPrefix: + description: |- + OIDCGroupsPrefix is the prefix prepended to group claims to prevent + clashes with existing names (such as 'system:' groups) + type: string + oidcIssuerURL: + description: |- + OIDCIssuerURL is the URL of the OpenID issuer, only HTTPS scheme will + be accepted. + If set, it will be used to verify the OIDC JSON Web Token (JWT). + type: string + oidcRequiredClaim: + description: |- + A key=value pair that describes a required claim in the ID Token. + If set, the claim is verified to be present in the ID Token with a matching value. + Repeat this flag to specify multiple claims. + items: + type: string + type: array + oidcUsernameClaim: + description: |- + OIDCUsernameClaim is the OpenID claim to use as the user name. + Note that claims other than the default ('sub') is not guaranteed to be + unique and immutable. + type: string + oidcUsernamePrefix: + description: |- + OIDCUsernamePrefix is the prefix prepended to username claims to prevent + clashes with existing names (such as 'system:' users). + type: string + proxyClientCertFile: + description: The apiserver's client certificate used for outbound requests. + type: string + proxyClientKeyFile: + description: The apiserver's client key used for outbound requests. + type: string + requestTimeout: + description: RequestTimeout configures the duration a handler must keep a request open before timing it out. (default 1m0s) + type: string + requestheaderAllowedNames: + description: List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed. + items: + type: string + type: array + requestheaderClientCAFile: + description: Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers + type: string + requestheaderExtraHeaderPrefixes: + description: List of request header prefixes to inspect. X-Remote-Extra- is suggested. + items: + type: string + type: array + requestheaderGroupHeaders: + description: List of request headers to inspect for groups. X-Remote-Group is suggested. + items: + type: string + type: array + requestheaderUsernameHeaders: + description: List of request headers to inspect for usernames. X-Remote-User is common. + items: + type: string + type: array + runtimeConfig: + additionalProperties: + type: string + description: RuntimeConfig is a series of keys/values are parsed into the `--runtime-config` parameters + type: object + securePort: + description: SecurePort is the port the kube runs on + format: int32 + type: integer + serviceAccountIssuer: + description: |- + Identifier of the service account token issuer. The issuer will assert this identifier + in "iss" claim of issued tokens. This value is a string or URI. + type: string + serviceAccountJWKSURI: + description: ServiceAccountJWKSURI overrides the path for the jwks document; this is useful when we are republishing the service account discovery information elsewhere. + type: string + serviceAccountKeyFile: + description: |- + File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. + The specified file can contain multiple keys, and the flag can be specified multiple times with different files. + If unspecified, --tls-private-key-file is used. + items: + type: string + type: array + serviceAccountSigningKeyFile: + description: |- + Path to the file that contains the current private key of the service account token issuer. + The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.) + type: string + serviceClusterIPRange: + description: ServiceClusterIPRange is the service address range + type: string + serviceNodePortRange: + description: Passed as --service-node-port-range to kube-apiserver. Expects 'startPort-endPort' format e.g. 30000-33000 + type: string + storageBackend: + description: StorageBackend is the backend storage + type: string + targetRamMb: + description: Memory limit for apiserver in MB (used to configure sizes of caches, etc.) + format: int32 + type: integer + tlsCertFile: + description: 'TODO: Remove unused TLSCertFile' + type: string + tlsCipherSuites: + description: TLSCipherSuites indicates the allowed TLS cipher suite + items: + type: string + type: array + tlsMinVersion: + description: TLSMinVersion indicates the minimum TLS version allowed + type: string + tlsPrivateKeyFile: + description: 'TODO: Remove unused TLSPrivateKeyFile' + type: string + tokenAuthFile: + description: 'TODO: Remove unused TokenAuthFile' + type: string + type: object + kubeControllerManager: + description: KubeControllerManagerConfig is the configuration for the controller + properties: + ClusterSigningDuration: + description: ClusterSigningDuration is the max length of duration that the signed certificates will be given. (default 365*24h) + type: string + allocateNodeCIDRs: + description: AllocateNodeCIDRs enables CIDRs for Pods to be allocated and, if ConfigureCloudRoutes is true, to be set on the cloud provider. + type: boolean + attachDetachReconcileSyncPeriod: + description: |- + ReconcilerSyncLoopPeriod is the amount of time the reconciler sync states loop + wait between successive executions. Is set to 1 min by kops by default + type: string + authenticationKubeconfig: + description: AuthenticationKubeconfig is the path to an Authentication Kubeconfig + type: string + authorizationAlwaysAllowPaths: + description: AuthorizationAlwaysAllowPaths is the list of HTTP paths to skip during authorization + items: + type: string + type: array + authorizationKubeconfig: + description: AuthorizationKubeconfig is the path to an Authorization Kubeconfig + type: string + cidrAllocatorType: + description: CIDRAllocatorType specifies the type of CIDR allocator to use. + type: string + cloudProvider: + description: CloudProvider is the provider for cloud services. + type: string + clusterCIDR: + description: ClusterCIDR is CIDR Range for Pods in cluster. + type: string + clusterName: + description: ClusterName is the instance prefix for the cluster. + type: string + concurrentDeploymentSyncs: + description: The number of deployment objects that are allowed to sync concurrently. + format: int32 + type: integer + concurrentEndpointSyncs: + description: The number of endpoint objects that are allowed to sync concurrently. + format: int32 + type: integer + concurrentNamespaceSyncs: + description: The number of namespace objects that are allowed to sync concurrently. + format: int32 + type: integer + concurrentRcSyncs: + description: |- + The number of replicationcontroller objects that are allowed to sync concurrently. + This only works on kubernetes >= 1.14 + format: int32 + type: integer + concurrentReplicasetSyncs: + description: The number of replicaset objects that are allowed to sync concurrently. + format: int32 + type: integer + concurrentResourceQuotaSyncs: + description: The number of resourcequota objects that are allowed to sync concurrently. + format: int32 + type: integer + concurrentServiceSyncs: + description: The number of service objects that are allowed to sync concurrently. + format: int32 + type: integer + concurrentServiceaccountTokenSyncs: + description: The number of serviceaccount objects that are allowed to sync concurrently to create tokens. + format: int32 + type: integer + configureCloudRoutes: + description: ConfigureCloudRoutes enables CIDRs allocated with to be configured on the cloud provider. + type: boolean + controllers: + description: Controllers is a list of controllers to enable on the controller-manager + items: + type: string + type: array + disableAttachDetachReconcileSync: + description: |- + DisableAttachDetachReconcileSync disables the reconcile sync loop in the attach-detach controller. + This can cause volumes to become mismatched with pods + type: boolean + enableLeaderMigration: + description: EnableLeaderMigration enables controller leader migration. + type: boolean + enableProfiling: + description: EnableProfiling enables profiling via web interface host:port/debug/pprof/ + type: boolean + endpointSliceUpdatesBatchPeriod: + description: |- + The length of endpoint slice updates batching period. Processing of pod changes will be delayed by this duration + to join them with potential upcoming updates and reduce the overall number of endpoints updates. + Larger number = higher endpoint programming latency, but lower number of endpoints revision generated. + type: string + endpointUpdatesBatchPeriod: + description: |- + The length of endpoint updates batching period. Processing of pod changes will be delayed by this duration + to join them with potential upcoming updates and reduce the overall number of endpoints updates. + Larger number = higher endpoint programming latency, but lower number of endpoints revision generated + type: string + experimentalClusterSigningDuration: + description: |- + ExperimentalClusterSigningDuration is the max length of duration that the signed certificates will be given. (default 365*24h) + Deprecated - use cluster-signing-duration instead + type: string + externalCloudVolumePlugin: + description: ExternalCloudVolumePlugin is a fallback mechanism that allows a legacy, in-tree cloudprovider to be used for volume plugins even when an external cloud controller manager is being used. This can be used instead of installing CSI. The value should be the same as is used for the --cloud-provider flag, i.e. "aws". + type: string + featureGates: + additionalProperties: + type: string + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. + type: object + horizontalPodAutoscalerCpuInitializationPeriod: + description: |- + HorizontalPodAutoscalerCPUInitializationPeriod is the period after pod start + when CPU samples might be skipped. (default 5m) + type: string + horizontalPodAutoscalerDownscaleDelay: + description: |- + HorizontalPodAutoscalerDownscaleDelay is a duration that specifies + how long the autoscaler has to wait before another downscale + operation can be performed after the current one has completed. + type: string + horizontalPodAutoscalerDownscaleStabilization: + description: |- + HorizontalPodAutoscalerDownscaleStabilization is the period for which + autoscaler will look backwards and not scale down below any + recommendation it made during that period. + type: string + horizontalPodAutoscalerInitialReadinessDelay: + description: |- + HorizontalPodAutoscalerInitialReadinessDelay is the period after pod start + during which readiness changes will be treated as initial readiness. (default 30s) + type: string + horizontalPodAutoscalerSyncPeriod: + description: |- + HorizontalPodAutoscalerSyncPeriod is the amount of time between syncs + During each period, the controller manager queries the resource utilization + against the metrics specified in each HorizontalPodAutoscaler definition. + type: string + horizontalPodAutoscalerTolerance: + anyOf: + - type: integer + - type: string + description: |- + HorizontalPodAutoscalerTolerance is the minimum change (from 1.0) in the + desired-to-actual metrics ratio for the horizontal pod autoscaler to + consider scaling. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + horizontalPodAutoscalerUpscaleDelay: + description: |- + HorizontalPodAutoscalerUpscaleDelay is a duration that specifies how + long the autoscaler has to wait before another upscale operation can + be performed after the current one has completed. + type: string + horizontalPodAutoscalerUseRestClients: + description: |- + HorizontalPodAutoscalerUseRestClients determines if the new-style clients + should be used if support for custom metrics is enabled. + type: boolean + image: + description: Image is the docker image to use + type: string + kubeAPIBurst: + description: KubeAPIBurst Burst to use while talking with kubernetes apiserver. (default 30) + format: int32 + type: integer + kubeAPIQPS: + anyOf: + - type: integer + - type: string + description: KubeAPIQPS QPS to use while talking with kubernetes apiserver. (default 20) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + leaderElection: + description: LeaderElection defines the configuration of leader election client. + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaderElectLeaseDuration: + description: |- + leaderElectLeaseDuration is the length in time non-leader candidates + will wait after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced by another candidate + type: string + leaderElectRenewDeadlineDuration: + description: |- + LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. + type: string + leaderElectResourceLock: + description: |- + LeaderElectResourceLock is the type of resource object that is used for locking during + leader election. Supported options are endpoints (default) and `configmaps`. + type: string + leaderElectResourceName: + description: LeaderElectResourceName is the name of resource object that is used for locking during leader election. + type: string + leaderElectResourceNamespace: + description: LeaderElectResourceNamespace is the namespace of resource object that is used for locking during leader election. + type: string + leaderElectRetryPeriod: + description: |- + LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition + and renewal of a leadership. This is only applicable if leader election is enabled. + type: string + type: object + logFormat: + description: |- + LogFormat is the logging format of the controler manager. + Supported values: text, json. + Default: text + type: string + logLevel: + description: LogLevel is the defined logLevel + format: int32 + type: integer + master: + description: Master is the url for the kube api master + type: string + minResyncPeriod: + description: |- + MinResyncPeriod indicates the resync period in reflectors. + The resync period will be random between MinResyncPeriod and 2*MinResyncPeriod. (default 12h0m0s) + type: string + nodeCIDRMaskSize: + description: NodeCIDRMaskSize set the size for the mask of the nodes. + format: int32 + type: integer + nodeMonitorGracePeriod: + description: |- + NodeMonitorGracePeriod is the amount of time which we allow running Node to be unresponsive before marking it unhealthy. (default 40s) + Must be N-1 times more than kubelet's nodeStatusUpdateFrequency, where N means number of retries allowed for kubelet to post node status. + type: string + nodeMonitorPeriod: + description: NodeMonitorPeriod is the period for syncing NodeStatus in NodeController. (default 5s) + type: string + podEvictionTimeout: + description: PodEvictionTimeout is the grace period for deleting pods on failed nodes. (default 5m0s) + type: string + rootCAFile: + description: rootCAFile is the root certificate authority will be included in service account's token secret. This must be a valid PEM-encoded CA bundle. + type: string + serviceAccountPrivateKeyFile: + description: ServiceAccountPrivateKeyFile is the location of the private key for service account token signing. + type: string + terminatedPodGCThreshold: + description: |- + TerminatedPodGCThreshold is the number of terminated pods that can exist + before the terminated pod garbage collector starts deleting terminated pods. + If <= 0, the terminated pod garbage collector is disabled. + format: int32 + type: integer + tlsCertFile: + description: TLSCertFile is the file containing the TLS server certificate. + type: string + tlsCipherSuites: + description: TLSCipherSuites indicates the allowed TLS cipher suite + items: + type: string + type: array + tlsMinVersion: + description: TLSMinVersion indicates the minimum TLS version allowed + type: string + tlsPrivateKeyFile: + description: TLSPrivateKeyFile is the file containing the private key for the TLS server certificate. + type: string + useServiceAccountCredentials: + description: UseServiceAccountCredentials controls whether we use individual service account credentials for each controller. + type: boolean + type: object + kubeDNS: + description: KubeDNSConfig defines the kube dns configuration + properties: + affinity: + description: Affinity is the kube-dns affinity, uses the same syntax as kubectl's affinity + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. + items: + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the anti-affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: |- + weight associated with matching the corresponding podAffinityTerm, + in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: |- + If the anti-affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the anti-affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to a pod label update), the + system may or may not try to eventually evict the pod from its node. + When there are multiple elements, the lists of nodes corresponding to each + podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: |- + Defines a set of pods (namely those matching the labelSelector + relative to the given namespace(s)) that this pod should be + co-located (affinity) or not co-located (anti-affinity) with, + where co-located is defined as running on a node whose value of + the label with key matches that of any node on which + a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: |- + A label query over the set of namespaces that the term applies to. + The term is applied to the union of the namespaces selected by this field + and the ones listed in the namespaces field. + null selector and null or empty namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: |- + namespaces specifies a static list of namespace names that the term applies to. + The term is applied to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. + null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: |- + This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where co-located is defined as running on a node + whose value of the label with key topologyKey matches that of any node on which any of the + selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + cacheMaxConcurrent: + description: CacheMaxConcurrent is the maximum number of concurrent queries for dnsmasq + type: integer + cacheMaxSize: + description: CacheMaxSize is the maximum entries to keep in dnsmasq + type: integer + coreDNSImage: + description: CoreDNSImage is used to override the default image used for CoreDNS + type: string + cpaImage: + description: CPAImage is used to override the default image used for Cluster Proportional Autoscaler + type: string + cpuRequest: + anyOf: + - type: integer + - type: string + description: CPURequest specifies the cpu requests of each dns container in the cluster. Default 100m. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + domain: + description: Domain is the dns domain + type: string + externalCoreFile: + description: ExternalCoreFile is used to provide a complete CoreDNS CoreFile by the user - ignores other provided flags which modify the CoreFile. + type: string + image: + description: Image is unused. + type: string + memoryLimit: + anyOf: + - type: integer + - type: string + description: MemoryLimit specifies the memory limit of each dns container in the cluster. Default 170m. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memoryRequest: + anyOf: + - type: integer + - type: string + description: MemoryRequest specifies the memory requests of each dns container in the cluster. Default 70m. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + nodeLocalDNS: + description: NodeLocalDNS specifies the configuration for the node-local-dns addon + properties: + additionalConfig: + description: AdditionalConfig is used to provide additional config for node local dns by the user - it will include the original CoreFile made by kOps. + type: string + cpuRequest: + anyOf: + - type: integer + - type: string + description: CPURequest specifies the cpu requests of each node-local-dns container in the daemonset. Default 25m. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + enabled: + description: Enabled activates the node-local-dns addon. + type: boolean + externalCoreFile: + description: ExternalCoreFile is used to provide a complete NodeLocalDNS CoreFile by the user - ignores other provided flags which modify the CoreFile. + type: string + forwardToKubeDNS: + description: If enabled, nodelocal dns will use kubedns as a default upstream + type: boolean + image: + description: Image overrides the default docker image used for node-local-dns addon. + type: string + localIP: + description: Local listen IP address. It can be any IP in the 169.254.20.0/16 space or any other IP address that can be guaranteed to not collide with any existing IP. + type: string + memoryRequest: + anyOf: + - type: integer + - type: string + description: MemoryRequest specifies the memory requests of each node-local-dns container in the daemonset. Default 5Mi. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podAnnotations: + additionalProperties: + type: string + description: |- + PodAnnotations makes possible to add additional annotations to node-local-dns. + Default: none + type: object + type: object + provider: + description: Provider indicates whether CoreDNS or kube-dns will be the default service discovery. + type: string + replicas: + description: Replicas is unused. + type: integer + serverIP: + description: ServerIP is the server ip + type: string + stubDomains: + additionalProperties: + items: + type: string + type: array + description: StubDomains redirects a domains to another DNS service + type: object + tolerations: + description: "Tolerations\tare tolerations to apply to the kube-dns deployment" + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + upstreamNameservers: + description: UpstreamNameservers sets the upstream nameservers for queries not on the cluster domain + items: + type: string + type: array + type: object + kubeProxy: + description: KubeProxyConfig defines the configuration for a proxy + properties: + bindAddress: + description: BindAddress is IP address for the proxy server to serve on + type: string + clusterCIDR: + description: ClusterCIDR is the CIDR range of the pods in the cluster + type: string + conntrackMaxPerCore: + description: 'Maximum number of NAT connections to track per CPU core (default: 131072)' + format: int32 + type: integer + conntrackMin: + description: Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core + format: int32 + type: integer + cpuLimit: + anyOf: + - type: integer + - type: string + description: CPULimit, cpu limit compute resource for kube proxy e.g. "30m" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cpuRequest: + anyOf: + - type: integer + - type: string + description: CPURequest, cpu request compute resource for kube proxy e.g. "20m" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + enabled: + description: Enabled allows enabling or disabling kube-proxy + type: boolean + featureGates: + additionalProperties: + type: string + description: FeatureGates is a series of key pairs used to switch on features for the proxy + type: object + hostnameOverride: + description: HostnameOverride, if non-empty, will be used as the identity instead of the actual hostname. + type: string + image: + type: string + ipvsExcludeCidrs: + description: IPVSExcludeCIDRs is comma-separated list of CIDR's which the ipvs proxier should not touch when cleaning up IPVS rules + items: + type: string + type: array + ipvsMinSyncPeriod: + description: IPVSMinSyncPeriod is the minimum interval of how often the ipvs rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m') + type: string + ipvsScheduler: + description: IPVSScheduler is the ipvs scheduler type when proxy mode is ipvs + type: string + ipvsSyncPeriod: + description: IPVSSyncPeriod duration is the maximum interval of how often ipvs rules are refreshed + type: string + logLevel: + description: LogLevel is the logging level of the proxy + format: int32 + type: integer + master: + description: Master is the address of the Kubernetes API server (overrides any value in kubeconfig) + type: string + memoryLimit: + anyOf: + - type: integer + - type: string + description: MemoryLimit, memory limit compute resource for kube proxy e.g. "30Mi" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memoryRequest: + anyOf: + - type: integer + - type: string + description: MemoryRequest, memory request compute resource for kube proxy e.g. "30Mi" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metricsBindAddress: + description: MetricsBindAddress is the IP address for the metrics server to serve on + type: string + proxyMode: + description: 'Which proxy mode to use: (userspace, iptables, ipvs)' + type: string + type: object + kubeScheduler: + description: KubeSchedulerConfig is the configuration for the kube-scheduler + properties: + authenticationKubeconfig: + description: AuthenticationKubeconfig is the path to an Authentication Kubeconfig + type: string + authorizationAlwaysAllowPaths: + description: AuthorizationAlwaysAllowPaths is the list of HTTP paths to skip during authorization + items: + type: string + type: array + authorizationKubeconfig: + description: AuthorizationKubeconfig is the path to an Authorization Kubeconfig + type: string + burst: + description: Burst sets the maximum qps to send to apiserver after the burst quota is exhausted + format: int32 + type: integer + enableProfiling: + description: EnableProfiling enables profiling via web interface host:port/debug/pprof/ + type: boolean + featureGates: + additionalProperties: + type: string + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. + type: object + image: + description: Image is the docker image to use + type: string + leaderElection: + description: LeaderElection defines the configuration of leader election client. + properties: + leaderElect: + description: |- + leaderElect enables a leader election client to gain leadership + before executing the main loop. Enable this when running replicated + components for high availability. + type: boolean + leaderElectLeaseDuration: + description: |- + leaderElectLeaseDuration is the length in time non-leader candidates + will wait after observing a leadership renewal until attempting to acquire + leadership of a led but unrenewed leader slot. This is effectively the + maximum duration that a leader can be stopped before it is replaced by another candidate + type: string + leaderElectRenewDeadlineDuration: + description: |- + LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to + renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. + type: string + leaderElectResourceLock: + description: |- + LeaderElectResourceLock is the type of resource object that is used for locking during + leader election. Supported options are endpoints (default) and `configmaps`. + type: string + leaderElectResourceName: + description: LeaderElectResourceName is the name of resource object that is used for locking during leader election. + type: string + leaderElectResourceNamespace: + description: LeaderElectResourceNamespace is the namespace of resource object that is used for locking during leader election. + type: string + leaderElectRetryPeriod: + description: |- + LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition + and renewal of a leadership. This is only applicable if leader election is enabled. + type: string + type: object + logFormat: + description: |- + LogFormat is the logging format of the scheduler. + Supported values: text, json. + Default: text + type: string + logLevel: + description: LogLevel is the logging level + format: int32 + type: integer + master: + description: Master is a url to the kube master + type: string + maxPersistentVolumes: + description: |- + MaxPersistentVolumes changes the maximum number of persistent volumes the scheduler will scheduler onto the same + node. Only takes effect if value is positive. This corresponds to the KUBE_MAX_PD_VOLS environment variable. + The default depends on the version and the cloud provider + as outlined: https://kubernetes.io/docs/concepts/storage/storage-limits/ + format: int32 + type: integer + qps: + anyOf: + - type: integer + - type: string + description: Qps sets the maximum qps to send to apiserver after the burst quota is exhausted + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + tlsCertFile: + description: TLSCertFile is the file containing the TLS server certificate. + type: string + tlsPrivateKeyFile: + description: TLSPrivateKeyFile is the file containing the private key for the TLS server certificate. + type: string + usePolicyConfigMap: + description: UsePolicyConfigMap enable setting the scheduler policy from a configmap + type: boolean + type: object + kubelet: + description: |- + Kubelet is the kubelet configuration for nodes not belonging to the control plane. + It can be overridden by the kubelet configuration specified in the instance group. + properties: + allowPrivileged: + description: AllowPrivileged enables containers to request privileged mode (defaults to false) + type: boolean + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls + items: + type: string + type: array + anonymousAuth: + description: AnonymousAuth permits you to control auth to the kubelet api + type: boolean + apiServers: + description: APIServers is not used for clusters version 1.6 and later - flag removed + type: string + authenticationTokenWebhook: + description: AuthenticationTokenWebhook uses the TokenReview API to determine authentication for bearer tokens. + type: boolean + authenticationTokenWebhookCacheTtl: + description: AuthenticationTokenWebhook sets the duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s) + type: string + authorizationMode: + description: AuthorizationMode is the authorization mode the kubelet is running in + type: string + babysitDaemons: + description: The node has babysitter process monitoring docker and kubelet. Removed as of 1.7 + type: boolean + bootstrapKubeconfig: + description: BootstrapKubeconfig is the path to a kubeconfig file that will be used to get client certificate for kubelet + type: string + cgroupDriver: + description: CgroupDriver allows the explicit setting of the kubelet cgroup driver. If omitted, defaults to cgroupfs. + type: string + cgroupRoot: + description: cgroupRoot is the root cgroup to use for pods. This is handled by the container runtime on a best effort basis. + type: string + clientCaFile: + description: ClientCAFile is the path to a CA certificate + type: string + cloudProvider: + description: CloudProvider is the provider for cloud services. + type: string + clusterDNS: + description: ClusterDNS is the IP address for a cluster DNS server + type: string + clusterDomain: + description: ClusterDomain is the DNS domain for this cluster + type: string + configureCbr0: + description: configureCBR0 enables the kubelet to configure cbr0 based on Node.Spec.PodCIDR. + type: boolean + containerLogMaxFiles: + description: ContainerLogMaxFiles is the maximum number of container log files that can be present for a container. The number must be >= 2. + format: int32 + type: integer + containerLogMaxSize: + description: ContainerLogMaxSize is the maximum size (e.g. 10Mi) of container log file before it is rotated. + type: string + cpuCFSQuota: + description: CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits + type: boolean + cpuCFSQuotaPeriod: + description: CPUCFSQuotaPeriod sets CPU CFS quota period value, cpu.cfs_period_us, defaults to Linux Kernel default + type: string + cpuManagerPolicy: + description: CpuManagerPolicy allows for changing the default policy of None to static + type: string + dockerDisableSharedPID: + description: DockerDisableSharedPID uses a shared PID namespace for containers in a pod. + type: boolean + enableCadvisorJsonEndpoints: + description: EnableCadvisorJsonEndpoints enables cAdvisor json `/spec` and `/stats/*` endpoints. Defaults to False. + type: boolean + enableCustomMetrics: + description: Enable gathering custom metrics. + type: boolean + enableDebuggingHandlers: + description: EnableDebuggingHandlers enables server endpoints for log collection and local running of containers and commands + type: boolean + enforceNodeAllocatable: + description: Enforce Allocatable across pods whenever the overall usage across all pods exceeds Allocatable. + type: string + eventBurst: + description: EventBurst temporarily allows event records to burst to this number, while still not exceeding EventQPS. Only used if EventQPS > 0. + format: int32 + type: integer + eventQPS: + description: EventQPS if > 0, limit event creations per second to this value. If 0, unlimited. + format: int32 + type: integer + evictionHard: + description: Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. + type: string + evictionMaxPodGracePeriod: + description: Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. + format: int32 + type: integer + evictionMinimumReclaim: + description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. + type: string + evictionPressureTransitionPeriod: + description: Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. + type: string + evictionSoft: + description: Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. + type: string + evictionSoftGracePeriod: + description: Comma-delimited list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. + type: string + experimentalAllocatableIgnoreEviction: + description: ExperimentalAllocatableIgnoreEviction enables ignoring Hard Eviction Thresholds while calculating Node Allocatable + type: boolean + experimentalAllowedUnsafeSysctls: + description: |- + ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls + Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 + items: + type: string + type: array + failSwapOn: + description: Tells the Kubelet to fail to start if swap is enabled on the node. + type: boolean + featureGates: + additionalProperties: + type: string + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. + type: object + hairpinMode: + description: |- + How should the kubelet configure the container bridge for hairpin packets. + Setting this flag allows endpoints in a Service to loadbalance back to + themselves if they should try to access their own Service. Values: + "promiscuous-bridge": make the container bridge promiscuous. + "hairpin-veth": set the hairpin flag on container veth interfaces. + "none": do nothing. + Setting --configure-cbr0 to false implies that to achieve hairpin NAT + one must set --hairpin-mode=veth-flag, because bridge assumes the + existence of a container bridge named cbr0. + type: string + hostnameOverride: + description: HostnameOverride is the hostname used to identify the kubelet instead of the actual hostname. + type: string + housekeepingInterval: + description: HousekeepingInterval allows to specify interval between container housekeepings. + type: string + imageGCHighThresholdPercent: + description: |- + ImageGCHighThresholdPercent is the percent of disk usage after which + image garbage collection is always run. + format: int32 + type: integer + imageGCLowThresholdPercent: + description: |- + ImageGCLowThresholdPercent is the percent of disk usage before which + image garbage collection is never run. Lowest disk usage to garbage + collect to. + format: int32 + type: integer + imagePullProgressDeadline: + description: |- + ImagePullProgressDeadline is the timeout for image pulls + If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) + type: string + kernelMemcgNotification: + description: Integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling. + type: boolean + kubeReserved: + additionalProperties: + type: string + description: Resource reservation for kubernetes system daemons like the kubelet, container runtime, node problem detector, etc. + type: object + kubeReservedCgroup: + description: Control group for kube daemons. + type: string + kubeconfigPath: + description: KubeconfigPath is the path of kubeconfig for the kubelet + type: string + kubeletCgroups: + description: KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. + type: string + logFormat: + description: |- + LogFormat is the logging format of the kubelet. + Supported values: text, json. + Default: text + type: string + logLevel: + description: LogLevel is the logging level of the kubelet + format: int32 + type: integer + maxPods: + description: MaxPods is the number of pods that can run on this Kubelet. + format: int32 + type: integer + memorySwapBehavior: + description: |- + MemorySwapBehavior defines how swap is used by container workloads. + Supported values: LimitedSwap, "UnlimitedSwap. + type: string + networkPluginMTU: + description: |- + NetworkPluginMTU is the MTU to be passed to the network plugin, + and overrides the default MTU for cases where it cannot be automatically + computed (such as IPSEC). + format: int32 + type: integer + networkPluginName: + description: NetworkPluginName is the name of the network plugin to be invoked for various events in kubelet/pod lifecycle + type: string + nodeLabels: + additionalProperties: + type: string + description: NodeLabels to add when registering the node in the cluster. + type: object + nodeStatusUpdateFrequency: + description: |- + NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) + must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. + type: string + nonMasqueradeCIDR: + description: 'NonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.' + type: string + nvidiaGPUs: + description: NvidiaGPUs is the number of NVIDIA GPU devices on this node. + format: int32 + type: integer + podCIDR: + description: |- + PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. + In cluster mode, this is obtained from the master. + type: string + podInfraContainerImage: + description: PodInfraContainerImage is the image whose network/ipc containers in each pod will use. + type: string + podManifestPath: + description: config is the path to the config file or directory of files + type: string + podPidsLimit: + description: PodPidsLimit is the maximum number of pids in any pod. + format: int64 + type: integer + protectKernelDefaults: + description: |- + Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. + (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. + type: boolean + readOnlyPort: + description: ReadOnlyPort is the port used by the kubelet api for read-only access (default 10255) + format: int32 + type: integer + reconcileCIDR: + description: |- + ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the + API server. No-op if register-node or configure-cbr0 is false. + type: boolean + registerNode: + description: RegisterNode enables automatic registration with the apiserver. + type: boolean + registerSchedulable: + description: registerSchedulable tells the kubelet to register the node as schedulable. No-op if register-node is false. + type: boolean + registryBurst: + description: RegistryBurst Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0 (default 10) + format: int32 + type: integer + registryPullQPS: + description: RegistryPullQPS if > 0, limit registry pull QPS to this value. If 0, unlimited. (default 5) + format: int32 + type: integer + requireKubeconfig: + description: RequireKubeconfig indicates a kubeconfig is required + type: boolean + resolvConf: + description: ResolverConfig is the resolver configuration file used as the basis for the container DNS resolution configuration."), [] + type: string + rootDir: + description: RootDir is the directory path for managing kubelet files (volume mounts,etc) + type: string + rotateCertificates: + description: rotateCertificates enables client certificate rotation. + type: boolean + runtimeCgroups: + description: Cgroups that container runtime is expected to be isolated in. + type: string + runtimeRequestTimeout: + description: RuntimeRequestTimeout is timeout for runtime requests on - pull, logs, exec and attach + type: string + seccompDefault: + description: SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. + type: boolean + seccompProfileRoot: + description: SeccompProfileRoot is the directory path for seccomp profiles. + type: string + serializeImagePulls: + description: |- + // SerializeImagePulls when enabled, tells the Kubelet to pull images one + // at a time. We recommend *not* changing the default value on nodes that + // run docker daemon with version < 1.9 or an Aufs storage backend. + // Issue #10959 has more details. + type: boolean + shutdownGracePeriod: + description: |- + ShutdownGracePeriod specifies the total duration that the node should delay the shutdown by. + Default: 30s + type: string + shutdownGracePeriodCriticalPods: + description: |- + ShutdownGracePeriodCriticalPods specifies the duration used to terminate critical pods during a node shutdown. + Default: 10s + type: string + streamingConnectionIdleTimeout: + description: StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed + type: string + systemCgroups: + description: |- + SystemCgroups is absolute name of cgroups in which to place + all non-kernel processes that are not already in a container. Empty + for no container. Rolling back the flag requires a reboot. + type: string + systemReserved: + additionalProperties: + type: string + description: Capture resource reservation for OS system daemons like sshd, udev, etc. + type: object + systemReservedCgroup: + description: Parent control group for OS system daemons. + type: string + taints: + description: Taints to add when registering a node in the cluster + items: + type: string + type: array + tlsCertFile: + description: 'TODO: Remove unused TLSCertFile' + type: string + tlsCipherSuites: + description: TLSCipherSuites indicates the allowed TLS cipher suite + items: + type: string + type: array + tlsMinVersion: + description: TLSMinVersion indicates the minimum TLS version allowed + type: string + tlsPrivateKeyFile: + description: 'TODO: Remove unused TLSPrivateKeyFile' + type: string + topologyManagerPolicy: + description: TopologyManagerPolicy determines the allocation policy for the topology manager. + type: string + volumePluginDirectory: + description: The full path of the directory in which to search for additional third party volume plugins (this path must be writeable, dependent on your choice of OS) + type: string + volumeStatsAggPeriod: + description: VolumeStatsAggPeriod is the interval for kubelet to calculate and cache the volume disk usage for all pods and volumes + type: string + type: object + kubernetesApiAccess: + description: |- + KubernetesAPIAccess determines the permitted access to the API endpoints (master HTTPS) + Currently only a single CIDR is supported (though a richer grammar could be added in future) + items: + type: string + type: array + kubernetesVersion: + description: The version of kubernetes to install (optional, and can be a "spec" like stable) + type: string + masterInternalName: + description: MasterInternalName is unused. + type: string + masterKubelet: + description: |- + MasterKubelet is the kubelet configuration for nodes belonging to the control plane + It can be overridden by the kubelet configuration specified in the instance group. + properties: + allowPrivileged: + description: AllowPrivileged enables containers to request privileged mode (defaults to false) + type: boolean + allowedUnsafeSysctls: + description: AllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls + items: + type: string + type: array + anonymousAuth: + description: AnonymousAuth permits you to control auth to the kubelet api + type: boolean + apiServers: + description: APIServers is not used for clusters version 1.6 and later - flag removed + type: string + authenticationTokenWebhook: + description: AuthenticationTokenWebhook uses the TokenReview API to determine authentication for bearer tokens. + type: boolean + authenticationTokenWebhookCacheTtl: + description: AuthenticationTokenWebhook sets the duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s) + type: string + authorizationMode: + description: AuthorizationMode is the authorization mode the kubelet is running in + type: string + babysitDaemons: + description: The node has babysitter process monitoring docker and kubelet. Removed as of 1.7 + type: boolean + bootstrapKubeconfig: + description: BootstrapKubeconfig is the path to a kubeconfig file that will be used to get client certificate for kubelet + type: string + cgroupDriver: + description: CgroupDriver allows the explicit setting of the kubelet cgroup driver. If omitted, defaults to cgroupfs. + type: string + cgroupRoot: + description: cgroupRoot is the root cgroup to use for pods. This is handled by the container runtime on a best effort basis. + type: string + clientCaFile: + description: ClientCAFile is the path to a CA certificate + type: string + cloudProvider: + description: CloudProvider is the provider for cloud services. + type: string + clusterDNS: + description: ClusterDNS is the IP address for a cluster DNS server + type: string + clusterDomain: + description: ClusterDomain is the DNS domain for this cluster + type: string + configureCbr0: + description: configureCBR0 enables the kubelet to configure cbr0 based on Node.Spec.PodCIDR. + type: boolean + containerLogMaxFiles: + description: ContainerLogMaxFiles is the maximum number of container log files that can be present for a container. The number must be >= 2. + format: int32 + type: integer + containerLogMaxSize: + description: ContainerLogMaxSize is the maximum size (e.g. 10Mi) of container log file before it is rotated. + type: string + cpuCFSQuota: + description: CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits + type: boolean + cpuCFSQuotaPeriod: + description: CPUCFSQuotaPeriod sets CPU CFS quota period value, cpu.cfs_period_us, defaults to Linux Kernel default + type: string + cpuManagerPolicy: + description: CpuManagerPolicy allows for changing the default policy of None to static + type: string + dockerDisableSharedPID: + description: DockerDisableSharedPID uses a shared PID namespace for containers in a pod. + type: boolean + enableCadvisorJsonEndpoints: + description: EnableCadvisorJsonEndpoints enables cAdvisor json `/spec` and `/stats/*` endpoints. Defaults to False. + type: boolean + enableCustomMetrics: + description: Enable gathering custom metrics. + type: boolean + enableDebuggingHandlers: + description: EnableDebuggingHandlers enables server endpoints for log collection and local running of containers and commands + type: boolean + enforceNodeAllocatable: + description: Enforce Allocatable across pods whenever the overall usage across all pods exceeds Allocatable. + type: string + eventBurst: + description: EventBurst temporarily allows event records to burst to this number, while still not exceeding EventQPS. Only used if EventQPS > 0. + format: int32 + type: integer + eventQPS: + description: EventQPS if > 0, limit event creations per second to this value. If 0, unlimited. + format: int32 + type: integer + evictionHard: + description: Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. + type: string + evictionMaxPodGracePeriod: + description: Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. + format: int32 + type: integer + evictionMinimumReclaim: + description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. + type: string + evictionPressureTransitionPeriod: + description: Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. + type: string + evictionSoft: + description: Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. + type: string + evictionSoftGracePeriod: + description: Comma-delimited list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. + type: string + experimentalAllocatableIgnoreEviction: + description: ExperimentalAllocatableIgnoreEviction enables ignoring Hard Eviction Thresholds while calculating Node Allocatable + type: boolean + experimentalAllowedUnsafeSysctls: + description: |- + ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls + Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 + items: + type: string + type: array + failSwapOn: + description: Tells the Kubelet to fail to start if swap is enabled on the node. + type: boolean + featureGates: + additionalProperties: + type: string + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. + type: object + hairpinMode: + description: |- + How should the kubelet configure the container bridge for hairpin packets. + Setting this flag allows endpoints in a Service to loadbalance back to + themselves if they should try to access their own Service. Values: + "promiscuous-bridge": make the container bridge promiscuous. + "hairpin-veth": set the hairpin flag on container veth interfaces. + "none": do nothing. + Setting --configure-cbr0 to false implies that to achieve hairpin NAT + one must set --hairpin-mode=veth-flag, because bridge assumes the + existence of a container bridge named cbr0. + type: string + hostnameOverride: + description: HostnameOverride is the hostname used to identify the kubelet instead of the actual hostname. + type: string + housekeepingInterval: + description: HousekeepingInterval allows to specify interval between container housekeepings. + type: string + imageGCHighThresholdPercent: + description: |- + ImageGCHighThresholdPercent is the percent of disk usage after which + image garbage collection is always run. + format: int32 + type: integer + imageGCLowThresholdPercent: + description: |- + ImageGCLowThresholdPercent is the percent of disk usage before which + image garbage collection is never run. Lowest disk usage to garbage + collect to. + format: int32 + type: integer + imagePullProgressDeadline: + description: |- + ImagePullProgressDeadline is the timeout for image pulls + If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) + type: string + kernelMemcgNotification: + description: Integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling. + type: boolean + kubeReserved: + additionalProperties: + type: string + description: Resource reservation for kubernetes system daemons like the kubelet, container runtime, node problem detector, etc. + type: object + kubeReservedCgroup: + description: Control group for kube daemons. + type: string + kubeconfigPath: + description: KubeconfigPath is the path of kubeconfig for the kubelet + type: string + kubeletCgroups: + description: KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. + type: string + logFormat: + description: |- + LogFormat is the logging format of the kubelet. + Supported values: text, json. + Default: text + type: string + logLevel: + description: LogLevel is the logging level of the kubelet + format: int32 + type: integer + maxPods: + description: MaxPods is the number of pods that can run on this Kubelet. + format: int32 + type: integer + memorySwapBehavior: + description: |- + MemorySwapBehavior defines how swap is used by container workloads. + Supported values: LimitedSwap, "UnlimitedSwap. + type: string + networkPluginMTU: + description: |- + NetworkPluginMTU is the MTU to be passed to the network plugin, + and overrides the default MTU for cases where it cannot be automatically + computed (such as IPSEC). + format: int32 + type: integer + networkPluginName: + description: NetworkPluginName is the name of the network plugin to be invoked for various events in kubelet/pod lifecycle + type: string + nodeLabels: + additionalProperties: + type: string + description: NodeLabels to add when registering the node in the cluster. + type: object + nodeStatusUpdateFrequency: + description: |- + NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) + must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. + type: string + nonMasqueradeCIDR: + description: 'NonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.' + type: string + nvidiaGPUs: + description: NvidiaGPUs is the number of NVIDIA GPU devices on this node. + format: int32 + type: integer + podCIDR: + description: |- + PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. + In cluster mode, this is obtained from the master. + type: string + podInfraContainerImage: + description: PodInfraContainerImage is the image whose network/ipc containers in each pod will use. + type: string + podManifestPath: + description: config is the path to the config file or directory of files + type: string + podPidsLimit: + description: PodPidsLimit is the maximum number of pids in any pod. + format: int64 + type: integer + protectKernelDefaults: + description: |- + Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. + (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. + type: boolean + readOnlyPort: + description: ReadOnlyPort is the port used by the kubelet api for read-only access (default 10255) + format: int32 + type: integer + reconcileCIDR: + description: |- + ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the + API server. No-op if register-node or configure-cbr0 is false. + type: boolean + registerNode: + description: RegisterNode enables automatic registration with the apiserver. + type: boolean + registerSchedulable: + description: registerSchedulable tells the kubelet to register the node as schedulable. No-op if register-node is false. + type: boolean + registryBurst: + description: RegistryBurst Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0 (default 10) + format: int32 + type: integer + registryPullQPS: + description: RegistryPullQPS if > 0, limit registry pull QPS to this value. If 0, unlimited. (default 5) + format: int32 + type: integer + requireKubeconfig: + description: RequireKubeconfig indicates a kubeconfig is required + type: boolean + resolvConf: + description: ResolverConfig is the resolver configuration file used as the basis for the container DNS resolution configuration."), [] + type: string + rootDir: + description: RootDir is the directory path for managing kubelet files (volume mounts,etc) + type: string + rotateCertificates: + description: rotateCertificates enables client certificate rotation. + type: boolean + runtimeCgroups: + description: Cgroups that container runtime is expected to be isolated in. + type: string + runtimeRequestTimeout: + description: RuntimeRequestTimeout is timeout for runtime requests on - pull, logs, exec and attach + type: string + seccompDefault: + description: SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. + type: boolean + seccompProfileRoot: + description: SeccompProfileRoot is the directory path for seccomp profiles. + type: string + serializeImagePulls: + description: |- + // SerializeImagePulls when enabled, tells the Kubelet to pull images one + // at a time. We recommend *not* changing the default value on nodes that + // run docker daemon with version < 1.9 or an Aufs storage backend. + // Issue #10959 has more details. + type: boolean + shutdownGracePeriod: + description: |- + ShutdownGracePeriod specifies the total duration that the node should delay the shutdown by. + Default: 30s + type: string + shutdownGracePeriodCriticalPods: + description: |- + ShutdownGracePeriodCriticalPods specifies the duration used to terminate critical pods during a node shutdown. + Default: 10s + type: string + streamingConnectionIdleTimeout: + description: StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed + type: string + systemCgroups: + description: |- + SystemCgroups is absolute name of cgroups in which to place + all non-kernel processes that are not already in a container. Empty + for no container. Rolling back the flag requires a reboot. + type: string + systemReserved: + additionalProperties: + type: string + description: Capture resource reservation for OS system daemons like sshd, udev, etc. + type: object + systemReservedCgroup: + description: Parent control group for OS system daemons. + type: string + taints: + description: Taints to add when registering a node in the cluster + items: + type: string + type: array + tlsCertFile: + description: 'TODO: Remove unused TLSCertFile' + type: string + tlsCipherSuites: + description: TLSCipherSuites indicates the allowed TLS cipher suite + items: + type: string + type: array + tlsMinVersion: + description: TLSMinVersion indicates the minimum TLS version allowed + type: string + tlsPrivateKeyFile: + description: 'TODO: Remove unused TLSPrivateKeyFile' + type: string + topologyManagerPolicy: + description: TopologyManagerPolicy determines the allocation policy for the topology manager. + type: string + volumePluginDirectory: + description: The full path of the directory in which to search for additional third party volume plugins (this path must be writeable, dependent on your choice of OS) + type: string + volumeStatsAggPeriod: + description: VolumeStatsAggPeriod is the interval for kubelet to calculate and cache the volume disk usage for all pods and volumes + type: string + type: object + masterPublicName: + description: MasterPublicName is the external DNS name for the master nodes + type: string + metricsServer: + description: MetricsServer determines the metrics server configuration. + properties: + enabled: + description: |- + Enabled enables the metrics server. + Default: false + type: boolean + image: + description: |- + Image is the docker container used. + Default: the latest supported image for the specified kubernetes version. + type: string + insecure: + description: |- + Insecure determines if API server will validate metrics server TLS cert. + Default: true + type: boolean + type: object + networkCIDR: + description: |- + NetworkCIDR is the CIDR used for the AWS VPC / GCE Network, or otherwise allocated to k8s + This is a real CIDR, not the internal k8s network + On AWS, it maps to the VPC CIDR. It is not required on GCE. + type: string + networkID: + description: NetworkID is an identifier of a network, if we want to reuse/share an existing network (e.g. an AWS VPC) + type: string + networking: + description: Networking configuration + properties: + amazonvpc: + description: AmazonVPCNetworkingSpec declares that we want Amazon VPC CNI networking + properties: + env: + description: Env is a list of environment variables to set in the container. + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previous defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. The $(VAR_NAME) + syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped + references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + required: + - name + type: object + type: array + imageName: + description: ImageName is the container image name to use. + type: string + initImageName: + description: InitImageName is the init container image name to use. + type: string + type: object + calico: + description: CalicoNetworkingSpec declares that we want Calico networking + properties: + allowIPForwarding: + description: |- + AllowIPForwarding enable ip_forwarding setting within the container namespace. + (default: false) + type: boolean + awsSrcDstCheck: + description: |- + AWSSrcDstCheck enables/disables ENI source/destination checks (AWS IPv4 only) + Options: Disable (default for IPv4), Enable, or DoNothing + type: string + bpfEnabled: + description: BPFEnabled enables the eBPF dataplane mode. + type: boolean + bpfExternalServiceMode: + description: |- + BPFExternalServiceMode controls how traffic from outside the cluster to NodePorts and ClusterIPs is handled. + In Tunnel mode, packet is tunneled from the ingress host to the host with the backing pod and back again. + In DSR mode, traffic is tunneled to the host with the backing pod and then returned directly; + this requires a network that allows direct return. + Default: Tunnel (other options: DSR) + type: string + bpfKubeProxyIptablesCleanupEnabled: + description: |- + BPFKubeProxyIptablesCleanupEnabled controls whether Felix will clean up the iptables rules + created by the Kubernetes kube-proxy; should only be enabled if kube-proxy is not running. + type: boolean + bpfLogLevel: + description: |- + BPFLogLevel controls the log level used by the BPF programs. The logs are emitted + to the BPF trace pipe, accessible with the command tc exec BPF debug. + Default: Off (other options: Info, Debug) + type: string + chainInsertMode: + description: |- + ChainInsertMode controls whether Felix inserts rules to the top of iptables chains, or + appends to the bottom. Leaving the default option is safest to prevent accidentally + breaking connectivity. Default: 'insert' (other options: 'append') + type: string + cpuRequest: + anyOf: + - type: integer + - type: string + description: 'CPURequest CPU request of Calico container. Default: 100m' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + crossSubnet: + description: CrossSubnet is deprecated as of kOps 1.22 and has no effect + type: boolean + encapsulationMode: + description: |- + EncapsulationMode specifies the network packet encapsulation protocol for Calico to use, + employing such encapsulation at the necessary scope per the related CrossSubnet field. In + "ipip" mode, Calico will use IP-in-IP encapsulation as needed. In "vxlan" mode, Calico will + encapsulate packets as needed using the VXLAN scheme. + Options: ipip (default) or vxlan + type: string + ipipMode: + description: |- + IPIPMode determines when to use IP-in-IP encapsulation for the default Calico IPv4 pool. + It is conveyed to the "calico-node" daemon container via the CALICO_IPV4POOL_IPIP + environment variable. EncapsulationMode must be set to "ipip". + Options: "CrossSubnet", "Always", or "Never". + Default: "CrossSubnet" if EncapsulationMode is "ipip", "Never" otherwise. + type: string + iptablesBackend: + description: |- + IptablesBackend controls which variant of iptables binary Felix uses + Default: Auto (other options: Legacy, NFT) + type: string + ipv4AutoDetectionMethod: + description: |- + IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route + between nodes. This should be set when the host has multiple interfaces + and it is important to select the interface used. + Options: "first-found" (default), "can-reach=DESTINATION", + "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX" + type: string + ipv6AutoDetectionMethod: + description: |- + IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route + between nodes. This should be set when the host has multiple interfaces + and it is important to select the interface used. + Options: "first-found" (default), "can-reach=DESTINATION", + "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX" + type: string + logSeverityScreen: + description: 'LogSeverityScreen lets us set the desired log level. (Default: info)' + type: string + majorVersion: + description: MajorVersion is unused. + type: string + mtu: + description: MTU to be set in the cni-network-config for calico. + format: int32 + type: integer + prometheusGoMetricsEnabled: + description: PrometheusGoMetricsEnabled enables Prometheus Go runtime metrics collection + type: boolean + prometheusMetricsEnabled: + description: |- + PrometheusMetricsEnabled can be set to enable the experimental Prometheus + metrics server (default: false) + type: boolean + prometheusMetricsPort: + description: |- + PrometheusMetricsPort is the TCP port that the experimental Prometheus + metrics server should bind to (default: 9091) + format: int32 + type: integer + prometheusProcessMetricsEnabled: + description: PrometheusProcessMetricsEnabled enables Prometheus process metrics collection + type: boolean + registry: + description: Registry overrides the Calico container image registry. + type: string + typhaPrometheusMetricsEnabled: + description: |- + TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha + (default: false) + type: boolean + typhaPrometheusMetricsPort: + description: |- + TyphaPrometheusMetricsPort is the TCP port the typha Prometheus metrics server + should bind to (default: 9093) + format: int32 + type: integer + typhaReplicas: + description: TyphaReplicas is the number of replicas of Typha to deploy + format: int32 + type: integer + version: + description: Version overrides the Calico container image tag. + type: string + vxlanMode: + description: |- + VXLANMode determines when to use VXLAN encapsulation for the default Calico IPv4 pool. + It is conveyed to the "calico-node" daemon container via the CALICO_IPV4POOL_VXLAN + environment variable. EncapsulationMode must be set to "vxlan". + Options: "CrossSubnet", "Always", or "Never". + Default: "CrossSubnet" if EncapsulationMode is "vxlan", "Never" otherwise. + type: string + wireguardEnabled: + description: |- + WireguardEnabled enables WireGuard encryption for all on-the-wire pod-to-pod traffic + (default: false) + type: boolean + type: object + canal: + description: CanalNetworkingSpec declares that we want Canal networking + properties: + chainInsertMode: + description: |- + ChainInsertMode controls whether Felix inserts rules to the top of iptables chains, or + appends to the bottom. Leaving the default option is safest to prevent accidentally + breaking connectivity. Default: 'insert' (other options: 'append') + type: string + cpuRequest: + anyOf: + - type: integer + - type: string + description: 'CPURequest CPU request of Canal container. Default: 100m' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + defaultEndpointToHostAction: + description: |- + DefaultEndpointToHostAction allows users to configure the default behaviour + for traffic between pod to host after calico rules have been processed. + Default: ACCEPT (other options: DROP, RETURN) + type: string + disableFlannelForwardRules: + description: |- + DisableFlannelForwardRules configures Flannel to NOT add the + default ACCEPT traffic rules to the iptables FORWARD chain + type: boolean + disableTxChecksumOffloading: + description: DisableTxChecksumOffloading is unused. + type: boolean + iptablesBackend: + description: |- + IptablesBackend controls which variant of iptables binary Felix uses + Default: Auto (other options: Legacy, NFT) + type: string + logSeveritySys: + description: |- + LogSeveritySys the severity to set for logs which are sent to syslog + Default: INFO (other options: DEBUG, WARNING, ERROR, CRITICAL, NONE) + type: string + mtu: + description: 'MTU to be set in the cni-network-config (default: 1500)' + format: int32 + type: integer + prometheusGoMetricsEnabled: + description: PrometheusGoMetricsEnabled enables Prometheus Go runtime metrics collection + type: boolean + prometheusMetricsEnabled: + description: |- + PrometheusMetricsEnabled can be set to enable the experimental Prometheus + metrics server (default: false) + type: boolean + prometheusMetricsPort: + description: |- + PrometheusMetricsPort is the TCP port that the experimental Prometheus + metrics server should bind to (default: 9091) + format: int32 + type: integer + prometheusProcessMetricsEnabled: + description: PrometheusProcessMetricsEnabled enables Prometheus process metrics collection + type: boolean + typhaPrometheusMetricsEnabled: + description: |- + TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha + (default: false) + type: boolean + typhaPrometheusMetricsPort: + description: |- + TyphaPrometheusMetricsPort is the TCP port the typha Prometheus metrics server + should bind to (default: 9093) + format: int32 + type: integer + typhaReplicas: + description: TyphaReplicas is the number of replicas of Typha to deploy + format: int32 + type: integer + type: object + cilium: + description: CiliumNetworkingSpec declares that we want Cilium networking + properties: + IPTablesRulesNoinstall: + description: |- + IPTablesRulesNoinstall disables installing the base IPTables rules used for masquerading and kube-proxy. + Default: false + type: boolean + accessLog: + description: AccessLog is unused. + type: string + agentLabels: + description: AgentLabels is unused. + items: + type: string + type: array + agentPodAnnotations: + additionalProperties: + type: string + description: |- + AgentPodAnnotations makes possible to add additional annotations to the cilium agent. + Default: none + type: object + agentPrometheusPort: + description: |- + AgentPrometheusPort is the port to listen to for Prometheus metrics. + Defaults to 9090. + type: integer + allowLocalhost: + description: AllowLocalhost is unused. + type: string + autoDirectNodeRoutes: + description: |- + AutoDirectNodeRoutes adds automatic L2 routing between nodes. + Default: false + type: boolean + autoIpv6NodeRoutes: + description: AutoIpv6NodeRoutes is unused. + type: boolean + bpfCTGlobalAnyMax: + description: |- + BPFCTGlobalAnyMax is the maximum number of entries in the non-TCP CT table. + Default: 262144 + type: integer + bpfCTGlobalTCPMax: + description: |- + BPFCTGlobalTCPMax is the maximum number of entries in the TCP CT table. + Default: 524288 + type: integer + bpfLBAlgorithm: + description: |- + BPFLBAlgorithm is the load balancing algorithm ("random", "maglev"). + Default: random + type: string + bpfLBMaglevTableSize: + description: |- + BPFLBMaglevTableSize is the per service backend table size when going with Maglev (parameter M). + Default: 16381 + type: string + bpfLBMapMax: + description: |- + BPFLBMapMax is the maximum number of entries in bpf lb service, backend and affinity maps. + Default: 65536 + type: integer + bpfLBSockHostNSOnly: + description: |- + BPFLBSockHostNSOnly enables skipping socket LB for services when inside a pod namespace, + in favor of service LB at the pod interface. Socket LB is still used when in the host namespace. + Required by service mesh (e.g., Istio, Linkerd). + Default: false + type: boolean + bpfNATGlobalMax: + description: |- + BPFNATGlobalMax is the the maximum number of entries in the BPF NAT table. + Default: 524288 + type: integer + bpfNeighGlobalMax: + description: |- + BPFNeighGlobalMax is the the maximum number of entries in the BPF Neighbor table. + Default: 524288 + type: integer + bpfPolicyMapMax: + description: |- + BPFPolicyMapMax is the maximum number of entries in endpoint policy map. + Default: 16384 + type: integer + bpfRoot: + description: BPFRoot is unused. + type: string + chainingMode: + description: |- + ChainingMode allows using Cilium in combination with other CNI plugins. + With Cilium CNI chaining, the base network connectivity and IP address management is managed + by the non-Cilium CNI plugin, but Cilium attaches eBPF programs to the network devices created + by the non-Cilium plugin to provide L3/L4 network visibility, policy enforcement and other advanced features. + Default: none + type: string + clusterID: + description: |- + ClusterID is the ID of the cluster. It is only relevant when building a mesh of clusters. + Must be a number between 1 and 255. + type: integer + clusterName: + description: ClusterName is the name of the cluster. It is only relevant when building a mesh of clusters. + type: string + cniBinPath: + description: CniBinPath is unused. + type: string + containerRuntime: + description: ContainerRuntime is unused. + items: + type: string + type: array + containerRuntimeEndpoint: + additionalProperties: + type: string + description: ContainerRuntimeEndpoint is unused. + type: object + containerRuntimeLabels: + description: ContainerRuntimeLabels is unused. + type: string + cpuRequest: + anyOf: + - type: integer + - type: string + description: 'CPURequest CPU request of Cilium agent + operator container. (default: 25m)' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + debug: + description: Debug runs Cilium in debug mode. + type: boolean + debugVerbose: + description: DebugVerbose is unused. + items: + type: string + type: array + device: + description: Device is unused. + type: string + disableCNPStatusUpdates: + description: DisableCNPStatusUpdates determines if CNP NodeStatus updates will be sent to the Kubernetes api-server. + type: boolean + disableConntrack: + description: DisableConntrack is unused. + type: boolean + disableEndpointCRD: + description: |- + DisableEndpointCRD disables usage of CiliumEndpoint CRD. + Default: false + type: boolean + disableIpv4: + description: DisableIpv4 is unused. + type: boolean + disableK8sServices: + description: DisableK8sServices is unused. + type: boolean + disableMasquerade: + description: DisableMasquerade disables masquerading traffic to external destinations behind the node IP. + type: boolean + enableBPFMasquerade: + description: |- + EnableBPFMasquerade enables masquerading packets from endpoints leaving the host with BPF instead of iptables. + Default: false + type: boolean + enableEncryption: + description: |- + EnableEncryption enables Cilium Encryption. + Default: false + type: boolean + enableEndpointHealthChecking: + description: |- + EnableEndpointHealthChecking enables connectivity health checking between virtual endpoints. + Default: true + type: boolean + enableHostReachableServices: + description: |- + EnableHostReachableServices configures Cilium to enable services to be + reached from the host namespace in addition to pod namespaces. + https://docs.cilium.io/en/v1.9/gettingstarted/host-services/ + Default: false + type: boolean + enableL7Proxy: + description: |- + EnableL7Proxy enables L7 proxy for L7 policy enforcement. + Default: true + type: boolean + enableNodePort: + description: |- + EnableNodePort replaces kube-proxy with Cilium's BPF implementation. + Requires spec.kubeProxy.enabled be set to false. + Default: false + type: boolean + enablePolicy: + description: |- + EnablePolicy specifies the policy enforcement mode. + "default": Follows Kubernetes policy enforcement. + "always": Cilium restricts all traffic if no policy is in place. + "never": Cilium allows all traffic regardless of policies in place. + If unspecified, "default" policy mode will be used. + type: string + enablePrometheusMetrics: + description: EnablePrometheusMetrics enables the Cilium "/metrics" endpoint for both the agent and the operator. + type: boolean + enableRemoteNodeIdentity: + description: |- + EnableRemoteNodeIdentity enables the remote-node-identity. + Default: true + type: boolean + enableServiceTopology: + description: EnableServiceTopology determine if cilium should use topology aware hints. + type: boolean + enableTracing: + description: EnableTracing is unused. + type: boolean + enableUnreachableRoutes: + description: |- + EnableUnreachableRoutes enables unreachable routes on pod deletion. + Default: false + type: boolean + enableipv4: + description: EnableIpv4 is unused. + type: boolean + enableipv6: + description: EnableIpv6 is unused. + type: boolean + encryptionType: + description: |- + EncryptionType specifies Cilium Encryption method ("ipsec", "wireguard"). + Default: ipsec + type: string + envoyLog: + description: EnvoyLog is unused. + type: string + etcdManaged: + description: |- + EtcdManagd installs an additional etcd cluster that is used for Cilium state change. + The cluster is operated by cilium-etcd-operator. + Default: false + type: boolean + hubble: + description: Hubble configures the Hubble service on the Cilium agent. + properties: + enabled: + description: Enabled decides if Hubble is enabled on the agent or not + type: boolean + metrics: + description: |- + Metrics is a list of metrics to collect. If empty or null, metrics are disabled. + See https://docs.cilium.io/en/stable/configuration/metrics/#hubble-exported-metrics + items: + type: string + type: array + type: object + identityAllocationMode: + description: |- + IdentityAllocationMode specifies in which backend identities are stored ("crd", "kvstore"). + Default: crd + type: string + identityChangeGracePeriod: + description: |- + IdentityChangeGracePeriod specifies the duration to wait before using a changed identity. + Default: 5s + type: string + ipam: + description: |- + IPAM specifies the IP address allocation mode to use. + Possible values are "crd" and "eni". + "eni" will use AWS native networking for pods. Eni requires masquerade to be set to false. + "crd" will use CRDs for controlling IP address management. + "hostscope" will use hostscope IPAM mode. + "kubernetes" will use addersing based on node pod CIDR. + Default: "kubernetes". + type: string + ipv4ClusterCidrMaskSize: + description: Ipv4ClusterCIDRMaskSize is unused. + type: integer + ipv4Node: + description: Ipv4Node is unused. + type: string + ipv4Range: + description: Ipv4Range is unused. + type: string + ipv4ServiceRange: + description: Ipv4ServiceRange is unused. + type: string + ipv6ClusterAllocCidr: + description: Ipv6ClusterAllocCidr is unused. + type: string + ipv6Node: + description: Ipv6Node is unused. + type: string + ipv6Range: + description: Ipv6Range is unused. + type: string + ipv6ServiceRange: + description: Ipv6ServiceRange is unused. + type: string + k8sApiServer: + description: K8sAPIServer is unused. + type: string + k8sKubeconfigPath: + description: K8sKubeconfigPath is unused. + type: string + keepBpfTemplates: + description: KeepBPFTemplates is unused. + type: boolean + keepConfig: + description: KeepConfig is unused. + type: boolean + labelPrefixFile: + description: LabelPrefixFile is unused. + type: string + labels: + description: Labels is unused. + items: + type: string + type: array + lb: + description: LB is unused. + type: string + libDir: + description: LibDir is unused. + type: string + logDriver: + description: LogDrivers is unused. + items: + type: string + type: array + logOpt: + additionalProperties: + type: string + description: LogOpt is unused. + type: object + logstash: + description: Logstash is unused. + type: boolean + logstashAgent: + description: LogstashAgent is unused. + type: string + logstashProbeTimer: + description: LogstashProbeTimer is unused. + format: int32 + type: integer + memoryRequest: + anyOf: + - type: integer + - type: string + description: 'MemoryRequest memory request of Cilium agent + operator container. (default: 128Mi)' + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + metrics: + description: Metrics is a list of metrics to add or remove from the default list of metrics the agent exposes. + items: + type: string + type: array + monitorAggregation: + description: |- + MonitorAggregation sets the level of packet monitoring. Possible values are "low", "medium", or "maximum". + Default: medium + type: string + nat46Range: + description: Nat46Range is unused. + type: string + nodeEncryption: + description: |- + NodeEncryption enables encryption for pure node to node traffic. + Default: false + type: boolean + nodeInitBootstrapFile: + description: NodeInitBootstrapFile is unused. + type: string + operatorPodAnnotations: + additionalProperties: + type: string + description: |- + OperatorPodAnnotations makes possible to add additional annotations to cilium operator. + Default: none + type: object + pprof: + description: Pprof is unused. + type: boolean + preallocateBPFMaps: + description: |- + PreallocateBPFMaps reduces the per-packet latency at the expense of up-front memory allocation. + Default: true + type: boolean + prefilterDevice: + description: PrefilterDevice is unused. + type: string + prometheusServeAddr: + description: PrometheusServeAddr is unused. + type: string + reconfigureKubelet: + description: ReconfigureKubelet is unused. + type: boolean + registry: + description: Registry overrides the default Cilium container registry (quay.io) + type: string + removeCbrBridge: + description: RemoveCbrBridge is unused. + type: boolean + restartPods: + description: RestartPods is unused. + type: boolean + restore: + description: Restore is unused. + type: boolean + sidecarIstioProxyImage: + description: |- + SidecarIstioProxyImage is the regular expression matching compatible Istio sidecar istio-proxy + container image names. + Default: cilium/istio_proxy + type: string + singleClusterRoute: + description: SingleClusterRoute is unused. + type: boolean + socketPath: + description: SocketPath is unused. + type: string + stateDir: + description: StateDir is unused. + type: string + toFqdnsDnsRejectResponseCode: + description: |- + ToFQDNsDNSRejectResponseCode sets the DNS response code for rejecting DNS requests. + Possible values are "nameError" or "refused". + Default: refused + type: string + toFqdnsEnablePoller: + description: |- + ToFQDNsEnablePoller replaces the DNS proxy-based implementation of FQDN policies + with the less powerful legacy implementation. + Default: false + type: boolean + tracePayloadlen: + description: TracePayloadLen is unused. + type: integer + tunnel: + description: |- + Tunnel specifies the Cilium tunnelling mode. Possible values are "vxlan", "geneve", or "disabled". + Default: vxlan + type: string + version: + description: Version is the version of the Cilium agent and the Cilium Operator. + type: string + type: object + classic: + description: |- + ClassicNetworkingSpec is the specification of classic networking mode, integrated into kubernetes. + Support been removed since Kubernetes 1.4. + type: object + cni: + description: CNINetworkingSpec is the specification for networking that is implemented by a user-provided Daemonset, which uses the CNI kubelet networking plugin. + properties: + usesSecondaryIP: + type: boolean + type: object + external: + description: ExternalNetworkingSpec is the specification for networking that is implemented by a user-provided Daemonset that uses the Kubenet kubelet networking plugin. + type: object + flannel: + description: FlannelNetworkingSpec declares that we want Flannel networking + properties: + backend: + description: Backend is the backend overlay type we want to use (vxlan or udp) + type: string + disableTxChecksumOffloading: + description: DisableTxChecksumOffloading is unused. + type: boolean + iptablesResyncSeconds: + description: IptablesResyncSeconds sets resync period for iptables rules, in seconds + format: int32 + type: integer + type: object + gce: + description: GCPNetworkingSpec is the specification of GCP's native networking mode, using IP aliases. + type: object + kopeio: + description: KopeioNetworkingSpec declares that we want Kopeio networking + type: object + kubenet: + description: KubenetNetworkingSpec is the specification for kubenet networking, largely integrated but intended to replace classic + type: object + kuberouter: + description: KuberouterNetworkingSpec declares that we want Kube-router networking + type: object + lyftvpc: + description: |- + LyftVPCNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking. + Lyft VPC is deprecated as of kOps 1.22 and removed as of kOps 1.23. + properties: + subnetTags: + additionalProperties: + type: string + type: object + type: object + romana: + description: |- + RomanaNetworkingSpec declares that we want Romana networking + Romana is deprecated as of kOps 1.18 and removed as of kOps 1.19. + properties: + daemonServiceIP: + description: DaemonServiceIP is the Kubernetes Service IP for the romana-daemon pod + type: string + etcdServiceIP: + description: EtcdServiceIP is the Kubernetes Service IP for the etcd backend used by Romana + type: string + type: object + weave: + description: WeaveNetworkingSpec declares that we want Weave networking + properties: + connLimit: + format: int32 + type: integer + cpuLimit: + anyOf: + - type: integer + - type: string + description: CPULimit CPU limit of weave container. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cpuRequest: + anyOf: + - type: integer + - type: string + description: CPURequest CPU request of weave container. Default 50m + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memoryLimit: + anyOf: + - type: integer + - type: string + description: MemoryLimit memory limit of weave container. Default 200Mi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memoryRequest: + anyOf: + - type: integer + - type: string + description: MemoryRequest memory request of weave container. Default 200Mi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + mtu: + format: int32 + type: integer + netExtraArgs: + description: NetExtraArgs are extra arguments that are passed to weave-kube. + type: string + noMasqLocal: + format: int32 + type: integer + npcCPULimit: + anyOf: + - type: integer + - type: string + description: NPCCPULimit CPU limit of weave npc container + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + npcCPURequest: + anyOf: + - type: integer + - type: string + description: NPCCPURequest CPU request of weave npc container. Default 50m + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + npcExtraArgs: + description: NPCExtraArgs are extra arguments that are passed to weave-npc. + type: string + npcMemoryLimit: + anyOf: + - type: integer + - type: string + description: NPCMemoryLimit memory limit of weave npc container. Default 200Mi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + npcMemoryRequest: + anyOf: + - type: integer + - type: string + description: NPCMemoryRequest memory request of weave npc container. Default 200Mi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + version: + description: Version specifies the Weave container image tag. The default depends on the kOps version. + type: string + type: object + type: object + nodeAuthorization: + description: NodeAuthorization defined the custom node authorization configuration + properties: + nodeAuthorizer: + description: NodeAuthorizer defined the configuration for the node authorizer + properties: + authorizer: + description: Authorizer is the authorizer to use + type: string + features: + description: Features is a series of authorizer features to enable or disable + items: + type: string + type: array + image: + description: Image is the location of container + type: string + interval: + description: Interval the time between retires for authorization request + type: string + nodeURL: + description: NodeURL is the node authorization service url + type: string + port: + description: Port is the port the service is running on the master + type: integer + timeout: + description: Timeout the max time for authorization request + type: string + tokenTTL: + description: TokenTTL is the max ttl for an issued token + type: string + type: object + type: object + nodePortAccess: + description: NodePortAccess is a list of the CIDRs that can access the node ports range (30000-32767). + items: + type: string + type: array + nodeProblemDetector: + description: NodeProblemDetector determines the node problem detector configuration. + properties: + cpuLimit: + anyOf: + - type: integer + - type: string + description: |- + CPULimit of NodeProblemDetector container. + Default: 10m + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + cpuRequest: + anyOf: + - type: integer + - type: string + description: |- + CPURequest of NodeProblemDetector container. + Default: 10m + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + enabled: + description: |- + Enabled enables the NodeProblemDetector. + Default: false + type: boolean + image: + description: Image is the NodeProblemDetector docker container used. + type: string + memoryLimit: + anyOf: + - type: integer + - type: string + description: |- + MemoryLimit of NodeProblemDetector container. + Default: 80Mi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memoryRequest: + anyOf: + - type: integer + - type: string + description: |- + MemoryRequest of NodeProblemDetector container. + Default: 80Mi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + nodeTerminationHandler: + description: NodeTerminationHandler determines the cluster autoscaler configuration. + properties: + cpuRequest: + anyOf: + - type: integer + - type: string + description: |- + CPURequest of NodeTerminationHandler container. + Default: 50m + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + enableRebalanceDraining: + description: |- + EnableRebalanceDraining makes node termination handler drain nodes when the rebalance recommendation notice is received. + Default: false + type: boolean + enableRebalanceMonitoring: + description: |- + EnableRebalanceMonitoring makes node termination handler cordon nodes when the rebalance recommendation notice is received. + In queue-processor mode, cannot be enabled without rebalance draining. + Default: false + type: boolean + enableSQSTerminationDraining: + description: |- + EnableSQSTerminationDraining enables queue-processor mode which drains nodes when an SQS termination event is received. + Default: true + type: boolean + enableScheduledEventDraining: + description: |- + EnableScheduledEventDraining makes node termination handler drain nodes before the maintenance window starts for an EC2 instance scheduled event. + Cannot be disabled in queue-processor mode. + Default: true + type: boolean + enableSpotInterruptionDraining: + description: |- + EnableSpotInterruptionDraining makes node termination handler drain nodes when spot interruption termination notice is received. + Cannot be disabled in queue-processor mode. + Default: true + type: boolean + enabled: + description: |- + Enabled enables the node termination handler. + Default: true + type: boolean + excludeFromLoadBalancers: + description: |- + ExcludeFromLoadBalancers makes node termination handler will mark for exclusion from load balancers before node are cordoned. + Default: true + type: boolean + managedASGTag: + description: |- + ManagedASGTag is the tag used to determine which nodes NTH can take action on + This field has kept its name even though it now maps to the --managed-tag flag due to keeping the API stable. + Node termination handler does no longer check the ASG for this tag, but the actual EC2 instances. + type: string + memoryRequest: + anyOf: + - type: integer + - type: string + description: |- + MemoryRequest of NodeTerminationHandler container. + Default: 64Mi + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + prometheusEnable: + description: |- + EnablePrometheusMetrics enables the "/metrics" endpoint. + Default: false + type: boolean + version: + description: Version is the container image tag used. + type: string + type: object + nonMasqueradeCIDR: + description: |- + MasterIPRange string `json:",omitempty"` + NonMasqueradeCIDR is the CIDR for the internal k8s network (on which pods & services live) + It cannot overlap ServiceClusterIPRange + type: string + ntp: + description: NTPConfig is the configuration for NTP. + properties: + managed: + description: |- + Managed controls if the NTP configuration is managed by kOps. + The NTP configuration task is skipped if this is set to false. + type: boolean + type: object + podCIDR: + description: PodCIDR is the CIDR from which we allocate IPs for pods + type: string + podIdentityWebhook: + description: PodIdentityWebhook determines the EKS Pod Identity Webhook configuration. + properties: + enabled: + type: boolean + replicas: + type: integer + type: object + project: + description: Project is the cloud project we should use, required on GCE + type: string + rollingUpdate: + description: RollingUpdate defines the default rolling-update settings for instance groups + properties: + drainAndTerminate: + description: |- + DrainAndTerminate enables draining and terminating nodes during rolling updates. + Defaults to true. + type: boolean + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + MaxSurge is the maximum number of extra nodes that can be created + during the update. + The value can be an absolute number (for example 5) or a percentage of + desired machines (for example 10%). + The absolute number is calculated from a percentage by rounding up. + Has no effect on instance groups with role "Master". + Defaults to 1 on AWS, 0 otherwise. + Example: when this is set to 30%, the InstanceGroup can be scaled + up immediately when the rolling update starts, such that the total + number of old and new nodes do not exceed 130% of desired + nodes. + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + MaxUnavailable is the maximum number of nodes that can be unavailable during the update. + The value can be an absolute number (for example 5) or a percentage of desired + nodes (for example 10%). + The absolute number is calculated from a percentage by rounding down. + Defaults to 1 if MaxSurge is 0, otherwise defaults to 0. + Example: when this is set to 30%, the InstanceGroup can be scaled + down to 70% of desired nodes immediately when the rolling update + starts. Once new nodes are ready, more old nodes can be drained, + ensuring that the total number of nodes available at all times + during the update is at least 70% of desired nodes. + x-kubernetes-int-or-string: true + type: object + secretStore: + description: SecretStore is the VFS path to where secrets are stored + type: string + serviceAccountIssuerDiscovery: + description: ServiceAccountIssuerDiscovery configures the OIDC Issuer for ServiceAccounts. + properties: + additionalAudiences: + description: AdditionalAudiences adds user defined audiences to the provisioned AWS OIDC provider + items: + type: string + type: array + discoveryStore: + description: DiscoveryStore is the VFS path to where OIDC Issuer Discovery metadata is stored. + type: string + enableAWSOIDCProvider: + description: EnableAWSOIDCProvider will provision an AWS OIDC provider that trusts the ServiceAccount Issuer + type: boolean + type: object + serviceClusterIPRange: + description: ServiceClusterIPRange is the CIDR, from the internal network, where we allocate IPs for services + type: string + snapshotController: + description: SnapshotController defines the CSI Snapshot Controller configuration. + properties: + enabled: + description: Enabled enables the CSI Snapshot Controller + type: boolean + installDefaultClass: + description: InstallDefaultClass will install the default VolumeSnapshotClass + type: boolean + type: object + sshAccess: + description: |- + SSHAccess determines the permitted access to SSH + Currently only a single CIDR is supported (though a richer grammar could be added in future) + items: + type: string + type: array + sshKeyName: + description: SSHKeyName specifies a preexisting SSH key to use + type: string + subnets: + description: Configuration of subnets we are targeting + items: + properties: + additionalRoutes: + description: AdditionalRoutes to attach to the subnet's route table + items: + properties: + cidr: + description: CIDR destination of the route + type: string + target: + description: Target of the route + type: string + type: object + type: array + cidr: + description: CIDR is the IPv4 CIDR block assigned to the subnet. + type: string + egress: + description: Egress defines the method of traffic egress for this subnet + type: string + id: + description: ID is the cloud provider ID for the objects associated with the zone (the subnet on AWS). + type: string + ipv6CIDR: + description: IPv6CIDR is the IPv6 CIDR block assigned to the subnet. + type: string + name: + type: string + publicIP: + description: PublicIP to attach to NatGateway + type: string + region: + description: Region is the region the subnet is in, set for subnets that are regionally scoped + type: string + type: + description: SubnetType string describes subnet types (public, private, utility) + type: string + zone: + description: Zone is the zone the subnet is in, set for subnets that are zonally scoped + type: string + type: object + type: array + sysctlParameters: + description: |- + SysctlParameters will configure kernel parameters using sysctl(8). When + specified, each parameter must follow the form variable=value, the way + it would appear in sysctl.conf. + items: + type: string + type: array + target: + description: Target allows for us to nest extra config for targets such as terraform + properties: + terraform: + description: TerraformSpec allows us to specify terraform config in an extensible way + properties: + filesProviderExtraConfig: + additionalProperties: + type: string + description: FilesProviderExtraConfig contains key/value pairs to add to the terraform provider block used for managed files + type: object + providerExtraConfig: + additionalProperties: + type: string + description: ProviderExtraConfig contains key/value pairs to add to the main terraform provider block + type: object + type: object + type: object + topology: + description: |- + Topology defines the type of network topology to use on the cluster - default public + This is heavily weighted towards AWS for the time being, but should also be agnostic enough + to port out to GCE later if needed + properties: + bastion: + description: |- + Bastion provide an external facing point of entry into a network + containing private network instances. This host can provide a single + point of fortification or audit and can be started and stopped to enable + or disable inbound SSH communication from the Internet, some call bastion + as the "jump server". + properties: + bastionPublicName: + type: string + idleTimeoutSeconds: + description: IdleTimeoutSeconds is unused + format: int64 + type: integer + loadBalancer: + properties: + additionalSecurityGroups: + description: AdditionalSecurityGroups is unused + items: + type: string + type: array + type: + description: Type of load balancer to create, it can be Public or Internal. + type: string + type: object + type: object + dns: + description: DNS configures options relating to DNS, in particular whether we use a public or a private hosted zone + properties: + type: + type: string + type: object + masters: + description: Masters is not used. + type: string + nodes: + description: Nodes is not used. + type: string + type: object + updatePolicy: + description: |- + UpdatePolicy determines the policy for applying upgrades automatically. + Valid values: + 'automatic' (default): apply updates automatically (apply OS security upgrades, avoiding rebooting when possible) + 'external': do not apply updates automatically; they are applied manually or by an external system + type: string + useHostCertificates: + description: |- + UseHostCertificates will mount /etc/ssl/certs to inside needed containers. + This is needed if some APIs do have self-signed certs + type: boolean + warmPool: + description: WarmPool defines the default warm pool settings for instance groups (AWS only). + properties: + enableLifecycleHook: + description: |- + EnableLifecycleHook determines if an ASG lifecycle hook will be added ensuring that nodeup runs to completion. + Note that the metadata API must be protected from arbitrary Pods when this is enabled. + type: boolean + maxSize: + description: |- + MaxSize is the maximum size of the warm pool. The desired size of the instance group + is subtracted from this number to determine the desired size of the warm pool + (unless the resulting number is smaller than MinSize). + The default is the instance group's MaxSize. + format: int64 + type: integer + minSize: + description: MinSize is the minimum size of the pool + format: int64 + type: integer + type: object + type: object + kopsSecret: + description: KopsSecret is a reference to the Kubernetes Secret that holds a list of Kops Secrets + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + spotInst: + description: SpotInst enables Spot and define their feature flags + properties: + enabled: + description: Enabled specifies whether Spot.io should be enabled + type: boolean + featureFlags: + description: Feature flags used by Kops to enable Spot features + type: string + required: + - enabled + - featureFlags + type: object + required: + - SSHPublicKey + - identityRef + - kopsClusterSpec + type: object + status: + description: KopsControlPlaneStatus defines the observed state of KopsControlPlane + properties: + conditions: + description: Conditions defines current service state of the KopsControlPlane. + items: + description: Condition defines an observation of a Cluster API resource operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: |- + ErrorMessage indicates that there is a terminal problem reconciling the + state, and will be set to a descriptive error message. + type: string + paused: + default: false + description: Paused indicates that the controller is prevented from processing the KopsControlPlane and all its associated objects. + type: boolean + ready: + default: false + description: |- + Ready denotes that the API Server is ready to + receive requests. + type: boolean + secrets: + description: Secrets are the list of custom secrets created with the controller + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + cluster.x-k8s.io/v1beta1: v1alpha1 + name: kopsmachinepools.infrastructure.cluster.x-k8s.io +spec: + group: infrastructure.cluster.x-k8s.io + names: + kind: KopsMachinePool + listKind: KopsMachinePoolList + plural: kopsmachinepools + shortNames: + - kmp + singular: kopsmachinepool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: KopsMachinePool is the Schema for the kopsmachinepools API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: KopsMachinePoolSpec defines the desired state of KopsMachinePool + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs to. + minLength: 1 + type: string + karpenterProvisioners: + description: KarpenterProvisioners is the list of provisioners to be applied. + items: + description: Provisioner is the Schema for the Provisioners API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + spec: + description: |- + ProvisionerSpec is the top level provisioner specification. Provisioners + launch nodes in response to pods that are unschedulable. A single provisioner + is capable of managing a diverse set of nodes. Node properties are determined + from a combination of provisioner and pod scheduling constraints. + properties: + annotations: + additionalProperties: + type: string + description: Annotations are applied to every node. + type: object + consolidation: + description: Consolidation are the consolidation parameters + properties: + enabled: + description: Enabled enables consolidation if it has been set + type: boolean + type: object + kubeletConfiguration: + description: KubeletConfiguration are options passed to the kubelet when provisioning nodes + properties: + clusterDNS: + description: |- + clusterDNS is a list of IP addresses for the cluster DNS server. + Note that not all providers may use all addresses. + items: + type: string + type: array + containerRuntime: + description: ContainerRuntime is the container runtime to be used with your worker nodes. + type: string + cpuCFSQuota: + description: CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits. + type: boolean + evictionHard: + additionalProperties: + type: string + description: EvictionHard is the map of signal names to quantities that define hard eviction thresholds + type: object + evictionMaxPodGracePeriod: + description: |- + EvictionMaxPodGracePeriod is the maximum allowed grace period (in seconds) to use when terminating pods in + response to soft eviction thresholds being met. + format: int32 + type: integer + evictionSoft: + additionalProperties: + type: string + description: EvictionSoft is the map of signal names to quantities that define soft eviction thresholds + type: object + evictionSoftGracePeriod: + additionalProperties: + type: string + description: EvictionSoftGracePeriod is the map of signal names to quantities that define grace periods for each eviction signal + type: object + imageGCHighThresholdPercent: + description: |- + ImageGCHighThresholdPercent is the percent of disk usage after which image + garbage collection is always run. The percent is calculated by dividing this + field value by 100, so this field must be between 0 and 100, inclusive. + When specified, the value must be greater than ImageGCLowThresholdPercent. + format: int32 + maximum: 100 + minimum: 0 + type: integer + imageGCLowThresholdPercent: + description: |- + ImageGCLowThresholdPercent is the percent of disk usage before which image + garbage collection is never run. Lowest disk usage to garbage collect to. + The percent is calculated by dividing this field value by 100, + so the field value must be between 0 and 100, inclusive. + When specified, the value must be less than imageGCHighThresholdPercent + format: int32 + maximum: 100 + minimum: 0 + type: integer + kubeReserved: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: KubeReserved contains resources reserved for Kubernetes system components. + type: object + maxPods: + description: |- + MaxPods is an override for the maximum number of pods that can run on + a worker node instance. + format: int32 + minimum: 0 + type: integer + podsPerCore: + description: |- + PodsPerCore is an override for the number of pods that can run on a worker node + instance based on the number of cpu cores. This value cannot exceed MaxPods, so, if + MaxPods is a lower value, that value will be used. + format: int32 + minimum: 0 + type: integer + systemReserved: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: SystemReserved contains resources reserved for OS system daemons and kernel memory. + type: object + type: object + labels: + additionalProperties: type: string description: Labels are layered with Requirements and applied to every node. type: object @@ -4378,7 +10802,9 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true providerRef: - description: ProviderRef is a reference to a dedicated CRD for the chosen provider, that holds additional configuration options + description: |- + ProviderRef is a reference to a dedicated CRD for the chosen provider, that holds + additional configuration options properties: apiVersion: description: API version of the referent @@ -4395,16 +10821,25 @@ spec: requirements: description: Requirements are layered with Labels and applied to every node. items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -4414,18 +10849,29 @@ spec: type: object type: array startupTaints: - description: StartupTaints are taints that are applied to nodes upon startup which are expected to be removed automatically within a short period of time, typically by a DaemonSet that tolerates the taint. These are commonly used by daemonsets to allow initialization and enforce startup ordering. StartupTaints are ignored for provisioning purposes in that pods are not required to tolerate a StartupTaint in order to have nodes provisioned for them. + description: |- + StartupTaints are taints that are applied to nodes upon startup which are expected to be removed automatically + within a short period of time, typically by a DaemonSet that tolerates the taint. These are commonly used by + daemonsets to allow initialization and enforce startup ordering. StartupTaints are ignored for provisioning + purposes in that pods are not required to tolerate a StartupTaint in order to have nodes provisioned for them. items: - description: The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. properties: effect: - description: Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: Required. The taint key to be applied to a node. type: string timeAdded: - description: TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. format: date-time type: string value: @@ -4437,18 +10883,29 @@ spec: type: object type: array taints: - description: Taints will be applied to every node launched by the Provisioner. If specified, the provisioner will not provision nodes for pods that do not have matching tolerations. Additional taints will be created that match pod tolerations on a per-node basis. + description: |- + Taints will be applied to every node launched by the Provisioner. If + specified, the provisioner will not provision nodes for pods that do not + have matching tolerations. Additional taints will be created that match + pod tolerations on a per-node basis. items: - description: The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. properties: effect: - description: Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: Required. The taint key to be applied to a node. type: string timeAdded: - description: TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. format: date-time type: string value: @@ -4460,15 +10917,33 @@ spec: type: object type: array ttlSecondsAfterEmpty: - description: "TTLSecondsAfterEmpty is the number of seconds the controller will wait before attempting to delete a node, measured from when the node is detected to be empty. A Node is considered to be empty when it does not have pods scheduled to it, excluding daemonsets. \n Termination due to no utilization is disabled if this field is not set." + description: |- + TTLSecondsAfterEmpty is the number of seconds the controller will wait + before attempting to delete a node, measured from when the node is + detected to be empty. A Node is considered to be empty when it does not + have pods scheduled to it, excluding daemonsets. + + + Termination due to no utilization is disabled if this field is not set. format: int64 type: integer ttlSecondsUntilExpired: - description: "TTLSecondsUntilExpired is the number of seconds the controller will wait before terminating a node, measured from when the node is created. This is useful to implement features like eventually consistent node upgrade, memory leak protection, and disruption testing. \n Termination due to expiration is disabled if this field is not set." + description: |- + TTLSecondsUntilExpired is the number of seconds the controller will wait + before terminating a node, measured from when the node is created. This + is useful to implement features like eventually consistent node upgrade, + memory leak protection, and disruption testing. + + + Termination due to expiration is disabled if this field is not set. format: int64 type: integer weight: - description: Weight is the priority given to the provisioner during scheduling. A higher numerical weight indicates that this provisioner will be ordered ahead of other provisioners with lower weights. A provisioner with no weight will be treated as if it is a provisioner with a weight of 0. + description: |- + Weight is the priority given to the provisioner during scheduling. A higher + numerical weight indicates that this provisioner will be ordered + ahead of other provisioners with lower weights. A provisioner with no weight + will be treated as if it is a provisioner with a weight of 0. format: int32 maximum: 100 minimum: 1 @@ -4478,12 +10953,19 @@ spec: description: ProvisionerStatus defines the observed state of Provisioner properties: conditions: - description: Conditions is the set of conditions required for this provisioner to scale its target, and indicates whether or not those conditions are met. + description: |- + Conditions is the set of conditions required for this provisioner to scale + its target, and indicates whether or not those conditions are met. items: - description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + description: |- + Condition defines a readiness condition for a Knative resource. + See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties properties: lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + description: |- + LastTransitionTime is the last time the condition transitioned from one status to another. + We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic + differences (all other things held constant). type: string message: description: A human readable message indicating details about the transition. @@ -4492,7 +10974,9 @@ spec: description: The reason for the condition's last transition. type: string severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + description: |- + Severity with which to treat failures of this type of condition. + When this is not specified, it defaults to Error. type: string status: description: Status of the condition, one of True, False, Unknown. @@ -4506,7 +10990,9 @@ spec: type: object type: array lastScaleTime: - description: LastScaleTime is the last time the Provisioner scaled the number of nodes + description: |- + LastScaleTime is the last time the Provisioner scaled the number + of nodes format: date-time type: string resources: @@ -4588,10 +11074,14 @@ spec: type: boolean type: object enabled: - description: Enabled determines if kOps will install the Nvidia GPU runtime and drivers. They will only be installed on intances that has an Nvidia GPU. + description: |- + Enabled determines if kOps will install the Nvidia GPU runtime and drivers. + They will only be installed on intances that has an Nvidia GPU. type: boolean package: - description: Package is the name of the nvidia driver package that will be installed. Default is "nvidia-headless-510-server". + description: |- + Package is the name of the nvidia driver package that will be installed. + Default is "nvidia-headless-510-server". type: string type: object packages: @@ -4643,6 +11133,9 @@ spec: description: Version used to pick the runc package. type: string type: object + selinuxEnabled: + description: SelinuxEnabled enables SELinux support + type: boolean skipInstall: description: SkipInstall prevents kOps from installing and modifying containerd in any way (default "false"). type: boolean @@ -4701,7 +11194,11 @@ spec: type: object type: array gcpProvisioningModel: - description: 'GCPProvisioningModel: Specifies the provisioning model of the GCP instance. Valid values: ''STANDARD'': (default) standard provisioning with user controlled run time, no discounts ''SPOT'': heavily discounted, no guaranteed run time.' + description: |- + GCPProvisioningModel: Specifies the provisioning model of the GCP instance. + Valid values: + 'STANDARD': (default) standard provisioning with user controlled run time, no discounts + 'SPOT': heavily discounted, no guaranteed run time. type: string guestAccelerators: description: GuestAccelerators configures additional accelerators @@ -4763,7 +11260,10 @@ spec: type: string type: array useRawManifest: - description: UseRawManifest indicates that the contents of Manifest should be used as the contents of the systemd unit, unmodified. Before and Requires are ignored when used together with this value (and validation shouldn't allow them to be set) + description: |- + UseRawManifest indicates that the contents of Manifest should be used as the contents + of the systemd unit, unmodified. Before and Requires are ignored when used together + with this value (and validation shouldn't allow them to be set) type: boolean type: object type: array @@ -4771,24 +11271,32 @@ spec: description: IAMProfileSpec defines the identity of the cloud group IAM profile (AWS only). properties: profile: - description: Profile is the AWS IAM Profile to attach to instances in this instance group. Specify the ARN for the IAM instance profile. (AWS only) + description: |- + Profile is the AWS IAM Profile to attach to instances in this instance group. + Specify the ARN for the IAM instance profile. (AWS only) type: string type: object image: description: Image is the instance (ami etc) we should use type: string instanceInterruptionBehavior: - description: InstanceInterruptionBehavior defines if a spot instance should be terminated, hibernated, or stopped after interruption + description: |- + InstanceInterruptionBehavior defines if a spot instance should be terminated, hibernated, + or stopped after interruption type: string instanceMetadata: description: InstanceMetadata defines the EC2 instance metadata service options (AWS Only) properties: httpPutResponseHopLimit: - description: HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. The default value is 1. + description: |- + HTTPPutResponseHopLimit is the desired HTTP PUT response hop limit for instance metadata requests. + The larger the number, the further instance metadata requests can travel. The default value is 1. format: int64 type: integer httpTokens: - description: HTTPTokens is the state of token usage for the instance metadata requests. If the parameter is not specified in the request, the default state is "required". + description: |- + HTTPTokens is the state of token usage for the instance metadata requests. + If the parameter is not specified in the request, the default state is "required". type: string type: object instanceProtection: @@ -4909,7 +11417,9 @@ spec: description: ExperimentalAllocatableIgnoreEviction enables ignoring Hard Eviction Thresholds while calculating Node Allocatable type: boolean experimentalAllowedUnsafeSysctls: - description: ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 + description: |- + ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls + Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 items: type: string type: array @@ -4922,7 +11432,16 @@ spec: description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. type: object hairpinMode: - description: 'How should the kubelet configure the container bridge for hairpin packets. Setting this flag allows endpoints in a Service to loadbalance back to themselves if they should try to access their own Service. Values: "promiscuous-bridge": make the container bridge promiscuous. "hairpin-veth": set the hairpin flag on container veth interfaces. "none": do nothing. Setting --configure-cbr0 to false implies that to achieve hairpin NAT one must set --hairpin-mode=veth-flag, because bridge assumes the existence of a container bridge named cbr0.' + description: |- + How should the kubelet configure the container bridge for hairpin packets. + Setting this flag allows endpoints in a Service to loadbalance back to + themselves if they should try to access their own Service. Values: + "promiscuous-bridge": make the container bridge promiscuous. + "hairpin-veth": set the hairpin flag on container veth interfaces. + "none": do nothing. + Setting --configure-cbr0 to false implies that to achieve hairpin NAT + one must set --hairpin-mode=veth-flag, because bridge assumes the + existence of a container bridge named cbr0. type: string hostnameOverride: description: HostnameOverride is the hostname used to identify the kubelet instead of the actual hostname. @@ -4931,15 +11450,22 @@ spec: description: HousekeepingInterval allows to specify interval between container housekeepings. type: string imageGCHighThresholdPercent: - description: ImageGCHighThresholdPercent is the percent of disk usage after which image garbage collection is always run. + description: |- + ImageGCHighThresholdPercent is the percent of disk usage after which + image garbage collection is always run. format: int32 type: integer imageGCLowThresholdPercent: - description: ImageGCLowThresholdPercent is the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. + description: |- + ImageGCLowThresholdPercent is the percent of disk usage before which + image garbage collection is never run. Lowest disk usage to garbage + collect to. format: int32 type: integer imagePullProgressDeadline: - description: ImagePullProgressDeadline is the timeout for image pulls If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) + description: |- + ImagePullProgressDeadline is the timeout for image pulls + If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) type: string kernelMemcgNotification: description: Integrate with the kernel memcg notification to determine if memory eviction thresholds are crossed rather than polling. @@ -4959,7 +11485,10 @@ spec: description: KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. type: string logFormat: - description: 'LogFormat is the logging format of the kubelet. Supported values: text, json. Default: text' + description: |- + LogFormat is the logging format of the kubelet. + Supported values: text, json. + Default: text type: string logLevel: description: LogLevel is the logging level of the kubelet @@ -4970,10 +11499,15 @@ spec: format: int32 type: integer memorySwapBehavior: - description: 'MemorySwapBehavior defines how swap is used by container workloads. Supported values: LimitedSwap, "UnlimitedSwap.' + description: |- + MemorySwapBehavior defines how swap is used by container workloads. + Supported values: LimitedSwap, "UnlimitedSwap. type: string networkPluginMTU: - description: NetworkPluginMTU is the MTU to be passed to the network plugin, and overrides the default MTU for cases where it cannot be automatically computed (such as IPSEC). + description: |- + NetworkPluginMTU is the MTU to be passed to the network plugin, + and overrides the default MTU for cases where it cannot be automatically + computed (such as IPSEC). format: int32 type: integer networkPluginName: @@ -4985,7 +11519,9 @@ spec: description: NodeLabels to add when registering the node in the cluster. type: object nodeStatusUpdateFrequency: - description: NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. + description: |- + NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) + must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. type: string nonMasqueradeCIDR: description: 'NonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.' @@ -4995,7 +11531,9 @@ spec: format: int32 type: integer podCIDR: - description: PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. In cluster mode, this is obtained from the master. + description: |- + PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. + In cluster mode, this is obtained from the master. type: string podInfraContainerImage: description: PodInfraContainerImage is the image whose network/ipc containers in each pod will use. @@ -5008,14 +11546,18 @@ spec: format: int64 type: integer protectKernelDefaults: - description: 'Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. (DEPRECATED: This parameter should be set via the config file specified by the Kubelet''s --config flag.' + description: |- + Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. + (DEPRECATED: This parameter should be set via the config file specified by the Kubelet's --config flag. type: boolean readOnlyPort: description: ReadOnlyPort is the port used by the kubelet api for read-only access (default 10255) format: int32 type: integer reconcileCIDR: - description: ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the API server. No-op if register-node or configure-cbr0 is false. + description: |- + ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the + API server. No-op if register-node or configure-cbr0 is false. type: boolean registerNode: description: RegisterNode enables automatic registration with the apiserver. @@ -5049,23 +11591,37 @@ spec: runtimeRequestTimeout: description: RuntimeRequestTimeout is timeout for runtime requests on - pull, logs, exec and attach type: string + seccompDefault: + description: SeccompDefault enables the use of `RuntimeDefault` as the default seccomp profile for all workloads. + type: boolean seccompProfileRoot: description: SeccompProfileRoot is the directory path for seccomp profiles. type: string serializeImagePulls: - description: '// SerializeImagePulls when enabled, tells the Kubelet to pull images one // at a time. We recommend *not* changing the default value on nodes that // run docker daemon with version < 1.9 or an Aufs storage backend. // Issue #10959 has more details.' + description: |- + // SerializeImagePulls when enabled, tells the Kubelet to pull images one + // at a time. We recommend *not* changing the default value on nodes that + // run docker daemon with version < 1.9 or an Aufs storage backend. + // Issue #10959 has more details. type: boolean shutdownGracePeriod: - description: 'ShutdownGracePeriod specifies the total duration that the node should delay the shutdown by. Default: 30s' + description: |- + ShutdownGracePeriod specifies the total duration that the node should delay the shutdown by. + Default: 30s type: string shutdownGracePeriodCriticalPods: - description: 'ShutdownGracePeriodCriticalPods specifies the duration used to terminate critical pods during a node shutdown. Default: 10s' + description: |- + ShutdownGracePeriodCriticalPods specifies the duration used to terminate critical pods during a node shutdown. + Default: 10s type: string streamingConnectionIdleTimeout: description: StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed type: string systemCgroups: - description: SystemCgroups is absolute name of cgroups in which to place all non-kernel processes that are not already in a container. Empty for no container. Rolling back the flag requires a reboot. + description: |- + SystemCgroups is absolute name of cgroups in which to place + all non-kernel processes that are not already in a container. Empty + for no container. Rolling back the flag requires a reboot. type: string systemReserved: additionalProperties: @@ -5111,7 +11667,9 @@ spec: description: Manager determines what is managing the node lifecycle type: string maxInstanceLifetime: - description: MaxInstanceLifetime to the maximum amount of time, in seconds, that an instance can be in service. Value expected must be in form of duration ("ms", "s", "m", "h") + description: |- + MaxInstanceLifetime to the maximum amount of time, in seconds, that an instance can be in service. + Value expected must be in form of duration ("ms", "s", "m", "h") type: string maxPrice: description: MaxPrice indicates this is a spot-pricing group, with the specified value as our max-price bid @@ -5167,21 +11725,32 @@ spec: type: string type: array onDemandAboveBase: - description: OnDemandAboveBase controls the percentages of On-Demand Instances and Spot Instances for your additional capacity beyond OnDemandBase. The range is 0–100. The default value is 100. If you leave this parameter set to 100, the percentages are 100% for On-Demand Instances and 0% for Spot Instances. + description: |- + OnDemandAboveBase controls the percentages of On-Demand Instances and Spot Instances for your + additional capacity beyond OnDemandBase. The range is 0–100. The default value is 100. If you + leave this parameter set to 100, the percentages are 100% for On-Demand Instances and 0% for + Spot Instances. format: int64 type: integer onDemandAllocationStrategy: description: OnDemandAllocationStrategy indicates how to allocate instance types to fulfill On-Demand capacity type: string onDemandBase: - description: OnDemandBase is the minimum amount of the Auto Scaling group's capacity that must be fulfilled by On-Demand Instances. This base portion is provisioned first as your group scales. + description: |- + OnDemandBase is the minimum amount of the Auto Scaling group's capacity that must be + fulfilled by On-Demand Instances. This base portion is provisioned first as your group scales. format: int64 type: integer spotAllocationStrategy: - description: SpotAllocationStrategy diversifies your Spot capacity across multiple instance types to find the best pricing. Higher Spot availability may result from a larger number of instance types to choose from. + description: |- + SpotAllocationStrategy diversifies your Spot capacity across multiple instance types to + find the best pricing. Higher Spot availability may result from a larger number of + instance types to choose from. type: string spotInstancePools: - description: SpotInstancePools is the number of Spot pools to use to allocate your Spot capacity (defaults to 2) pools are determined from the different instance types in the Overrides array of LaunchTemplate + description: |- + SpotInstancePools is the number of Spot pools to use to allocate your Spot capacity (defaults to 2) + pools are determined from the different instance types in the Overrides array of LaunchTemplate format: int64 type: integer type: object @@ -5202,19 +11771,42 @@ spec: description: RollingUpdate defines the rolling-update behavior properties: drainAndTerminate: - description: DrainAndTerminate enables draining and terminating nodes during rolling updates. Defaults to true. + description: |- + DrainAndTerminate enables draining and terminating nodes during rolling updates. + Defaults to true. type: boolean maxSurge: anyOf: - type: integer - type: string - description: 'MaxSurge is the maximum number of extra nodes that can be created during the update. The value can be an absolute number (for example 5) or a percentage of desired machines (for example 10%). The absolute number is calculated from a percentage by rounding up. Has no effect on instance groups with role "Master". Defaults to 1 on AWS, 0 otherwise. Example: when this is set to 30%, the InstanceGroup can be scaled up immediately when the rolling update starts, such that the total number of old and new nodes do not exceed 130% of desired nodes.' + description: |- + MaxSurge is the maximum number of extra nodes that can be created + during the update. + The value can be an absolute number (for example 5) or a percentage of + desired machines (for example 10%). + The absolute number is calculated from a percentage by rounding up. + Has no effect on instance groups with role "Master". + Defaults to 1 on AWS, 0 otherwise. + Example: when this is set to 30%, the InstanceGroup can be scaled + up immediately when the rolling update starts, such that the total + number of old and new nodes do not exceed 130% of desired + nodes. x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: integer - type: string - description: 'MaxUnavailable is the maximum number of nodes that can be unavailable during the update. The value can be an absolute number (for example 5) or a percentage of desired nodes (for example 10%). The absolute number is calculated from a percentage by rounding down. Defaults to 1 if MaxSurge is 0, otherwise defaults to 0. Example: when this is set to 30%, the InstanceGroup can be scaled down to 70% of desired nodes immediately when the rolling update starts. Once new nodes are ready, more old nodes can be drained, ensuring that the total number of nodes available at all times during the update is at least 70% of desired nodes.' + description: |- + MaxUnavailable is the maximum number of nodes that can be unavailable during the update. + The value can be an absolute number (for example 5) or a percentage of desired + nodes (for example 10%). + The absolute number is calculated from a percentage by rounding down. + Defaults to 1 if MaxSurge is 0, otherwise defaults to 0. + Example: when this is set to 30%, the InstanceGroup can be scaled + down to 70% of desired nodes immediately when the rolling update + starts. Once new nodes are ready, more old nodes can be drained, + ensuring that the total number of nodes available at all times + during the update is at least 70% of desired nodes. x-kubernetes-int-or-string: true type: object rootVolume: @@ -5263,7 +11855,10 @@ spec: type: string type: array sysctlParameters: - description: SysctlParameters will configure kernel parameters using sysctl(8). When specified, each parameter must follow the form variable=value, the way it would appear in sysctl.conf. + description: |- + SysctlParameters will configure kernel parameters using sysctl(8). When + specified, each parameter must follow the form variable=value, the way + it would appear in sysctl.conf. items: type: string type: array @@ -5276,7 +11871,12 @@ spec: description: Describes the tenancy of this instance group. Can be either default or dedicated. Currently only applies to AWS. type: string updatePolicy: - description: 'UpdatePolicy determines the policy for applying upgrades automatically. If specified, this value overrides a value specified in the Cluster''s "spec.updatePolicy" field. Valid values: ''automatic'' (default): apply updates automatically (apply OS security upgrades, avoiding rebooting when possible) ''external'': do not apply updates automatically; they are applied manually or by an external system' + description: |- + UpdatePolicy determines the policy for applying upgrades automatically. + If specified, this value overrides a value specified in the Cluster's "spec.updatePolicy" field. + Valid values: + 'automatic' (default): apply updates automatically (apply OS security upgrades, avoiding rebooting when possible) + 'external': do not apply updates automatically; they are applied manually or by an external system type: string volumeMounts: description: VolumeMounts a collection of volume mounts @@ -5310,7 +11910,9 @@ spec: description: VolumeSpec defined the spec for an additional volume attached to the instance group properties: deleteOnTermination: - description: DeleteOnTermination configures volume retention policy upon instance termination. The volume is deleted by default. Cluster deletion does not remove retained volumes. + description: |- + DeleteOnTermination configures volume retention policy upon instance termination. + The volume is deleted by default. Cluster deletion does not remove retained volumes. type: boolean device: description: Device is an optional device name of the block device @@ -5342,10 +11944,16 @@ spec: description: WarmPool specifies a pool of pre-warmed instances for later use (AWS only). properties: enableLifecycleHook: - description: EnableLifecyleHook determines if an ASG lifecycle hook will be added ensuring that nodeup runs to completion. Note that the metadata API must be protected from arbitrary Pods when this is enabled. + description: |- + EnableLifecyleHook determines if an ASG lifecycle hook will be added ensuring that nodeup runs to completion. + Note that the metadata API must be protected from arbitrary Pods when this is enabled. type: boolean maxSize: - description: MaxSize is the maximum size of the warm pool. The desired size of the instance group is subtracted from this number to determine the desired size of the warm pool (unless the resulting number is smaller than MinSize). The default is the instance group's MaxSize. + description: |- + MaxSize is the maximum size of the warm pool. The desired size of the instance group + is subtracted from this number to determine the desired size of the warm pool + (unless the resulting number is smaller than MinSize). + The default is the instance group's MaxSize. format: int64 type: integer minSize: @@ -5354,7 +11962,9 @@ spec: type: integer type: object zones: - description: Zones is the names of the Zones where machines in this instance group should be placed This is needed for regional subnets (e.g. GCE), to restrict placement to particular zones + description: |- + Zones is the names of the Zones where machines in this instance group should be placed + This is needed for regional subnets (e.g. GCE), to restrict placement to particular zones items: type: string type: array @@ -5363,7 +11973,9 @@ spec: description: ProviderID is the ARN of the associated ASG type: string providerIDList: - description: ProviderIDList are the identification IDs of machine instances provided by the provider. This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. + description: |- + ProviderIDList are the identification IDs of machine instances provided by the provider. + This field must match the provider IDs as seen on the node objects corresponding to a machine pool's machine instances. items: type: string type: array @@ -5385,23 +11997,37 @@ spec: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: - description: Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. format: date-time type: string message: - description: A human readable message indicating details about the transition. This field may be empty. + description: |- + A human readable message indicating details about the transition. + This field may be empty. type: string reason: - description: The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. type: string severity: - description: Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime @@ -5410,11 +12036,15 @@ spec: type: object type: array failureMessage: - description: ErrorMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message. + description: |- + ErrorMessage indicates that there is a terminal problem reconciling the + state, and will be set to a descriptive error message. type: string ready: default: false - description: Ready denotes that the API Server is ready to receive requests. + description: |- + Ready denotes that the API Server is ready to + receive requests. type: boolean replicas: description: Replicas is the most recently observed number of replicas @@ -5426,337 +12056,3 @@ spec: storage: true subresources: status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kubernetes-kops-operator-controller-manager - namespace: kubernetes-kops-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kubernetes-kops-operator-leader-election-role - namespace: kubernetes-kops-operator-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: kubernetes-kops-operator-manager-role -rules: -- apiGroups: - - "" - resources: - - events - verbs: - - create - - get - - list - - patch - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - get - - list - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - clusters - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - cluster.x-k8s.io - resources: - - clusters/finalizers - verbs: - - update -- apiGroups: - - cluster.x-k8s.io - resources: - - clusters/status - verbs: - - get - - patch - - update -- apiGroups: - - controlplane.cluster.x-k8s.io - resources: - - kopscontrolplanes - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - controlplane.cluster.x-k8s.io - resources: - - kopscontrolplanes/finalizers - verbs: - - update -- apiGroups: - - controlplane.cluster.x-k8s.io - resources: - - kopscontrolplanes/status - verbs: - - get - - patch - - update -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - kopsmachinepools - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - kopsmachinepools/finalizers - verbs: - - update -- apiGroups: - - infrastructure.cluster.x-k8s.io - resources: - - kopsmachinepools/status - verbs: - - get - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubernetes-kops-operator-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubernetes-kops-operator-proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kubernetes-kops-operator-leader-election-rolebinding - namespace: kubernetes-kops-operator-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kubernetes-kops-operator-leader-election-role -subjects: -- kind: ServiceAccount - name: kubernetes-kops-operator-controller-manager - namespace: kubernetes-kops-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-kops-operator-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubernetes-kops-operator-manager-role -subjects: -- kind: ServiceAccount - name: kubernetes-kops-operator-controller-manager - namespace: kubernetes-kops-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kubernetes-kops-operator-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kubernetes-kops-operator-proxy-role -subjects: -- kind: ServiceAccount - name: kubernetes-kops-operator-controller-manager - namespace: kubernetes-kops-operator-system ---- -apiVersion: v1 -data: - controller_manager_config.yaml: | - apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 - kind: ControllerManagerConfig - health: - healthProbeBindAddress: :8081 - metrics: - bindAddress: :8080 - webhook: - port: 9443 - leaderElection: - leaderElect: true - resourceName: a7b2d45c.cluster.x-k8s.io -kind: ConfigMap -metadata: - name: kubernetes-kops-operator-manager-config - namespace: kubernetes-kops-operator-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - name: kubernetes-kops-operator-controller-manager-metrics-service - namespace: kubernetes-kops-operator-system -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: controller-manager ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - control-plane: controller-manager - controller-class: dev - name: kubernetes-kops-operator-controller-manager-dev - namespace: kubernetes-kops-operator-system -spec: - replicas: 1 - selector: - matchLabels: - control-plane: controller-manager - controller-class: dev - template: - metadata: - annotations: - ad.datadoghq.com/manager.check_names: '["openmetrics"]' - ad.datadoghq.com/manager.init_configs: '[{}]' - ad.datadoghq.com/manager.instances: |- - [{ - "metrics": [ - "controller*", - "workqueue*" - ], - "namespace": "kopsoperator", - "prometheus_url": "http://%%host%%:8080/metrics", - "send_monotonic_counter": true, - "send_distribution_buckets": true - }] - labels: - control-plane: controller-manager - controller-class: dev - spec: - containers: - - args: - - -controller-class=dev - command: - - /manager - env: - - name: SPOTINST_TOKEN - valueFrom: - secretKeyRef: - key: token - name: spotinst-credentials - optional: true - - name: SPOTINST_ACCOUNT - valueFrom: - secretKeyRef: - key: account - name: spotinst-credentials - optional: true - - name: AWS_REGION - value: us-east-1 - image: tfgco/kubernetes-kops-operator:v0.10.0-alpha - livenessProbe: - httpGet: - path: /healthz - port: 8081 - initialDelaySeconds: 15 - periodSeconds: 20 - name: manager - readinessProbe: - httpGet: - path: /readyz - port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 - resources: - limits: - cpu: 4 - memory: 10Gi - requests: - cpu: 1 - ephemeral-storage: 14Gi - memory: 400Mi - securityContext: - allowPrivilegeEscalation: false - securityContext: - runAsNonRoot: true - serviceAccountName: kubernetes-kops-operator-controller-manager - terminationGracePeriodSeconds: 10 \ No newline at end of file From c1abd4db8fdb09108378abf7ba7d50213d97c5dd Mon Sep 17 00:00:00 2001 From: Rafael da Fonseca Date: Sat, 25 May 2024 09:16:40 +0100 Subject: [PATCH 2/6] Fix actions go version --- .github/workflows/go.yaml | 6 +++--- go.mod | 2 -- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/go.yaml b/.github/workflows/go.yaml index b3fb463..7195538 100644 --- a/.github/workflows/go.yaml +++ b/.github/workflows/go.yaml @@ -18,7 +18,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v2 with: - go-version: 1.19.4 + go-version: 1.21.9 - name: Run lint uses: golangci/golangci-lint-action@v3.1.0 @@ -35,7 +35,7 @@ jobs: - name: Set up Go uses: actions/setup-go@v2 with: - go-version: 1.19.4 + go-version: 1.21.9 - name: Install dependencies run: sudo apt update && sudo apt install make -y @@ -81,4 +81,4 @@ jobs: tags: | ${{ steps.meta.outputs.tags }} tfgco/${{ github.event.repository.name }}:latest - labels: ${{ steps.meta.outputs.labels }} \ No newline at end of file + labels: ${{ steps.meta.outputs.labels }} diff --git a/go.mod b/go.mod index 208af2d..3f48326 100644 --- a/go.mod +++ b/go.mod @@ -2,8 +2,6 @@ module github.com/topfreegames/kubernetes-crossplane-infrastructure-operator go 1.21 -toolchain go1.22.0 - replace k8s.io/code-generator => k8s.io/code-generator v0.21.0 require ( From 098b231cb96b659e907a2cd5988e9b30fc89a394 Mon Sep 17 00:00:00 2001 From: Rafael da Fonseca Date: Thu, 30 May 2024 16:49:56 +0100 Subject: [PATCH 3/6] Don't try to add SGs to terminating instances --- pkg/aws/ec2/vpc.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/aws/ec2/vpc.go b/pkg/aws/ec2/vpc.go index 17ec766..d05dcdf 100644 --- a/pkg/aws/ec2/vpc.go +++ b/pkg/aws/ec2/vpc.go @@ -77,7 +77,7 @@ func AttachSecurityGroupToInstances(ctx context.Context, ec2Client EC2Client, in } for _, instance := range instances { - if instance.State.Name == ec2types.InstanceStateNameTerminated || isSGAttached(instance.SecurityGroups, securityGroupID) { + if instance.State.Name == ec2types.InstanceStateNameTerminated || instance.State.Name == ec2types.InstanceStateNameShuttingDown || instance.State.Name == ec2types.InstanceStateNameStopping || isSGAttached(instance.SecurityGroups, securityGroupID) { continue } From 4f0651ca006c5507ad37a587bf672cf82e836527 Mon Sep 17 00:00:00 2001 From: Raphael Fonseca Date: Wed, 5 Jun 2024 19:48:11 -0300 Subject: [PATCH 4/6] fix: change finalizer suffix to sgID --- .../ec2.aws/securitygroup_controller.go | 22 +-- .../ec2.aws/securitygroup_controller_test.go | 126 ++++++++++-------- 2 files changed, 81 insertions(+), 67 deletions(-) diff --git a/internal/controller/ec2.aws/securitygroup_controller.go b/internal/controller/ec2.aws/securitygroup_controller.go index f298f1f..82bb2ca 100644 --- a/internal/controller/ec2.aws/securitygroup_controller.go +++ b/internal/controller/ec2.aws/securitygroup_controller.go @@ -70,8 +70,8 @@ const ( AnnotationKeyReconciliationPaused = "crossplane.io/paused" ) -func getFinalizerName(sgName string) string { - return securityGroupFinalizer + "/" + sgName +func getFinalizerName(sgId string) string { + return securityGroupFinalizer + "/" + sgId } // SecurityGroupReconciler reconciles a SecurityGroup object @@ -572,7 +572,7 @@ func (r *SecurityGroupReconciliation) reconcileDelete(ctx context.Context, sg *s r.log.Error(err, fmt.Sprintf("failed to detach sg %v from kmp %v at %v", r.sg.Name, key.Name, key.Namespace)) continue } - if controllerutil.ContainsFinalizer(&kmp, getFinalizerName(r.sg.Name)) { + if controllerutil.ContainsFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) { r.removeKMPFinalizer(ctx, kmp) } case "KopsControlPlane": @@ -843,7 +843,7 @@ func (r *SecurityGroupReconciliation) ensureAttachReferences(ctx context.Context } return resultError, err } - if !controllerutil.ContainsFinalizer(&kmp, getFinalizerName(r.sg.Name)) { + if !controllerutil.ContainsFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) { r.addKMPFinalizer(ctx, kmp) } case "KopsControlPlane": @@ -867,7 +867,7 @@ func (r *SecurityGroupReconciliation) ensureAttachReferences(ctx context.Context } return resultError, err } - if !controllerutil.ContainsFinalizer(&kcp, getFinalizerName(r.sg.Name)) { + if !controllerutil.ContainsFinalizer(&kcp, getFinalizerName(string(r.sg.UID))) { r.addKCPFinalizer(ctx, kcp, kmps...) } default: @@ -930,39 +930,39 @@ func (r *SecurityGroupReconciliation) ensureDetachRemovedReferences(ctx context. } func (r *SecurityGroupReconciliation) removeKMPFinalizer(ctx context.Context, kmp kinfrastructurev1alpha1.KopsMachinePool) { - controllerutil.RemoveFinalizer(&kmp, getFinalizerName(r.sg.Name)) + controllerutil.RemoveFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) if err := r.Update(ctx, &kmp); err != nil { r.Recorder.Eventf(r.sg, corev1.EventTypeWarning, "FailedToUpdate", "failed to remove finalizer in %s: %s", kmp.Name, err) } } func (r *SecurityGroupReconciliation) removeKCPFinalizer(ctx context.Context, kcp kcontrolplanev1alpha1.KopsControlPlane, kmps ...kinfrastructurev1alpha1.KopsMachinePool) { - controllerutil.RemoveFinalizer(&kcp, getFinalizerName(r.sg.Name)) + controllerutil.RemoveFinalizer(&kcp, getFinalizerName(string(r.sg.UID))) if err := r.Update(ctx, &kcp); err != nil { r.Recorder.Eventf(r.sg, corev1.EventTypeWarning, "FailedToUpdate", "failed to remove finalizer in %s: %s", kcp.Name, err) } for _, kmp := range kmps { - if controllerutil.ContainsFinalizer(&kmp, getFinalizerName(r.sg.Name)) { + if controllerutil.ContainsFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) { r.removeKMPFinalizer(ctx, kmp) } } } func (r *SecurityGroupReconciliation) addKMPFinalizer(ctx context.Context, kmp kinfrastructurev1alpha1.KopsMachinePool) { - controllerutil.AddFinalizer(&kmp, getFinalizerName(r.sg.Name)) + controllerutil.AddFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) if err := r.Update(ctx, &kmp); err != nil { r.Recorder.Eventf(r.sg, corev1.EventTypeWarning, "FailedToUpdate", "failed to add finalizer in %s: %s", kmp.Name, err) } } func (r *SecurityGroupReconciliation) addKCPFinalizer(ctx context.Context, kcp kcontrolplanev1alpha1.KopsControlPlane, kmps ...kinfrastructurev1alpha1.KopsMachinePool) { - controllerutil.AddFinalizer(&kcp, getFinalizerName(r.sg.Name)) + controllerutil.AddFinalizer(&kcp, getFinalizerName(string(r.sg.UID))) if err := r.Update(ctx, &kcp); err != nil { r.Recorder.Eventf(r.sg, corev1.EventTypeWarning, "FailedToUpdate", "failed to add finalizer in %s: %s", kcp.Name, err) } for _, kmp := range kmps { - if !controllerutil.ContainsFinalizer(&kmp, getFinalizerName(r.sg.Name)) { + if !controllerutil.ContainsFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) { r.addKMPFinalizer(ctx, kmp) } } diff --git a/internal/controller/ec2.aws/securitygroup_controller_test.go b/internal/controller/ec2.aws/securitygroup_controller_test.go index e278da3..45fd52f 100644 --- a/internal/controller/ec2.aws/securitygroup_controller_test.go +++ b/internal/controller/ec2.aws/securitygroup_controller_test.go @@ -64,6 +64,7 @@ var ( sg = &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -90,6 +91,7 @@ var ( anotherSg = &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-another-security-group", + UID: "test-another-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -116,6 +118,7 @@ var ( sgEmpty = &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{}, @@ -126,6 +129,7 @@ var ( sgKCP = &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -152,6 +156,7 @@ var ( anotherSgKCP = &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-another-security-group", + UID: "test-another-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -475,7 +480,7 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kcp.ObjectMeta.Name, Namespace: kcp.ObjectMeta.Namespace, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(sgKCP.ObjectMeta.Name), + FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), Expected: true, }, }, @@ -491,7 +496,7 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(sg.ObjectMeta.Name), + FinalizerName: getFinalizerName(string(sg.ObjectMeta.UID)), Expected: true, }, }, @@ -516,14 +521,14 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kcp.ObjectMeta.Name, Namespace: kcp.ObjectMeta.Namespace, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(sgKCP.ObjectMeta.Name), + FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), Expected: true, }, { Name: kcp.ObjectMeta.Name, Namespace: kcp.ObjectMeta.Namespace, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(anotherSgKCP.ObjectMeta.Name), + FinalizerName: getFinalizerName(string(anotherSgKCP.ObjectMeta.UID)), Expected: true, }, }, @@ -532,12 +537,13 @@ func TestSecurityGroupReconciler(t *testing.T) { description: "should keep only existing sg finalizers in kmp", k8sObjects: []client.Object{ cluster, defaultSecret, csg, anotherCsg, anotherSg, kcp, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-security-group"), getFinalizerName("test-another-security-group")}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid"), getFinalizerName("test-another-uid")}), &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", DeletionTimestamp: &metav1.Time{Time: time.Now()}, Finalizers: []string{"securitygroup.wildlife.infrastructure.io"}, + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -576,14 +582,14 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(anotherSg.ObjectMeta.Name), + FinalizerName: getFinalizerName(string(anotherSg.ObjectMeta.UID)), Expected: true, }, { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: false, }, }, @@ -592,13 +598,14 @@ func TestSecurityGroupReconciler(t *testing.T) { description: "should keep only existing sg finalizers in kcp and related kmps", k8sObjects: []client.Object{ cluster, defaultSecret, csg, anotherCsg, anotherSgKCP, - kcpWithFinalizer("test-cluster", []string{getFinalizerName("test-security-group"), getFinalizerName("test-another-security-group")}), - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-security-group"), getFinalizerName("test-another-security-group")}), + kcpWithFinalizer("test-cluster", []string{getFinalizerName("test-uid"), getFinalizerName("test-another-uid")}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid"), getFinalizerName("test-another-uid")}), &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", DeletionTimestamp: &metav1.Time{Time: time.Now()}, Finalizers: []string{"securitygroup.wildlife.infrastructure.io"}, + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -637,41 +644,41 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(anotherSgKCP.ObjectMeta.Name), + FinalizerName: getFinalizerName(string(anotherSgKCP.ObjectMeta.UID)), Expected: true, }, { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: false, }, { Name: "test-cluster", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(anotherSgKCP.ObjectMeta.Name), + FinalizerName: getFinalizerName(string(anotherSgKCP.ObjectMeta.UID)), Expected: true, }, { Name: "test-cluster", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: false, }, }, }, { - description: "should reconcile sg without changes on kmp", + description: "should reconcile sg without changes in kmp", k8sObjects: []client.Object{ cluster, defaultSecret, csg, sg, kcp, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-security-group")}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid")}), }, sgsToReconcile: []sgToReconcile{ { - Name: "test-security-group", + Name: sg.ObjectMeta.Name, ExpectedDeletion: false, }, }, @@ -680,7 +687,7 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName(string(sg.ObjectMeta.UID)), Expected: true, }, }, @@ -689,12 +696,12 @@ func TestSecurityGroupReconciler(t *testing.T) { description: "should reconcile sg without changes in kcp", k8sObjects: []client.Object{ cluster, defaultSecret, csg, sgKCP, - kcpWithFinalizer("test-cluster", []string{getFinalizerName("test-security-group")}), - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-security-group")}), + kcpWithFinalizer("test-cluster", []string{getFinalizerName(string(sgKCP.ObjectMeta.UID))}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(string(sgKCP.ObjectMeta.UID))}), }, sgsToReconcile: []sgToReconcile{ { - Name: "test-security-group", + Name: string(sgKCP.ObjectMeta.Name), ExpectedDeletion: false, }, }, @@ -703,14 +710,14 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), Expected: true, }, { Name: "test-cluster", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), Expected: true, }, }, @@ -734,14 +741,14 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(sgKCP.ObjectMeta.Name), + FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), Expected: false, }, { Name: kcp.ObjectMeta.Name, Namespace: kcp.ObjectMeta.Namespace, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(sgKCP.ObjectMeta.Name), + FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), Expected: false, }, }, @@ -765,7 +772,7 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(sg.ObjectMeta.Name), + FinalizerName: getFinalizerName(string(sg.ObjectMeta.UID)), Expected: false, }, }, @@ -875,6 +882,7 @@ func TestSecurityGroupReconciler(t *testing.T) { &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -942,14 +950,14 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: true, }, { Name: "test-another-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: false, }, }, @@ -2630,7 +2638,7 @@ func TestReconcileDelete(t *testing.T) { description: "should remove crossplane security group referencing kmp and remove finalizer", k8sObjects: []client.Object{ sg, csg, kcp, cluster, defaultSecret, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-security-group")}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(string(sg.ObjectMeta.UID))}), }, sgTarget: sg, FinalizersAt: []*ReferencedPool{ @@ -2638,7 +2646,7 @@ func TestReconcileDelete(t *testing.T) { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName(string(sg.ObjectMeta.UID)), Expected: false, }, }, @@ -2668,22 +2676,22 @@ func TestReconcileDelete(t *testing.T) { description: "should remove the crossplane security group referencing kcp and remove finalizer", k8sObjects: []client.Object{ sgKCP, csg, cluster, defaultSecret, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-security-group")}), - kcpWithFinalizer("test-cluster", []string{getFinalizerName("test-security-group")}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(string(sgKCP.ObjectMeta.UID))}), + kcpWithFinalizer("test-cluster", []string{getFinalizerName(string(sgKCP.ObjectMeta.UID))}), }, FinalizersAt: []*ReferencedPool{ { Name: "test-cluster", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), Expected: false, }, { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), Expected: false, }, }, @@ -3399,7 +3407,7 @@ func TestEnsureAttachReferences(t *testing.T) { "cluster.x-k8s.io/cluster-name": "test-cluster", }, Finalizers: []string{ - getFinalizerName("test-security-group"), + getFinalizerName("test-uid"), }, }, Spec: kinfrastructurev1alpha1.KopsMachinePoolSpec{ @@ -3416,6 +3424,7 @@ func TestEnsureAttachReferences(t *testing.T) { sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3461,14 +3470,14 @@ func TestEnsureAttachReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: true, }, { Name: "test-another-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: true, }, }, @@ -3483,6 +3492,7 @@ func TestEnsureAttachReferences(t *testing.T) { sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3528,28 +3538,28 @@ func TestEnsureAttachReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: true, }, { Name: "test-cluster", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: true, }, { Name: "test-another-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: true, }, { Name: "test-cluster-2", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: false, }, }, @@ -3709,7 +3719,7 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { "cluster.x-k8s.io/cluster-name": "test-cluster", }, Finalizers: []string{ - getFinalizerName("test-security-group"), + getFinalizerName("test-uid"), }, }, Spec: kinfrastructurev1alpha1.KopsMachinePoolSpec{ @@ -3730,7 +3740,7 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { "cluster.x-k8s.io/cluster-name": "test-cluster", }, Finalizers: []string{ - getFinalizerName("test-security-group"), + getFinalizerName("test-uid"), }, }, Spec: kinfrastructurev1alpha1.KopsMachinePoolSpec{ @@ -3747,6 +3757,7 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3792,14 +3803,14 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: true, }, { Name: "test-another-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: false, }, }, @@ -3808,12 +3819,13 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { description: "should detach sg from kcp", k8sObjects: []client.Object{ defaultSecret, kcp, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-security-group")}), - kcpWithFinalizer("test-cluster-2", []string{getFinalizerName("test-security-group")}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid")}), + kcpWithFinalizer("test-cluster-2", []string{getFinalizerName("test-uid")}), }, sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3859,14 +3871,14 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: true, }, { Name: "test-cluster-2", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: false, }, }, @@ -3875,12 +3887,13 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { description: "should detach sg from both kcp and kmp ", k8sObjects: []client.Object{ defaultSecret, kcp, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-security-group")}), - kcpWithFinalizer("test-cluster-2", []string{getFinalizerName("test-security-group")}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid")}), + kcpWithFinalizer("test-cluster-2", []string{getFinalizerName("test-uid")}), }, sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3919,14 +3932,14 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: false, }, { Name: "test-cluster-2", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: false, }, }, @@ -3935,12 +3948,13 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { description: "should not detach anything", k8sObjects: []client.Object{ defaultSecret, kcp, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-security-group")}), - kcpWithFinalizer("test-cluster-2", []string{getFinalizerName("test-security-group")}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid")}), + kcpWithFinalizer("test-cluster-2", []string{getFinalizerName("test-uid")}), }, sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", + UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3992,14 +4006,14 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: true, }, { Name: "test-cluster-2", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-security-group"), + FinalizerName: getFinalizerName("test-uid"), Expected: true, }, }, From 8feb409ef70159aa70f49203414519ee8e7ca35c Mon Sep 17 00:00:00 2001 From: Raphael Fonseca Date: Thu, 6 Jun 2024 17:29:39 -0300 Subject: [PATCH 5/6] fix: sgID instead of UID --- .../ec2.aws/securitygroup_controller.go | 46 +++--- .../ec2.aws/securitygroup_controller_test.go | 139 ++++++++---------- 2 files changed, 88 insertions(+), 97 deletions(-) diff --git a/internal/controller/ec2.aws/securitygroup_controller.go b/internal/controller/ec2.aws/securitygroup_controller.go index 82bb2ca..44c7cd2 100644 --- a/internal/controller/ec2.aws/securitygroup_controller.go +++ b/internal/controller/ec2.aws/securitygroup_controller.go @@ -70,8 +70,8 @@ const ( AnnotationKeyReconciliationPaused = "crossplane.io/paused" ) -func getFinalizerName(sgId string) string { - return securityGroupFinalizer + "/" + sgId +func getFinalizerName(sgID string) string { + return securityGroupFinalizer + "/" + sgID } // SecurityGroupReconciler reconciles a SecurityGroup object @@ -572,8 +572,8 @@ func (r *SecurityGroupReconciliation) reconcileDelete(ctx context.Context, sg *s r.log.Error(err, fmt.Sprintf("failed to detach sg %v from kmp %v at %v", r.sg.Name, key.Name, key.Namespace)) continue } - if controllerutil.ContainsFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) { - r.removeKMPFinalizer(ctx, kmp) + if controllerutil.ContainsFinalizer(&kmp, getFinalizerName(csg.Status.AtProvider.SecurityGroupID)) { + r.removeKMPFinalizer(ctx, csg, kmp) } case "KopsControlPlane": kcp := kcontrolplanev1alpha1.KopsControlPlane{} @@ -604,7 +604,7 @@ func (r *SecurityGroupReconciliation) reconcileDelete(ctx context.Context, sg *s r.log.Error(err, fmt.Sprintf("failed to detach sg %v from kmps of %v", r.sg.Name, kcp.Name)) } - r.removeKCPFinalizer(ctx, kcp, kmps...) + r.removeKCPFinalizer(ctx, kcp, csg, kmps...) default: return resultError, fmt.Errorf("infrastructureRef not supported") } @@ -843,8 +843,8 @@ func (r *SecurityGroupReconciliation) ensureAttachReferences(ctx context.Context } return resultError, err } - if !controllerutil.ContainsFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) { - r.addKMPFinalizer(ctx, kmp) + if !controllerutil.ContainsFinalizer(&kmp, getFinalizerName(csg.Status.AtProvider.SecurityGroupID)) { + r.addKMPFinalizer(ctx, csg, kmp) } case "KopsControlPlane": kcp := kcontrolplanev1alpha1.KopsControlPlane{} @@ -867,8 +867,8 @@ func (r *SecurityGroupReconciliation) ensureAttachReferences(ctx context.Context } return resultError, err } - if !controllerutil.ContainsFinalizer(&kcp, getFinalizerName(string(r.sg.UID))) { - r.addKCPFinalizer(ctx, kcp, kmps...) + if !controllerutil.ContainsFinalizer(&kcp, getFinalizerName(csg.Status.AtProvider.SecurityGroupID)) { + r.addKCPFinalizer(ctx, kcp, csg, kmps...) } default: return resultError, fmt.Errorf("infrastructureRef not supported") @@ -900,7 +900,7 @@ func (r *SecurityGroupReconciliation) ensureDetachRemovedReferences(ctx context. if err != nil { return resultError, err } - r.removeKMPFinalizer(ctx, kmp) + r.removeKMPFinalizer(ctx, csg, kmp) case "KopsControlPlane": kcp := kcontrolplanev1alpha1.KopsControlPlane{} key := client.ObjectKey{ @@ -920,7 +920,7 @@ func (r *SecurityGroupReconciliation) ensureDetachRemovedReferences(ctx context. if err != nil { return resultError, err } - r.removeKCPFinalizer(ctx, kcp, kmps...) + r.removeKCPFinalizer(ctx, kcp, csg, kmps...) default: continue } @@ -929,41 +929,41 @@ func (r *SecurityGroupReconciliation) ensureDetachRemovedReferences(ctx context. return resultDefault, nil } -func (r *SecurityGroupReconciliation) removeKMPFinalizer(ctx context.Context, kmp kinfrastructurev1alpha1.KopsMachinePool) { - controllerutil.RemoveFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) +func (r *SecurityGroupReconciliation) removeKMPFinalizer(ctx context.Context, csg *crossec2v1beta1.SecurityGroup, kmp kinfrastructurev1alpha1.KopsMachinePool) { + controllerutil.RemoveFinalizer(&kmp, getFinalizerName(csg.Status.AtProvider.SecurityGroupID)) if err := r.Update(ctx, &kmp); err != nil { r.Recorder.Eventf(r.sg, corev1.EventTypeWarning, "FailedToUpdate", "failed to remove finalizer in %s: %s", kmp.Name, err) } } -func (r *SecurityGroupReconciliation) removeKCPFinalizer(ctx context.Context, kcp kcontrolplanev1alpha1.KopsControlPlane, kmps ...kinfrastructurev1alpha1.KopsMachinePool) { - controllerutil.RemoveFinalizer(&kcp, getFinalizerName(string(r.sg.UID))) +func (r *SecurityGroupReconciliation) removeKCPFinalizer(ctx context.Context, kcp kcontrolplanev1alpha1.KopsControlPlane, csg *crossec2v1beta1.SecurityGroup, kmps ...kinfrastructurev1alpha1.KopsMachinePool) { + controllerutil.RemoveFinalizer(&kcp, getFinalizerName(csg.Status.AtProvider.SecurityGroupID)) if err := r.Update(ctx, &kcp); err != nil { r.Recorder.Eventf(r.sg, corev1.EventTypeWarning, "FailedToUpdate", "failed to remove finalizer in %s: %s", kcp.Name, err) } for _, kmp := range kmps { - if controllerutil.ContainsFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) { - r.removeKMPFinalizer(ctx, kmp) + if controllerutil.ContainsFinalizer(&kmp, getFinalizerName(csg.Status.AtProvider.SecurityGroupID)) { + r.removeKMPFinalizer(ctx, csg, kmp) } } } -func (r *SecurityGroupReconciliation) addKMPFinalizer(ctx context.Context, kmp kinfrastructurev1alpha1.KopsMachinePool) { - controllerutil.AddFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) +func (r *SecurityGroupReconciliation) addKMPFinalizer(ctx context.Context, csg *crossec2v1beta1.SecurityGroup, kmp kinfrastructurev1alpha1.KopsMachinePool) { + controllerutil.AddFinalizer(&kmp, getFinalizerName(csg.Status.AtProvider.SecurityGroupID)) if err := r.Update(ctx, &kmp); err != nil { r.Recorder.Eventf(r.sg, corev1.EventTypeWarning, "FailedToUpdate", "failed to add finalizer in %s: %s", kmp.Name, err) } } -func (r *SecurityGroupReconciliation) addKCPFinalizer(ctx context.Context, kcp kcontrolplanev1alpha1.KopsControlPlane, kmps ...kinfrastructurev1alpha1.KopsMachinePool) { - controllerutil.AddFinalizer(&kcp, getFinalizerName(string(r.sg.UID))) +func (r *SecurityGroupReconciliation) addKCPFinalizer(ctx context.Context, kcp kcontrolplanev1alpha1.KopsControlPlane, csg *crossec2v1beta1.SecurityGroup, kmps ...kinfrastructurev1alpha1.KopsMachinePool) { + controllerutil.AddFinalizer(&kcp, getFinalizerName(csg.Status.AtProvider.SecurityGroupID)) if err := r.Update(ctx, &kcp); err != nil { r.Recorder.Eventf(r.sg, corev1.EventTypeWarning, "FailedToUpdate", "failed to add finalizer in %s: %s", kcp.Name, err) } for _, kmp := range kmps { - if !controllerutil.ContainsFinalizer(&kmp, getFinalizerName(string(r.sg.UID))) { - r.addKMPFinalizer(ctx, kmp) + if !controllerutil.ContainsFinalizer(&kmp, getFinalizerName(csg.Status.AtProvider.SecurityGroupID)) { + r.addKMPFinalizer(ctx, csg, kmp) } } } diff --git a/internal/controller/ec2.aws/securitygroup_controller_test.go b/internal/controller/ec2.aws/securitygroup_controller_test.go index 45fd52f..5967481 100644 --- a/internal/controller/ec2.aws/securitygroup_controller_test.go +++ b/internal/controller/ec2.aws/securitygroup_controller_test.go @@ -64,7 +64,6 @@ var ( sg = &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -91,7 +90,6 @@ var ( anotherSg = &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-another-security-group", - UID: "test-another-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -118,7 +116,6 @@ var ( sgEmpty = &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{}, @@ -129,7 +126,6 @@ var ( sgKCP = &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -156,7 +152,6 @@ var ( anotherSgKCP = &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-another-security-group", - UID: "test-another-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -217,7 +212,7 @@ var ( }, }, AtProvider: crossec2v1beta1.SecurityGroupObservation{ - SecurityGroupID: "sg-1", + SecurityGroupID: "sg-2", }, }, } @@ -480,7 +475,7 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kcp.ObjectMeta.Name, Namespace: kcp.ObjectMeta.Namespace, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, }, @@ -496,7 +491,7 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(string(sg.ObjectMeta.UID)), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, }, @@ -521,14 +516,14 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kcp.ObjectMeta.Name, Namespace: kcp.ObjectMeta.Namespace, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: kcp.ObjectMeta.Name, Namespace: kcp.ObjectMeta.Namespace, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(string(anotherSgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName(anotherCsg.Status.AtProvider.SecurityGroupID), Expected: true, }, }, @@ -537,13 +532,13 @@ func TestSecurityGroupReconciler(t *testing.T) { description: "should keep only existing sg finalizers in kmp", k8sObjects: []client.Object{ cluster, defaultSecret, csg, anotherCsg, anotherSg, kcp, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid"), getFinalizerName("test-another-uid")}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", + []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID), getFinalizerName(anotherCsg.Status.AtProvider.SecurityGroupID)}), &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", DeletionTimestamp: &metav1.Time{Time: time.Now()}, Finalizers: []string{"securitygroup.wildlife.infrastructure.io"}, - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -582,14 +577,14 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(string(anotherSg.ObjectMeta.UID)), + FinalizerName: getFinalizerName(anotherCsg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, }, @@ -598,14 +593,15 @@ func TestSecurityGroupReconciler(t *testing.T) { description: "should keep only existing sg finalizers in kcp and related kmps", k8sObjects: []client.Object{ cluster, defaultSecret, csg, anotherCsg, anotherSgKCP, - kcpWithFinalizer("test-cluster", []string{getFinalizerName("test-uid"), getFinalizerName("test-another-uid")}), - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid"), getFinalizerName("test-another-uid")}), + kcpWithFinalizer("test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID), + getFinalizerName(anotherCsg.Status.AtProvider.SecurityGroupID)}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID), + getFinalizerName(anotherCsg.Status.AtProvider.SecurityGroupID)}), &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", DeletionTimestamp: &metav1.Time{Time: time.Now()}, Finalizers: []string{"securitygroup.wildlife.infrastructure.io"}, - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -644,28 +640,28 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(string(anotherSgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName(anotherCsg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, { Name: "test-cluster", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(string(anotherSgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName(anotherCsg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-cluster", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, }, @@ -674,7 +670,7 @@ func TestSecurityGroupReconciler(t *testing.T) { description: "should reconcile sg without changes in kmp", k8sObjects: []client.Object{ cluster, defaultSecret, csg, sg, kcp, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid")}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), }, sgsToReconcile: []sgToReconcile{ { @@ -687,7 +683,7 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(string(sg.ObjectMeta.UID)), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, }, @@ -696,8 +692,8 @@ func TestSecurityGroupReconciler(t *testing.T) { description: "should reconcile sg without changes in kcp", k8sObjects: []client.Object{ cluster, defaultSecret, csg, sgKCP, - kcpWithFinalizer("test-cluster", []string{getFinalizerName(string(sgKCP.ObjectMeta.UID))}), - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(string(sgKCP.ObjectMeta.UID))}), + kcpWithFinalizer("test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), }, sgsToReconcile: []sgToReconcile{ { @@ -710,14 +706,14 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-cluster", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, }, @@ -741,14 +737,14 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName("sg-1"), Expected: false, }, { Name: kcp.ObjectMeta.Name, Namespace: kcp.ObjectMeta.Namespace, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName("sg-1"), Expected: false, }, }, @@ -772,7 +768,7 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(string(sg.ObjectMeta.UID)), + FinalizerName: getFinalizerName("sg-1"), Expected: false, }, }, @@ -882,7 +878,6 @@ func TestSecurityGroupReconciler(t *testing.T) { &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -930,7 +925,7 @@ func TestSecurityGroupReconciler(t *testing.T) { "cluster.x-k8s.io/cluster-name": "test-cluster", }, Finalizers: []string{ - getFinalizerName("test-security-group"), + getFinalizerName(csg.Status.AtProvider.SecurityGroupID), }, }, Spec: kinfrastructurev1alpha1.KopsMachinePoolSpec{ @@ -950,14 +945,14 @@ func TestSecurityGroupReconciler(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-another-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, }, @@ -2638,7 +2633,7 @@ func TestReconcileDelete(t *testing.T) { description: "should remove crossplane security group referencing kmp and remove finalizer", k8sObjects: []client.Object{ sg, csg, kcp, cluster, defaultSecret, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(string(sg.ObjectMeta.UID))}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), }, sgTarget: sg, FinalizersAt: []*ReferencedPool{ @@ -2646,7 +2641,7 @@ func TestReconcileDelete(t *testing.T) { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(string(sg.ObjectMeta.UID)), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, }, @@ -2676,22 +2671,22 @@ func TestReconcileDelete(t *testing.T) { description: "should remove the crossplane security group referencing kcp and remove finalizer", k8sObjects: []client.Object{ sgKCP, csg, cluster, defaultSecret, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(string(sgKCP.ObjectMeta.UID))}), - kcpWithFinalizer("test-cluster", []string{getFinalizerName(string(sgKCP.ObjectMeta.UID))}), + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), + kcpWithFinalizer("test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), }, FinalizersAt: []*ReferencedPool{ { Name: "test-cluster", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, { Name: "test-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName(string(sgKCP.ObjectMeta.UID)), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, }, @@ -3399,6 +3394,7 @@ func TestEnsureAttachReferences(t *testing.T) { defaultSecret, kmp, kcp, + csg, &kinfrastructurev1alpha1.KopsMachinePool{ ObjectMeta: metav1.ObjectMeta{ Namespace: metav1.NamespaceDefault, @@ -3407,7 +3403,7 @@ func TestEnsureAttachReferences(t *testing.T) { "cluster.x-k8s.io/cluster-name": "test-cluster", }, Finalizers: []string{ - getFinalizerName("test-uid"), + getFinalizerName(csg.Status.AtProvider.SecurityGroupID), }, }, Spec: kinfrastructurev1alpha1.KopsMachinePoolSpec{ @@ -3424,7 +3420,6 @@ func TestEnsureAttachReferences(t *testing.T) { sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3470,14 +3465,14 @@ func TestEnsureAttachReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-another-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, }, @@ -3485,14 +3480,13 @@ func TestEnsureAttachReferences(t *testing.T) { { description: "should attach sg to kcp and to related kmps and attach sg to one single kmp but not to his kcp", k8sObjects: []client.Object{ - defaultSecret, kmp, kcp, - kmpWithFinalizer("test-another-kops-machine-pool", "test-cluster-2", []string{"test-security-group"}), + defaultSecret, kmp, kcp, csg, + kmpWithFinalizer("test-another-kops-machine-pool", "test-cluster-2", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), kcpWithFinalizer("test-cluster-2", []string{}), }, sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3538,28 +3532,28 @@ func TestEnsureAttachReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-cluster", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-another-kops-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-cluster-2", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, }, @@ -3711,6 +3705,7 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { description: "should detach sg from kmp", k8sObjects: []client.Object{ defaultSecret, + csg, &kinfrastructurev1alpha1.KopsMachinePool{ ObjectMeta: metav1.ObjectMeta{ Namespace: metav1.NamespaceDefault, @@ -3719,7 +3714,7 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { "cluster.x-k8s.io/cluster-name": "test-cluster", }, Finalizers: []string{ - getFinalizerName("test-uid"), + getFinalizerName(csg.Status.AtProvider.SecurityGroupID), }, }, Spec: kinfrastructurev1alpha1.KopsMachinePoolSpec{ @@ -3740,7 +3735,7 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { "cluster.x-k8s.io/cluster-name": "test-cluster", }, Finalizers: []string{ - getFinalizerName("test-uid"), + getFinalizerName(csg.Status.AtProvider.SecurityGroupID), }, }, Spec: kinfrastructurev1alpha1.KopsMachinePoolSpec{ @@ -3757,7 +3752,6 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3803,14 +3797,14 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-another-machine-pool", Namespace: metav1.NamespaceDefault, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, }, @@ -3818,14 +3812,13 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { { description: "should detach sg from kcp", k8sObjects: []client.Object{ - defaultSecret, kcp, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid")}), - kcpWithFinalizer("test-cluster-2", []string{getFinalizerName("test-uid")}), + defaultSecret, kcp, csg, + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), + kcpWithFinalizer("test-cluster-2", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), }, sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3871,14 +3864,14 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-cluster-2", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, }, @@ -3886,14 +3879,13 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { { description: "should detach sg from both kcp and kmp ", k8sObjects: []client.Object{ - defaultSecret, kcp, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid")}), - kcpWithFinalizer("test-cluster-2", []string{getFinalizerName("test-uid")}), + defaultSecret, kcp, csg, + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), + kcpWithFinalizer("test-cluster-2", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), }, sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -3932,14 +3924,14 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, { Name: "test-cluster-2", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: false, }, }, @@ -3947,14 +3939,13 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { { description: "should not detach anything", k8sObjects: []client.Object{ - defaultSecret, kcp, - kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName("test-uid")}), - kcpWithFinalizer("test-cluster-2", []string{getFinalizerName("test-uid")}), + defaultSecret, kcp, csg, + kmpWithFinalizer("test-kops-machine-pool", "test-cluster", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), + kcpWithFinalizer("test-cluster-2", []string{getFinalizerName(csg.Status.AtProvider.SecurityGroupID)}), }, sg: &securitygroupv1alpha2.SecurityGroup{ ObjectMeta: metav1.ObjectMeta{ Name: "test-security-group", - UID: "test-uid", }, Spec: securitygroupv1alpha2.SecurityGroupSpec{ IngressRules: []securitygroupv1alpha2.IngressRule{ @@ -4006,14 +3997,14 @@ func TestEnsureDetachRemovedReferences(t *testing.T) { Name: kmp.ObjectMeta.Name, Namespace: kmp.ObjectMeta.Namespace, Kind: "KopsMachinePool", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, { Name: "test-cluster-2", Namespace: metav1.NamespaceDefault, Kind: "KopsControlPlane", - FinalizerName: getFinalizerName("test-uid"), + FinalizerName: getFinalizerName(csg.Status.AtProvider.SecurityGroupID), Expected: true, }, }, From 6d052aa60e6e3243b1cb944e1028edb18fde96eb Mon Sep 17 00:00:00 2001 From: Raphael Fonseca Date: Fri, 7 Jun 2024 15:02:31 -0300 Subject: [PATCH 6/6] chore: bump kustomize version --- config/manager/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 9a6a016..8dcba8b 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: tfgco/kubernetes-crossplane-infrastructure-operator - newTag: v0.7.1-alpha + newTag: v0.8.3-alpha