From dd75c1ed9124ce2b551a257bc0dc3170c45fcc35 Mon Sep 17 00:00:00 2001 From: Peter Rifel Date: Thu, 30 Jul 2020 03:21:25 +0000 Subject: [PATCH] make apimachinery crds gomod, update-expected.sh --- k8s/crds/kops.k8s.io_clusters.yaml | 2035 +++++------------ k8s/crds/kops.k8s.io_instancegroups.yaml | 444 +--- k8s/crds/kops.k8s.io_keysets.yaml | 26 +- k8s/crds/kops.k8s.io_sshcredentials.yaml | 8 +- .../clientset/fake/register.go | 2 +- .../internalclientset/fake/register.go | 2 +- .../etcdmanager/tests/minimal/tasks.yaml | 18 +- .../tests/old_versions_mount_hosts/tasks.yaml | 18 +- .../tests/overwrite_settings/tasks.yaml | 18 +- .../etcdmanager/tests/proxy/tasks.yaml | 18 +- .../main/etcd_env_vars.yaml | 3 +- .../build_etcd_manifest/main/non_tls.yaml | 3 +- .../build_etcd_manifest/main/tls.yaml | 3 +- .../amazonvpc/manifest.yaml | 4 +- .../awsiamauthenticator/manifest.yaml | 4 +- .../cilium/manifest.yaml | 4 +- .../simple/manifest.yaml | 4 +- .../weave/manifest.yaml | 4 +- 18 files changed, 746 insertions(+), 1872 deletions(-) diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml index b5a55d9e27..d12befdc46 100644 --- a/k8s/crds/kops.k8s.io_clusters.yaml +++ b/k8s/crds/kops.k8s.io_clusters.yaml @@ -21,14 +21,10 @@ spec: openAPIV3Schema: properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -39,10 +35,7 @@ spec: description: DisableSubnetTags controls if subnets are tagged in AWS type: boolean additionalNetworkCIDRs: - description: AdditionalNetworkCIDRs is a list of additional CIDR used - for the AWS VPC or otherwise allocated to k8s. This is a real CIDR, - not the internal k8s network On AWS, it maps to any additional CIDRs - added to a VPC. + description: AdditionalNetworkCIDRs is a list of additional CIDR used for the AWS VPC or otherwise allocated to k8s. This is a real CIDR, not the internal k8s network On AWS, it maps to any additional CIDRs added to a VPC. items: type: string type: array @@ -52,65 +45,52 @@ spec: description: Additional policies to add for roles type: object additionalSans: - description: AdditionalSANs adds additional Subject Alternate Names - to apiserver cert that kops generates + description: AdditionalSANs adds additional Subject Alternate Names to apiserver cert that kops generates items: type: string type: array addons: description: Additional addons that should be installed on the cluster items: - description: AddonSpec defines an addon that we want to install - in the cluster + description: AddonSpec defines an addon that we want to install in the cluster properties: manifest: - description: Manifest is a path to the manifest that defines - the addon + description: Manifest is a path to the manifest that defines the addon type: string type: object type: array api: - description: API field controls how the API is exposed outside the - cluster + description: API field controls how the API is exposed outside the cluster properties: dns: - description: DNS will be used to provide config on kube-apiserver - ELB DNS + description: DNS will be used to provide config on kube-apiserver ELB DNS type: object loadBalancer: - description: LoadBalancer is the configuration for the kube-apiserver - ELB + description: LoadBalancer is the configuration for the kube-apiserver ELB properties: additionalSecurityGroups: - description: AdditionalSecurityGroups attaches additional - security groups (e.g. sg-123456). + description: AdditionalSecurityGroups attaches additional security groups (e.g. sg-123456). items: type: string type: array crossZoneLoadBalancing: - description: CrossZoneLoadBalancing allows you to enable the - cross zone load balancing + description: CrossZoneLoadBalancing allows you to enable the cross zone load balancing type: boolean idleTimeoutSeconds: - description: IdleTimeoutSeconds sets the timeout of the api - loadbalancer. + description: IdleTimeoutSeconds sets the timeout of the api loadbalancer. format: int64 type: integer securityGroupOverride: - description: SecurityGroupOverride overrides the default Kops - created SG for the load balancer. + description: SecurityGroupOverride overrides the default Kops created SG for the load balancer. type: string sslCertificate: - description: SSLCertificate allows you to specify the ACM - cert to be used the LB + description: SSLCertificate allows you to specify the ACM cert to be used the LB type: string type: - description: Type of load balancer to create may Public or - Internal. + description: Type of load balancer to create may Public or Internal. type: string useForInternalApi: - description: UseForInternalApi indicates whether the LB should - be used by the kubelet + description: UseForInternalApi indicates whether the LB should be used by the kubelet type: boolean type: object type: object @@ -118,66 +98,55 @@ spec: description: Alternative locations for files and containers properties: containerProxy: - description: ContainerProxy is a url for a pull-through proxy - of a docker registry + description: ContainerProxy is a url for a pull-through proxy of a docker registry type: string containerRegistry: description: ContainerRegistry is a url for to a docker registry type: string fileRepository: - description: FileRepository is the url for a private file serving - repository + description: FileRepository is the url for a private file serving repository type: string type: object authentication: - description: Authentication field controls how the cluster is configured - for authentication + description: Authentication field controls how the cluster is configured for authentication properties: aws: properties: backendMode: - description: BackendMode is the AWS IAM Authenticator backend - to use. Default MountedFile + description: BackendMode is the AWS IAM Authenticator backend to use. Default MountedFile type: string clusterID: - description: ClusterID identifies the cluster performing authentication - to prevent certain replay attacks. Default master public - DNS name + description: ClusterID identifies the cluster performing authentication to prevent certain replay attacks. Default master public DNS name type: string cpuLimit: anyOf: - type: integer - type: string - description: CPULimit CPU limit of AWS IAM Authenticator container. - Default 10m + description: CPULimit CPU limit of AWS IAM Authenticator container. Default 10m pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true cpuRequest: anyOf: - type: integer - type: string - description: CPURequest CPU request of AWS IAM Authenticator - container. Default 10m + description: CPURequest CPU request of AWS IAM Authenticator container. Default 10m pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true image: - description: Image is the AWS IAM Authenticator docker image - to uses + description: Image is the AWS IAM Authenticator docker image to uses type: string memoryLimit: anyOf: - type: integer - type: string - description: MemoryLimit memory limit of AWS IAM Authenticator - container. Default 20Mi + description: MemoryLimit memory limit of AWS IAM Authenticator container. Default 20Mi pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memoryRequest: anyOf: - type: integer - type: string - description: MemoryRequest memory request of AWS IAM Authenticator - container. Default 20Mi + description: MemoryRequest memory request of AWS IAM Authenticator container. Default 20Mi pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object @@ -185,8 +154,7 @@ spec: type: object type: object authorization: - description: Authorization field controls how the cluster is configured - for authorization + description: Authorization field controls how the cluster is configured for authorization properties: alwaysAllow: type: object @@ -205,8 +173,7 @@ spec: elbSecurityGroup: type: string gceServiceAccount: - description: GCEServiceAccount specifies the service account with - which the GCE VM runs + description: GCEServiceAccount specifies the service account with which the GCE VM runs type: string multizone: description: GCE cloud-config options @@ -223,8 +190,7 @@ spec: bs-version: type: string createStorageClass: - description: CreateStorageClass provisions a default class - for the Cinder plugin + description: CreateStorageClass provisions a default class for the Cinder plugin type: boolean ignore-volume-az: type: boolean @@ -234,8 +200,7 @@ spec: insecureSkipVerify: type: boolean loadbalancer: - description: OpenstackLoadbalancerConfig defines the config - for a neutron loadbalancer + description: OpenstackLoadbalancerConfig defines the config for a neutron loadbalancer properties: floatingNetwork: type: string @@ -255,8 +220,7 @@ spec: type: boolean type: object monitor: - description: OpenstackMonitor defines the config for a health - monitor + description: OpenstackMonitor defines the config for a health monitor properties: delay: type: string @@ -282,46 +246,35 @@ spec: description: Spotinst cloud-config specs type: string vSphereCoreDNSServer: - description: VSphereCoreDNSServer is deprecated and will be removed - in a later version + description: VSphereCoreDNSServer is deprecated and will be removed in a later version type: string vSphereDatacenter: - description: VShpereDatacenter is deprecated and will be removed - in a later version + description: VShpereDatacenter is deprecated and will be removed in a later version type: string vSphereDatastore: - description: VSphereDatastore is deprecated and will be removed - in a later version + description: VSphereDatastore is deprecated and will be removed in a later version type: string vSpherePassword: - description: VSpherePassword is deprecated and will be removed - in a later version + description: VSpherePassword is deprecated and will be removed in a later version type: string vSphereResourcePool: - description: VSphereResourcePool is deprecated and will be removed - in a later version + description: VSphereResourcePool is deprecated and will be removed in a later version type: string vSphereServer: - description: VSphereServer is deprecated and will be removed in - a later version + description: VSphereServer is deprecated and will be removed in a later version type: string vSphereUsername: - description: VSphereUsername is deprecated and will be removed - in a later version + description: VSphereUsername is deprecated and will be removed in a later version type: string type: object cloudControllerManager: - description: CloudControllerManagerConfig is the configuration of - the cloud controller + description: CloudControllerManagerConfig is the configuration of the cloud controller properties: allocateNodeCIDRs: - description: AllocateNodeCIDRs enables CIDRs for Pods to be allocated - and, if ConfigureCloudRoutes is true, to be set on the cloud - provider. + description: AllocateNodeCIDRs enables CIDRs for Pods to be allocated and, if ConfigureCloudRoutes is true, to be set on the cloud provider. type: boolean cidrAllocatorType: - description: CIDRAllocatorType specifies the type of CIDR allocator - to use. + description: CIDRAllocatorType specifies the type of CIDR allocator to use. type: string cloudProvider: description: CloudProvider is the provider for cloud services. @@ -333,54 +286,34 @@ spec: description: ClusterName is the instance prefix for the cluster. type: string configureCloudRoutes: - description: ConfigureCloudRoutes enables CIDRs allocated with - to be configured on the cloud provider. + description: ConfigureCloudRoutes enables CIDRs allocated with to be configured on the cloud provider. type: boolean image: description: Image is the OCI image of the cloud controller manager. type: string leaderElection: - description: LeaderElection defines the configuration of leader - election client. + description: LeaderElection defines the configuration of leader election client. properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: leaderElect enables a leader election client to gain leadership before executing the main loop. Enable this when running replicated components for high availability. type: boolean leaderElectLeaseDuration: - description: leaderElectLeaseDuration is the length in time - non-leader candidates will wait after observing a leadership - renewal until attempting to acquire leadership of a led - but unrenewed leader slot. This is effectively the maximum - duration that a leader can be stopped before it is replaced - by another candidate + description: leaderElectLeaseDuration is the length in time non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate type: string leaderElectRenewDeadlineDuration: - description: LeaderElectRenewDeadlineDuration is the interval - between attempts by the acting master to renew a leadership - slot before it stops leading. This must be less than or - equal to the lease duration. + description: LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. type: string leaderElectResourceLock: - description: LeaderElectResourceLock is the type of resource - object that is used for locking during leader election. - Supported options are endpoints (default) and `configmaps`. + description: LeaderElectResourceLock is the type of resource object that is used for locking during leader election. Supported options are endpoints (default) and `configmaps`. type: string leaderElectResourceName: - description: LeaderElectResourceName is the name of resource - object that is used for locking during leader election. + description: LeaderElectResourceName is the name of resource object that is used for locking during leader election. type: string leaderElectResourceNamespace: - description: LeaderElectResourceNamespace is the namespace - of resource object that is used for locking during leader - election. + description: LeaderElectResourceNamespace is the namespace of resource object that is used for locking during leader election. type: string leaderElectRetryPeriod: - description: LeaderElectRetryPeriod is The duration the clients - should wait between attempting acquisition and renewal of - a leadership. This is only applicable if leader election - is enabled. + description: LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. type: string type: object logLevel: @@ -391,8 +324,7 @@ spec: description: Master is the url for the kube api master. type: string useServiceAccountCredentials: - description: UseServiceAccountCredentials controls whether we - use individual service account credentials for each controller. + description: UseServiceAccountCredentials controls whether we use individual service account credentials for each controller. type: boolean type: object cloudLabels: @@ -404,19 +336,13 @@ spec: description: The CloudProvider to use (aws or gce) type: string clusterDNSDomain: - description: ClusterDNSDomain is the suffix we use for internal DNS - names (normally cluster.local) + description: ClusterDNSDomain is the suffix we use for internal DNS names (normally cluster.local) type: string configBase: - description: ConfigBase is the path where we store configuration for - the cluster This might be different that the location when the cluster - spec itself is stored, both because this must be accessible to the - cluster, and because it might be on a different cloud or storage - system (etcd vs S3) + description: ConfigBase is the path where we store configuration for the cluster This might be different that the location when the cluster spec itself is stored, both because this must be accessible to the cluster, and because it might be on a different cloud or storage system (etcd vs S3) type: string configStore: - description: ConfigStore is the VFS path to where the configuration - (Cluster, InstanceGroups etc) is stored + description: ConfigStore is the VFS path to where the configuration (Cluster, InstanceGroups etc) is stored type: string containerRuntime: description: Container runtime to use for Kubernetes @@ -431,27 +357,23 @@ spec: description: Complete containerd config file provided by the user type: string logLevel: - description: Logging level [trace, debug, info, warn, error, fatal, - panic] (default "info") + description: Logging level [trace, debug, info, warn, error, fatal, panic] (default "info") type: string root: description: Directory for persistent data (default "/var/lib/containerd") type: string skipInstall: - description: Prevents kops from installing and modifying containerd - in any way (default "false") + description: Prevents kops from installing and modifying containerd in any way (default "false") type: boolean state: description: Directory for execution state files (default "/run/containerd") type: string version: - description: Consumed by nodeup and used to pick the containerd - version + description: Consumed by nodeup and used to pick the containerd version type: string type: object dnsControllerGossipConfig: - description: DNSControllerGossipConfig for the cluster assuming the - use of gossip DNS + description: DNSControllerGossipConfig for the cluster assuming the use of gossip DNS properties: listen: type: string @@ -464,13 +386,7 @@ spec: type: string type: object dnsZone: - description: DNSZone is the DNS zone we should use when configuring - DNS This is because some clouds let us define a managed zone foo.bar, - and then have kubernetes.dev.foo.bar, without needing to define - dev.foo.bar as a hosted zone. DNSZone will probably be a suffix - of the MasterPublicName and MasterInternalName Note that DNSZone - can either by the host name of the zone (containing dots), or can - be an identifier for the zone. + description: DNSZone is the DNS zone we should use when configuring DNS This is because some clouds let us define a managed zone foo.bar, and then have kubernetes.dev.foo.bar, without needing to define dev.foo.bar as a hosted zone. DNSZone will probably be a suffix of the MasterPublicName and MasterInternalName Note that DNSZone can either by the host name of the zone (containing dots), or can be an identifier for the zone. type: string docker: description: DockerConfig is the configuration for docker @@ -481,16 +397,13 @@ spec: type: string type: array bridge: - description: Bridge is the network interface containers should - bind onto + description: Bridge is the network interface containers should bind onto type: string bridgeIP: - description: BridgeIP is a specific IP address and netmask for - the docker0 bridge, using standard CIDR notation + description: BridgeIP is a specific IP address and netmask for the docker0 bridge, using standard CIDR notation type: string dataRoot: - description: DataRoot is the root directory of persistent docker - state (default "/var/lib/docker") + description: DataRoot is the root directory of persistent docker state (default "/var/lib/docker") type: string defaultUlimit: description: DefaultUlimit is the ulimits for containers @@ -503,32 +416,26 @@ spec: type: string type: array execRoot: - description: ExecRoot is the root directory for execution state - files (default "/var/run/docker") + description: ExecRoot is the root directory for execution state files (default "/var/run/docker") type: string experimental: - description: Experimental features permits enabling new features - such as dockerd metrics + description: Experimental features permits enabling new features such as dockerd metrics type: boolean healthCheck: description: HealthCheck enables the periodic health-check service type: boolean hosts: - description: Hosts enables you to configure the endpoints the - docker daemon listens on i.e. tcp://0.0.0.0.2375 or unix:///var/run/docker.sock - etc + description: Hosts enables you to configure the endpoints the docker daemon listens on i.e. tcp://0.0.0.0.2375 or unix:///var/run/docker.sock etc items: type: string type: array insecureRegistries: - description: InsecureRegistries enables multiple insecure docker - registry communications + description: InsecureRegistries enables multiple insecure docker registry communications items: type: string type: array insecureRegistry: - description: InsecureRegistry enable insecure registry communication - @question according to dockers this a list?? + description: InsecureRegistry enable insecure registry communication @question according to dockers this a list?? type: string ipMasq: description: IPMasq enables ip masquerading for containers @@ -537,34 +444,28 @@ spec: description: IPtables enables addition of iptables rules type: boolean liveRestore: - description: LiveRestore enables live restore of docker when containers - are still running + description: LiveRestore enables live restore of docker when containers are still running type: boolean logDriver: - description: LogDriver is the default driver for container logs - (default "json-file") + description: LogDriver is the default driver for container logs (default "json-file") type: string logLevel: - description: LogLevel is the logging level ("debug", "info", "warn", - "error", "fatal") (default "info") + description: LogLevel is the logging level ("debug", "info", "warn", "error", "fatal") (default "info") type: string logOpt: - description: Logopt is a series of options given to the log driver - options for containers + description: Logopt is a series of options given to the log driver options for containers items: type: string type: array metricsAddress: - description: Metrics address is the endpoint to serve with Prometheus - format metrics + description: Metrics address is the endpoint to serve with Prometheus format metrics type: string mtu: description: MTU is the containers network MTU format: int32 type: integer registryMirrors: - description: RegistryMirrors is a referred list of docker registry - mirror + description: RegistryMirrors is a referred list of docker registry mirror items: type: string type: array @@ -572,30 +473,25 @@ spec: description: SelinuxEnabled enables SELinux support type: boolean skipInstall: - description: SkipInstall when set to true will prevent kops from - installing and modifying Docker in any way + description: SkipInstall when set to true will prevent kops from installing and modifying Docker in any way type: boolean storage: description: Storage is the docker storage driver to use type: string storageOpts: - description: StorageOpts is a series of options passed to the - storage driver + description: StorageOpts is a series of options passed to the storage driver items: type: string type: array userNamespaceRemap: - description: UserNamespaceRemap sets the user namespace remapping - option for the docker daemon + description: UserNamespaceRemap sets the user namespace remapping option for the docker daemon type: string version: - description: Version is consumed by the nodeup and used to pick - the docker version + description: Version is consumed by the nodeup and used to pick the docker version type: string type: object egressProxy: - description: HTTPProxy defines connection information to support use - of a private cluster behind an forward HTTP Proxy + description: HTTPProxy defines connection information to support use of a private cluster behind an forward HTTP Proxy properties: excludes: type: string @@ -619,110 +515,77 @@ spec: description: Backups describes how we do backups of etcd properties: backupStore: - description: BackupStore is the VFS path where we will read/write - backup data + description: BackupStore is the VFS path where we will read/write backup data type: string image: - description: Image is the etcd backup manager image to use. Setting - this will create a sidecar container in the etcd pod with - the specified image. + description: Image is the etcd backup manager image to use. Setting this will create a sidecar container in the etcd pod with the specified image. type: string type: object cpuRequest: anyOf: - type: integer - type: string - description: CPURequest specifies the cpu requests of each etcd - container in the cluster. + description: CPURequest specifies the cpu requests of each etcd container in the cluster. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true enableEtcdTLS: - description: EnableEtcdTLS indicates the etcd service should - use TLS between peers and clients + description: EnableEtcdTLS indicates the etcd service should use TLS between peers and clients type: boolean enableTLSAuth: - description: EnableTLSAuth indicates client and peer TLS auth - should be enforced + description: EnableTLSAuth indicates client and peer TLS auth should be enforced type: boolean etcdMembers: - description: Members stores the configurations for each member - of the cluster (including the data volume) + description: Members stores the configurations for each member of the cluster (including the data volume) items: - description: EtcdMemberSpec is a specification for a etcd - member + description: EtcdMemberSpec is a specification for a etcd member properties: encryptedVolume: - description: EncryptedVolume indicates you want to encrypt - the volume + description: EncryptedVolume indicates you want to encrypt the volume type: boolean instanceGroup: - description: InstanceGroup is the instanceGroup this volume - is associated + description: InstanceGroup is the instanceGroup this volume is associated type: string kmsKeyId: - description: KmsKeyId is a AWS KMS ID used to encrypt - the volume + description: KmsKeyId is a AWS KMS ID used to encrypt the volume type: string name: - description: Name is the name of the member within the - etcd cluster + description: Name is the name of the member within the etcd cluster type: string volumeIops: - description: If volume type is io1, then we need to specify - the number of Iops. + description: If volume type is io1, then we need to specify the number of Iops. format: int32 type: integer volumeSize: - description: VolumeSize is the underlying cloud volume - size + description: VolumeSize is the underlying cloud volume size format: int32 type: integer volumeType: - description: VolumeType is the underlying cloud storage - class + description: VolumeType is the underlying cloud storage class type: string type: object type: array heartbeatInterval: - description: HeartbeatInterval is the time (in milliseconds) - for an etcd heartbeat interval + description: HeartbeatInterval is the time (in milliseconds) for an etcd heartbeat interval type: string image: - description: Image is the etcd docker image to use. Setting - this will ignore the Version specified. + description: Image is the etcd docker image to use. Setting this will ignore the Version specified. type: string leaderElectionTimeout: - description: LeaderElectionTimeout is the time (in milliseconds) - for an etcd leader election timeout + description: LeaderElectionTimeout is the time (in milliseconds) for an etcd leader election timeout type: string manager: description: Manager describes the manager configuration properties: env: - description: Env allows users to pass in env variables to - the etcd-manager container. Variables starting with ETCD_ - will be further passed down to the etcd process. This - allows etcd setting to be configured/overwriten. No config - validation is done. A list of etcd config ENV vars can - be found at https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/configuration.md + description: Env allows users to pass in env variables to the etcd-manager container. Variables starting with ETCD_ will be further passed down to the etcd process. This allows etcd setting to be configured/overwriten. No config validation is done. A list of etcd config ENV vars can be found at https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/configuration.md items: - description: EnvVar represents an environment variable - present in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are - expanded using the previous defined environment - variables in the container and any service environment - variables. If a variable cannot be resolved, the - reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable - exists or not. Defaults to "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string required: - name @@ -736,22 +599,17 @@ spec: anyOf: - type: integer - type: string - description: MemoryRequest specifies the memory requests of - each etcd container in the cluster. + description: MemoryRequest specifies the memory requests of each etcd container in the cluster. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true name: - description: Name is the name of the etcd cluster (main, events - etc) + description: Name is the name of the etcd cluster (main, events etc) type: string provider: - description: 'Provider is the provider used to run etcd: standalone, - manager. We default to manager for kubernetes 1.11 or if the - manager is configured; otherwise standalone.' + description: 'Provider is the provider used to run etcd: standalone, manager. We default to manager for kubernetes 1.11 or if the manager is configured; otherwise standalone.' type: string version: - description: Version is the version of etcd to run i.e. 2.1.2, - 3.0.17 etcd + description: Version is the version of etcd to run i.e. 2.1.2, 3.0.17 etcd type: string type: object type: array @@ -759,16 +617,13 @@ spec: description: ExternalDNSConfig are options of the dns-controller properties: disable: - description: Disable indicates we do not wish to run the dns-controller - addon + description: Disable indicates we do not wish to run the dns-controller addon type: boolean watchIngress: - description: WatchIngress indicates you want the dns-controller - to watch and create dns entries for ingress resources + description: WatchIngress indicates you want the dns-controller to watch and create dns entries for ingress resources type: boolean watchNamespace: - description: WatchNamespace is namespace to watch, defaults to - all (use to control whom can creates dns entries) + description: WatchNamespace is namespace to watch, defaults to all (use to control whom can creates dns entries) type: string type: object externalPolicies: @@ -776,8 +631,7 @@ spec: items: type: string type: array - description: ExternalPolicies allows the insertion of pre-existing - managed policies on IG Roles + description: ExternalPolicies allows the insertion of pre-existing managed policies on IG Roles type: object fileAssets: description: A collection of files assets for deployed cluster wide @@ -797,18 +651,15 @@ spec: description: Path is the location this file should reside type: string roles: - description: Roles is a list of roles the file asset should - be applied, defaults to all + description: Roles is a list of roles the file asset should be applied, defaults to all items: - description: InstanceGroupRole string describes the roles - of the nodes in this InstanceGroup (master or nodes) + description: InstanceGroupRole string describes the roles of the nodes in this InstanceGroup (master or nodes) type: string type: array type: object type: array gossipConfig: - description: GossipConfig for the cluster assuming the use of gossip - DNS + description: GossipConfig for the cluster assuming the use of gossip DNS properties: listen: type: string @@ -824,29 +675,25 @@ spec: description: HookSpec is a definition hook properties: before: - description: Before is a series of systemd units which this - hook must run before + description: Before is a series of systemd units which this hook must run before items: type: string type: array disabled: - description: Disabled indicates if you want the unit switched - off + description: Disabled indicates if you want the unit switched off type: boolean execContainer: description: ExecContainer is the image itself properties: command: - description: Command is the command supplied to the above - image + description: Command is the command supplied to the above image items: type: string type: array environment: additionalProperties: type: string - description: Environment is a map of environment variables - added to the hook + description: Environment is a map of environment variables added to the hook type: object image: description: Image is the docker image @@ -856,34 +703,26 @@ spec: description: Manifest is a raw systemd unit file type: string name: - description: Name is an optional name for the hook, otherwise - the name is kops-hook- + description: Name is an optional name for the hook, otherwise the name is kops-hook- type: string requires: - description: Requires is a series of systemd units the action - requires + description: Requires is a series of systemd units the action requires items: type: string type: array roles: - description: Roles is an optional list of roles the hook should - be rolled out to, defaults to all + description: Roles is an optional list of roles the hook should be rolled out to, defaults to all items: - description: InstanceGroupRole string describes the roles - of the nodes in this InstanceGroup (master or nodes) + description: InstanceGroupRole string describes the roles of the nodes in this InstanceGroup (master or nodes) type: string type: array useRawManifest: - description: UseRawManifest indicates that the contents of Manifest - should be used as the contents of the systemd unit, unmodified. - Before and Requires are ignored when used together with this - value (and validation shouldn't allow them to be set) + description: UseRawManifest indicates that the contents of Manifest should be used as the contents of the systemd unit, unmodified. Before and Requires are ignored when used together with this value (and validation shouldn't allow them to be set) type: boolean type: object type: array iam: - description: IAM field adds control over the IAM security policies - applied to resources + description: IAM field adds control over the IAM security policies applied to resources properties: allowContainerRegistry: type: boolean @@ -895,50 +734,33 @@ spec: - legacy type: object isolateMasters: - description: 'IsolateMasters determines whether we should lock down - masters so that they are not on the pod network. true is the kube-up - behaviour, but it is very surprising: it means that daemonsets only - work on the master if they have hostNetwork=true. false is now the - default, and it will: * give the master a normal PodCIDR * run - kube-proxy on the master * enable debugging handlers on the master, - so kubectl logs works' + description: 'IsolateMasters determines whether we should lock down masters so that they are not on the pod network. true is the kube-up behaviour, but it is very surprising: it means that daemonsets only work on the master if they have hostNetwork=true. false is now the default, and it will: * give the master a normal PodCIDR * run kube-proxy on the master * enable debugging handlers on the master, so kubectl logs works' type: boolean keyStore: - description: KeyStore is the VFS path to where SSL keys and certificates - are stored + description: KeyStore is the VFS path to where SSL keys and certificates are stored type: string kubeAPIServer: - description: KubeAPIServerConfig defines the configuration for the - kube api + description: KubeAPIServerConfig defines the configuration for the kube api properties: address: - description: 'Address is the binding address for the kube api: - Deprecated - use insecure-bind-address and bind-address' + description: 'Address is the binding address for the kube api: Deprecated - use insecure-bind-address and bind-address' type: string admissionControl: - description: 'AdmissionControl is a list of admission controllers - to use: Deprecated - use enable-admission-plugins instead' + description: 'AdmissionControl is a list of admission controllers to use: Deprecated - use enable-admission-plugins instead' items: type: string type: array admissionControlConfigFile: - description: AdmissionControlConfigFile is the location of the - admission-control-config-file + description: AdmissionControlConfigFile is the location of the admission-control-config-file type: string allowPrivileged: - description: AllowPrivileged indicates if we can run privileged - containers + description: AllowPrivileged indicates if we can run privileged containers type: boolean anonymousAuth: - description: AnonymousAuth indicates if anonymous authentication - is permitted + description: AnonymousAuth indicates if anonymous authentication is permitted type: boolean apiAudiences: - description: Identifiers of the API. The service account token - authenticator will validate that tokens used against the API - are bound to at least one of these audiences. If the --service-account-issuer - flag is configured and this flag is not, this field defaults - to a single element list containing the issuer URL. + description: Identifiers of the API. The service account token authenticator will validate that tokens used against the API are bound to at least one of these audiences. If the --service-account-issuer flag is configured and this flag is not, this field defaults to a single element list containing the issuer URL. items: type: string type: array @@ -947,22 +769,18 @@ spec: format: int32 type: integer appendAdmissionPlugins: - description: AppendAdmissionPlugins appends list of enabled admission - plugins + description: AppendAdmissionPlugins appends list of enabled admission plugins items: type: string type: array auditDynamicConfiguration: - description: AuditDynamicConfiguration enables dynamic audit configuration - via AuditSinks + description: AuditDynamicConfiguration enables dynamic audit configuration via AuditSinks type: boolean auditLogFormat: - description: AuditLogFormat flag specifies the format type for - audit log files. + description: AuditLogFormat flag specifies the format type for audit log files. type: string auditLogMaxAge: - description: The maximum number of days to retain old audit log - files based on the timestamp encoded in their filename. + description: The maximum number of days to retain old audit log files based on the timestamp encoded in their filename. format: int32 type: integer auditLogMaxBackups: @@ -970,118 +788,87 @@ spec: format: int32 type: integer auditLogMaxSize: - description: The maximum size in megabytes of the audit log file - before it gets rotated. Defaults to 100MB. + description: The maximum size in megabytes of the audit log file before it gets rotated. Defaults to 100MB. format: int32 type: integer auditLogPath: - description: If set, all requests coming to the apiserver will - be logged to this file. + description: If set, all requests coming to the apiserver will be logged to this file. type: string auditPolicyFile: - description: AuditPolicyFile is the full path to a advanced audit - configuration file e.g. /srv/kubernetes/audit.conf + description: AuditPolicyFile is the full path to a advanced audit configuration file e.g. /srv/kubernetes/audit.conf type: string auditWebhookBatchBufferSize: - description: AuditWebhookBatchBufferSize is The size of the buffer - to store events before batching and writing. Only used in batch - mode. (default 10000) + description: AuditWebhookBatchBufferSize is The size of the buffer to store events before batching and writing. Only used in batch mode. (default 10000) format: int32 type: integer auditWebhookBatchMaxSize: - description: AuditWebhookBatchMaxSize is The maximum size of a - batch. Only used in batch mode. (default 400) + description: AuditWebhookBatchMaxSize is The maximum size of a batch. Only used in batch mode. (default 400) format: int32 type: integer auditWebhookBatchMaxWait: - description: AuditWebhookBatchMaxWait is The amount of time to - wait before force writing the batch that hadn't reached the - max size. Only used in batch mode. (default 30s) + description: AuditWebhookBatchMaxWait is The amount of time to wait before force writing the batch that hadn't reached the max size. Only used in batch mode. (default 30s) type: string auditWebhookBatchThrottleBurst: - description: AuditWebhookBatchThrottleBurst is Maximum number - of requests sent at the same moment if ThrottleQPS was not utilized - before. Only used in batch mode. (default 15) + description: AuditWebhookBatchThrottleBurst is Maximum number of requests sent at the same moment if ThrottleQPS was not utilized before. Only used in batch mode. (default 15) format: int32 type: integer auditWebhookBatchThrottleEnable: - description: AuditWebhookBatchThrottleEnable is Whether batching - throttling is enabled. Only used in batch mode. (default true) + description: AuditWebhookBatchThrottleEnable is Whether batching throttling is enabled. Only used in batch mode. (default true) type: boolean auditWebhookBatchThrottleQps: anyOf: - type: integer - type: string - description: AuditWebhookBatchThrottleQps is Maximum average number - of batches per second. Only used in batch mode. (default 10) + description: AuditWebhookBatchThrottleQps is Maximum average number of batches per second. Only used in batch mode. (default 10) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true auditWebhookConfigFile: - description: AuditWebhookConfigFile is Path to a kubeconfig formatted - file that defines the audit webhook configuration. Requires - the 'AdvancedAuditing' feature gate. + description: AuditWebhookConfigFile is Path to a kubeconfig formatted file that defines the audit webhook configuration. Requires the 'AdvancedAuditing' feature gate. type: string auditWebhookInitialBackoff: - description: AuditWebhookInitialBackoff is The amount of time - to wait before retrying the first failed request. (default 10s) + description: AuditWebhookInitialBackoff is The amount of time to wait before retrying the first failed request. (default 10s) type: string auditWebhookMode: - description: AuditWebhookMode is Strategy for sending audit events. - Blocking indicates sending events should block server responses. - Batch causes the backend to buffer and write events asynchronously. - Known modes are batch,blocking. (default "batch") + description: AuditWebhookMode is Strategy for sending audit events. Blocking indicates sending events should block server responses. Batch causes the backend to buffer and write events asynchronously. Known modes are batch,blocking. (default "batch") type: string authenticationTokenWebhookCacheTtl: - description: The duration to cache responses from the webhook - token authenticator. Default is 2m. (default 2m0s) + description: The duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s) type: string authenticationTokenWebhookConfigFile: - description: File with webhook configuration for token authentication - in kubeconfig format. The API server will query the remote service - to determine authentication for bearer tokens. + description: File with webhook configuration for token authentication in kubeconfig format. The API server will query the remote service to determine authentication for bearer tokens. type: string authorizationMode: - description: AuthorizationMode is the authorization mode the kubeapi - is running in + description: AuthorizationMode is the authorization mode the kubeapi is running in type: string authorizationRbacSuperUser: - description: AuthorizationRBACSuperUser is the name of the superuser - for default rbac + description: AuthorizationRBACSuperUser is the name of the superuser for default rbac type: string authorizationWebhookCacheAuthorizedTtl: - description: The duration to cache authorized responses from the - webhook token authorizer. Default is 5m. (default 5m0s) + description: The duration to cache authorized responses from the webhook token authorizer. Default is 5m. (default 5m0s) type: string authorizationWebhookCacheUnauthorizedTtl: - description: The duration to cache authorized responses from the - webhook token authorizer. Default is 30s. (default 30s) + description: The duration to cache authorized responses from the webhook token authorizer. Default is 30s. (default 30s) type: string authorizationWebhookConfigFile: - description: File with webhook configuration for authorization - in kubeconfig format. The API server will query the remote service - to determine whether to authorize the request. + description: File with webhook configuration for authorization in kubeconfig format. The API server will query the remote service to determine whether to authorize the request. type: string basicAuthFile: description: 'TODO: Remove unused BasicAuthFile' type: string bindAddress: - description: BindAddress is the binding address for the secure - kubernetes API + description: BindAddress is the binding address for the secure kubernetes API type: string clientCAFile: description: 'TODO: Remove unused ClientCAFile' type: string cloudProvider: - description: CloudProvider is the name of the cloudProvider we - are using, aws, gce etcd + description: CloudProvider is the name of the cloudProvider we are using, aws, gce etcd type: string cpuRequest: - description: CPURequest, cpu request compute resource for api - server. Defaults to "150m" + description: CPURequest, cpu request compute resource for api server. Defaults to "150m" type: string disableAdmissionPlugins: - description: DisableAdmissionPlugins is a list of disabled admission - plugins + description: DisableAdmissionPlugins is a list of disabled admission plugins items: type: string type: array @@ -1089,27 +876,21 @@ spec: description: DisableBasicAuth removes the --basic-auth-file flag type: boolean enableAdmissionPlugins: - description: EnableAdmissionPlugins is a list of enabled admission - plugins + description: EnableAdmissionPlugins is a list of enabled admission plugins items: type: string type: array enableAggregatorRouting: - description: EnableAggregatorRouting enables aggregator routing - requests to endpoints IP rather than cluster IP + description: EnableAggregatorRouting enables aggregator routing requests to endpoints IP rather than cluster IP type: boolean enableBootstrapTokenAuth: - description: EnableBootstrapAuthToken enables 'bootstrap.kubernetes.io/token' - in the 'kube-system' namespace to be used for TLS bootstrapping - authentication + description: EnableBootstrapAuthToken enables 'bootstrap.kubernetes.io/token' in the 'kube-system' namespace to be used for TLS bootstrapping authentication type: boolean enableProfiling: - description: EnableProfiling enables profiling via web interface - host:port/debug/pprof/ + description: EnableProfiling enables profiling via web interface host:port/debug/pprof/ type: boolean encryptionProviderConfig: - description: EncryptionProviderConfig enables encryption at rest - for secrets. + description: EncryptionProviderConfig enables encryption at rest for secrets. type: string etcdCaFile: description: EtcdCAFile is the path to a ca certificate @@ -1121,8 +902,7 @@ spec: description: EtcdKeyFile is the path to a private key type: string etcdQuorumRead: - description: EtcdQuorumRead configures the etcd-quorum-read flag, - which forces consistent reads from etcd + description: EtcdQuorumRead configures the etcd-quorum-read flag, which forces consistent reads from etcd type: boolean etcdServers: description: EtcdServers is a list of the etcd service to connect @@ -1130,10 +910,7 @@ spec: type: string type: array etcdServersOverrides: - description: 'EtcdServersOverrides is per-resource etcd servers - overrides, comma separated. The individual override format: - group/resource#servers, where servers are http://ip:port, semicolon - separated' + description: 'EtcdServersOverrides is per-resource etcd servers overrides, comma separated. The individual override format: group/resource#servers, where servers are http://ip:port, semicolon separated' items: type: string type: array @@ -1141,47 +918,38 @@ spec: description: Amount of time to retain Kubernetes events type: string experimentalEncryptionProviderConfig: - description: ExperimentalEncryptionProviderConfig enables encryption - at rest for secrets. + description: ExperimentalEncryptionProviderConfig enables encryption at rest for secrets. type: string featureGates: additionalProperties: type: string - description: FeatureGates is set of key=value pairs that describe - feature gates for alpha/experimental features. + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. type: object http2MaxStreamsPerConnection: - description: HTTP2MaxStreamsPerConnection sets the limit that - the server gives to clients for the maximum number of streams - in an HTTP/2 connection. Zero means to use golang's default. + description: HTTP2MaxStreamsPerConnection sets the limit that the server gives to clients for the maximum number of streams in an HTTP/2 connection. Zero means to use golang's default. format: int32 type: integer image: description: Image is the docker container used type: string insecureBindAddress: - description: InsecureBindAddress is the binding address for the - InsecurePort for the insecure kubernetes API + description: InsecureBindAddress is the binding address for the InsecurePort for the insecure kubernetes API type: string insecurePort: description: InsecurePort is the port the insecure api runs format: int32 type: integer kubeletCertificateAuthority: - description: KubeletCertificateAuthority is the path of a certificate - authority for secure communication between api and kubelet. + description: KubeletCertificateAuthority is the path of a certificate authority for secure communication between api and kubelet. type: string kubeletClientCertificate: - description: KubeletClientCertificate is the path of a certificate - for secure communication between api and kubelet + description: KubeletClientCertificate is the path of a certificate for secure communication between api and kubelet type: string kubeletClientKey: - description: KubeletClientKey is the path of a private to secure - communication between api and kubelet + description: KubeletClientKey is the path of a private to secure communication between api and kubelet type: string kubeletPreferredAddressTypes: - description: KubeletPreferredAddressTypes is a list of the preferred - NodeAddressTypes to use for kubelet connections + description: KubeletPreferredAddressTypes is a list of the preferred NodeAddressTypes to use for kubelet connections items: type: string type: array @@ -1190,156 +958,113 @@ spec: format: int32 type: integer maxMutatingRequestsInflight: - description: MaxMutatingRequestsInflight The maximum number of - mutating requests in flight at a given time. Defaults to 200 + description: MaxMutatingRequestsInflight The maximum number of mutating requests in flight at a given time. Defaults to 200 format: int32 type: integer maxRequestsInflight: - description: MaxRequestsInflight The maximum number of non-mutating - requests in flight at a given time. + description: MaxRequestsInflight The maximum number of non-mutating requests in flight at a given time. format: int32 type: integer minRequestTimeout: - description: MinRequestTimeout configures the minimum number of - seconds a handler must keep a request open before timing it - out. Currently only honored by the watch request handler + description: MinRequestTimeout configures the minimum number of seconds a handler must keep a request open before timing it out. Currently only honored by the watch request handler format: int32 type: integer oidcCAFile: - description: OIDCCAFile if set, the OpenID server's certificate - will be verified by one of the authorities in the oidc-ca-file + description: OIDCCAFile if set, the OpenID server's certificate will be verified by one of the authorities in the oidc-ca-file type: string oidcClientID: - description: OIDCClientID is the client ID for the OpenID Connect - client, must be set if oidc-issuer-url is set. + description: OIDCClientID is the client ID for the OpenID Connect client, must be set if oidc-issuer-url is set. type: string oidcGroupsClaim: - description: OIDCGroupsClaim if provided, the name of a custom - OpenID Connect claim for specifying user groups. The claim value - is expected to be a string or array of strings. + description: OIDCGroupsClaim if provided, the name of a custom OpenID Connect claim for specifying user groups. The claim value is expected to be a string or array of strings. type: string oidcGroupsPrefix: - description: OIDCGroupsPrefix is the prefix prepended to group - claims to prevent clashes with existing names (such as 'system:' - groups) + description: OIDCGroupsPrefix is the prefix prepended to group claims to prevent clashes with existing names (such as 'system:' groups) type: string oidcIssuerURL: - description: OIDCIssuerURL is the URL of the OpenID issuer, only - HTTPS scheme will be accepted. If set, it will be used to verify - the OIDC JSON Web Token (JWT). + description: OIDCIssuerURL is the URL of the OpenID issuer, only HTTPS scheme will be accepted. If set, it will be used to verify the OIDC JSON Web Token (JWT). type: string oidcRequiredClaim: - description: A key=value pair that describes a required claim - in the ID Token. If set, the claim is verified to be present - in the ID Token with a matching value. Repeat this flag to specify - multiple claims. + description: A key=value pair that describes a required claim in the ID Token. If set, the claim is verified to be present in the ID Token with a matching value. Repeat this flag to specify multiple claims. items: type: string type: array oidcUsernameClaim: - description: OIDCUsernameClaim is the OpenID claim to use as the - user name. Note that claims other than the default ('sub') is - not guaranteed to be unique and immutable. + description: OIDCUsernameClaim is the OpenID claim to use as the user name. Note that claims other than the default ('sub') is not guaranteed to be unique and immutable. type: string oidcUsernamePrefix: - description: OIDCUsernamePrefix is the prefix prepended to username - claims to prevent clashes with existing names (such as 'system:' - users). + description: OIDCUsernamePrefix is the prefix prepended to username claims to prevent clashes with existing names (such as 'system:' users). type: string proxyClientCertFile: - description: The apiserver's client certificate used for outbound - requests. + description: The apiserver's client certificate used for outbound requests. type: string proxyClientKeyFile: description: The apiserver's client key used for outbound requests. type: string requestheaderAllowedNames: - description: List of client certificate common names to allow - to provide usernames in headers specified by --requestheader-username-headers. - If empty, any client certificate validated by the authorities - in --requestheader-client-ca-file is allowed. + description: List of client certificate common names to allow to provide usernames in headers specified by --requestheader-username-headers. If empty, any client certificate validated by the authorities in --requestheader-client-ca-file is allowed. items: type: string type: array requestheaderClientCAFile: - description: Root certificate bundle to use to verify client certificates - on incoming requests before trusting usernames in headers specified - by --requestheader-username-headers + description: Root certificate bundle to use to verify client certificates on incoming requests before trusting usernames in headers specified by --requestheader-username-headers type: string requestheaderExtraHeaderPrefixes: - description: List of request header prefixes to inspect. X-Remote-Extra- - is suggested. + description: List of request header prefixes to inspect. X-Remote-Extra- is suggested. items: type: string type: array requestheaderGroupHeaders: - description: List of request headers to inspect for groups. X-Remote-Group - is suggested. + description: List of request headers to inspect for groups. X-Remote-Group is suggested. items: type: string type: array requestheaderUsernameHeaders: - description: List of request headers to inspect for usernames. - X-Remote-User is common. + description: List of request headers to inspect for usernames. X-Remote-User is common. items: type: string type: array runtimeConfig: additionalProperties: type: string - description: RuntimeConfig is a series of keys/values are parsed - into the `--runtime-config` parameters + description: RuntimeConfig is a series of keys/values are parsed into the `--runtime-config` parameters type: object securePort: description: SecurePort is the port the kube runs on format: int32 type: integer serviceAccountIssuer: - description: Identifier of the service account token issuer. The - issuer will assert this identifier in "iss" claim of issued - tokens. This value is a string or URI. + description: Identifier of the service account token issuer. The issuer will assert this identifier in "iss" claim of issued tokens. This value is a string or URI. type: string serviceAccountJWKSURI: - description: ServiceAccountJWKSURI overrides the path for the - jwks document; this is useful when we are republishing the service - account discovery information elsewhere. + description: ServiceAccountJWKSURI overrides the path for the jwks document; this is useful when we are republishing the service account discovery information elsewhere. type: string serviceAccountKeyFile: - description: File containing PEM-encoded x509 RSA or ECDSA private - or public keys, used to verify ServiceAccount tokens. The specified - file can contain multiple keys, and the flag can be specified - multiple times with different files. If unspecified, --tls-private-key-file - is used. + description: File containing PEM-encoded x509 RSA or ECDSA private or public keys, used to verify ServiceAccount tokens. The specified file can contain multiple keys, and the flag can be specified multiple times with different files. If unspecified, --tls-private-key-file is used. items: type: string type: array serviceAccountSigningKeyFile: - description: Path to the file that contains the current private - key of the service account token issuer. The issuer will sign - issued ID tokens with this private key. (Requires the 'TokenRequest' - feature gate.) + description: Path to the file that contains the current private key of the service account token issuer. The issuer will sign issued ID tokens with this private key. (Requires the 'TokenRequest' feature gate.) type: string serviceClusterIPRange: description: ServiceClusterIPRange is the service address range type: string serviceNodePortRange: - description: Passed as --service-node-port-range to kube-apiserver. - Expects 'startPort-endPort' format e.g. 30000-33000 + description: Passed as --service-node-port-range to kube-apiserver. Expects 'startPort-endPort' format e.g. 30000-33000 type: string storageBackend: description: StorageBackend is the backend storage type: string targetRamMb: - description: Memory limit for apiserver in MB (used to configure - sizes of caches, etc.) + description: Memory limit for apiserver in MB (used to configure sizes of caches, etc.) format: int32 type: integer tlsCertFile: description: 'TODO: Remove unused TLSCertFile' type: string tlsCipherSuites: - description: TLSCipherSuites indicates the allowed TLS cipher - suite + description: TLSCipherSuites indicates the allowed TLS cipher suite items: type: string type: array @@ -1354,36 +1079,27 @@ spec: type: string type: object kubeControllerManager: - description: KubeControllerManagerConfig is the configuration for - the controller + description: KubeControllerManagerConfig is the configuration for the controller properties: allocateNodeCIDRs: - description: AllocateNodeCIDRs enables CIDRs for Pods to be allocated - and, if ConfigureCloudRoutes is true, to be set on the cloud - provider. + description: AllocateNodeCIDRs enables CIDRs for Pods to be allocated and, if ConfigureCloudRoutes is true, to be set on the cloud provider. type: boolean attachDetachReconcileSyncPeriod: - description: ReconcilerSyncLoopPeriod is the amount of time the - reconciler sync states loop wait between successive executions. - Is set to 1 min by kops by default + description: ReconcilerSyncLoopPeriod is the amount of time the reconciler sync states loop wait between successive executions. Is set to 1 min by kops by default type: string authenticationKubeconfig: - description: AuthenticationKubeconfig is the path to an Authentication - Kubeconfig + description: AuthenticationKubeconfig is the path to an Authentication Kubeconfig type: string authorizationAlwaysAllowPaths: - description: AuthorizationAlwaysAllowPaths is the list of HTTP - paths to skip during authorization + description: AuthorizationAlwaysAllowPaths is the list of HTTP paths to skip during authorization items: type: string type: array authorizationKubeconfig: - description: AuthorizationKubeconfig is the path to an Authorization - Kubeconfig + description: AuthorizationKubeconfig is the path to an Authorization Kubeconfig type: string cidrAllocatorType: - description: CIDRAllocatorType specifies the type of CIDR allocator - to use. + description: CIDRAllocatorType specifies the type of CIDR allocator to use. type: string cloudProvider: description: CloudProvider is the provider for cloud services. @@ -1395,171 +1111,118 @@ spec: description: ClusterName is the instance prefix for the cluster. type: string concurrentDeploymentSyncs: - description: The number of deployment objects that are allowed - to sync concurrently. + description: The number of deployment objects that are allowed to sync concurrently. format: int32 type: integer concurrentEndpointSyncs: - description: The number of endpoint objects that are allowed to - sync concurrently. + description: The number of endpoint objects that are allowed to sync concurrently. format: int32 type: integer concurrentNamespaceSyncs: - description: The number of namespace objects that are allowed - to sync concurrently. + description: The number of namespace objects that are allowed to sync concurrently. format: int32 type: integer concurrentRcSyncs: - description: The number of replicationcontroller objects that - are allowed to sync concurrently. This only works on kubernetes - >= 1.14 + description: The number of replicationcontroller objects that are allowed to sync concurrently. This only works on kubernetes >= 1.14 format: int32 type: integer concurrentReplicasetSyncs: - description: The number of replicaset objects that are allowed - to sync concurrently. + description: The number of replicaset objects that are allowed to sync concurrently. format: int32 type: integer concurrentResourceQuotaSyncs: - description: The number of resourcequota objects that are allowed - to sync concurrently. + description: The number of resourcequota objects that are allowed to sync concurrently. format: int32 type: integer concurrentServiceSyncs: - description: The number of service objects that are allowed to - sync concurrently. + description: The number of service objects that are allowed to sync concurrently. format: int32 type: integer concurrentServiceaccountTokenSyncs: - description: The number of serviceaccount objects that are allowed - to sync concurrently to create tokens. + description: The number of serviceaccount objects that are allowed to sync concurrently to create tokens. format: int32 type: integer configureCloudRoutes: - description: ConfigureCloudRoutes enables CIDRs allocated with - to be configured on the cloud provider. + description: ConfigureCloudRoutes enables CIDRs allocated with to be configured on the cloud provider. type: boolean controllers: - description: Controllers is a list of controllers to enable on - the controller-manager + description: Controllers is a list of controllers to enable on the controller-manager items: type: string type: array disableAttachDetachReconcileSync: - description: DisableAttachDetachReconcileSync disables the reconcile - sync loop in the attach-detach controller. This can cause volumes - to become mismatched with pods + description: DisableAttachDetachReconcileSync disables the reconcile sync loop in the attach-detach controller. This can cause volumes to become mismatched with pods type: boolean enableProfiling: - description: EnableProfiling enables profiling via web interface - host:port/debug/pprof/ + description: EnableProfiling enables profiling via web interface host:port/debug/pprof/ type: boolean experimentalClusterSigningDuration: - description: ExperimentalClusterSigningDuration is the duration - that determines the length of duration that the signed certificates - will be given. (default 8760h0m0s) + description: ExperimentalClusterSigningDuration is the duration that determines the length of duration that the signed certificates will be given. (default 8760h0m0s) type: string featureGates: additionalProperties: type: string - description: FeatureGates is set of key=value pairs that describe - feature gates for alpha/experimental features. + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. type: object horizontalPodAutoscalerDownscaleDelay: - description: HorizontalPodAutoscalerDownscaleDelay is a duration - that specifies how long the autoscaler has to wait before another - downscale operation can be performed after the current one has - completed. + description: HorizontalPodAutoscalerDownscaleDelay is a duration that specifies how long the autoscaler has to wait before another downscale operation can be performed after the current one has completed. type: string horizontalPodAutoscalerDownscaleStabilization: - description: HorizontalPodAutoscalerDownscaleStabilization is - the period for which autoscaler will look backwards and not - scale down below any recommendation it made during that period. + description: HorizontalPodAutoscalerDownscaleStabilization is the period for which autoscaler will look backwards and not scale down below any recommendation it made during that period. type: string horizontalPodAutoscalerSyncPeriod: - description: HorizontalPodAutoscalerSyncPeriod is the amount of - time between syncs During each period, the controller manager - queries the resource utilization against the metrics specified - in each HorizontalPodAutoscaler definition. + description: HorizontalPodAutoscalerSyncPeriod is the amount of time between syncs During each period, the controller manager queries the resource utilization against the metrics specified in each HorizontalPodAutoscaler definition. type: string horizontalPodAutoscalerTolerance: anyOf: - type: integer - type: string - description: HorizontalPodAutoscalerTolerance is the minimum change - (from 1.0) in the desired-to-actual metrics ratio for the horizontal - pod autoscaler to consider scaling. + description: HorizontalPodAutoscalerTolerance is the minimum change (from 1.0) in the desired-to-actual metrics ratio for the horizontal pod autoscaler to consider scaling. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true horizontalPodAutoscalerUpscaleDelay: - description: HorizontalPodAutoscalerUpscaleDelay is a duration - that specifies how long the autoscaler has to wait before another - upscale operation can be performed after the current one has - completed. + description: HorizontalPodAutoscalerUpscaleDelay is a duration that specifies how long the autoscaler has to wait before another upscale operation can be performed after the current one has completed. type: string horizontalPodAutoscalerUseRestClients: - description: HorizontalPodAutoscalerUseRestClients determines - if the new-style clients should be used if support for custom - metrics is enabled. + description: HorizontalPodAutoscalerUseRestClients determines if the new-style clients should be used if support for custom metrics is enabled. type: boolean image: description: Image is the docker image to use type: string kubeAPIBurst: - description: KubeAPIBurst Burst to use while talking with kubernetes - apiserver. (default 30) + description: KubeAPIBurst Burst to use while talking with kubernetes apiserver. (default 30) format: int32 type: integer kubeAPIQPS: anyOf: - type: integer - type: string - description: KubeAPIQPS QPS to use while talking with kubernetes - apiserver. (default 20) + description: KubeAPIQPS QPS to use while talking with kubernetes apiserver. (default 20) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true leaderElection: - description: LeaderElection defines the configuration of leader - election client. + description: LeaderElection defines the configuration of leader election client. properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: leaderElect enables a leader election client to gain leadership before executing the main loop. Enable this when running replicated components for high availability. type: boolean leaderElectLeaseDuration: - description: leaderElectLeaseDuration is the length in time - non-leader candidates will wait after observing a leadership - renewal until attempting to acquire leadership of a led - but unrenewed leader slot. This is effectively the maximum - duration that a leader can be stopped before it is replaced - by another candidate + description: leaderElectLeaseDuration is the length in time non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate type: string leaderElectRenewDeadlineDuration: - description: LeaderElectRenewDeadlineDuration is the interval - between attempts by the acting master to renew a leadership - slot before it stops leading. This must be less than or - equal to the lease duration. + description: LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. type: string leaderElectResourceLock: - description: LeaderElectResourceLock is the type of resource - object that is used for locking during leader election. - Supported options are endpoints (default) and `configmaps`. + description: LeaderElectResourceLock is the type of resource object that is used for locking during leader election. Supported options are endpoints (default) and `configmaps`. type: string leaderElectResourceName: - description: LeaderElectResourceName is the name of resource - object that is used for locking during leader election. + description: LeaderElectResourceName is the name of resource object that is used for locking during leader election. type: string leaderElectResourceNamespace: - description: LeaderElectResourceNamespace is the namespace - of resource object that is used for locking during leader - election. + description: LeaderElectResourceNamespace is the namespace of resource object that is used for locking during leader election. type: string leaderElectRetryPeriod: - description: LeaderElectRetryPeriod is The duration the clients - should wait between attempting acquisition and renewal of - a leadership. This is only applicable if leader election - is enabled. + description: LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. type: string type: object logLevel: @@ -1570,49 +1233,33 @@ spec: description: Master is the url for the kube api master type: string minResyncPeriod: - description: MinResyncPeriod indicates the resync period in reflectors. - The resync period will be random between MinResyncPeriod and - 2*MinResyncPeriod. (default 12h0m0s) + description: MinResyncPeriod indicates the resync period in reflectors. The resync period will be random between MinResyncPeriod and 2*MinResyncPeriod. (default 12h0m0s) type: string nodeCIDRMaskSize: - description: NodeCIDRMaskSize set the size for the mask of the - nodes. + description: NodeCIDRMaskSize set the size for the mask of the nodes. format: int32 type: integer nodeMonitorGracePeriod: - description: NodeMonitorGracePeriod is the amount of time which - we allow running Node to be unresponsive before marking it unhealthy. - (default 40s) Must be N-1 times more than kubelet's nodeStatusUpdateFrequency, - where N means number of retries allowed for kubelet to post - node status. + description: NodeMonitorGracePeriod is the amount of time which we allow running Node to be unresponsive before marking it unhealthy. (default 40s) Must be N-1 times more than kubelet's nodeStatusUpdateFrequency, where N means number of retries allowed for kubelet to post node status. type: string nodeMonitorPeriod: - description: NodeMonitorPeriod is the period for syncing NodeStatus - in NodeController. (default 5s) + description: NodeMonitorPeriod is the period for syncing NodeStatus in NodeController. (default 5s) type: string podEvictionTimeout: - description: PodEvictionTimeout is the grace period for deleting - pods on failed nodes. (default 5m0s) + description: PodEvictionTimeout is the grace period for deleting pods on failed nodes. (default 5m0s) type: string rootCAFile: - description: rootCAFile is the root certificate authority will - be included in service account's token secret. This must be - a valid PEM-encoded CA bundle. + description: rootCAFile is the root certificate authority will be included in service account's token secret. This must be a valid PEM-encoded CA bundle. type: string serviceAccountPrivateKeyFile: - description: ServiceAccountPrivateKeyFile is the location of the - private key for service account token signing. + description: ServiceAccountPrivateKeyFile is the location of the private key for service account token signing. type: string terminatedPodGCThreshold: - description: TerminatedPodGCThreshold is the number of terminated - pods that can exist before the terminated pod garbage collector - starts deleting terminated pods. If <= 0, the terminated pod - garbage collector is disabled. + description: TerminatedPodGCThreshold is the number of terminated pods that can exist before the terminated pod garbage collector starts deleting terminated pods. If <= 0, the terminated pod garbage collector is disabled. format: int32 type: integer tlsCipherSuites: - description: TLSCipherSuites indicates the allowed TLS cipher - suite + description: TLSCipherSuites indicates the allowed TLS cipher suite items: type: string type: array @@ -1620,80 +1267,66 @@ spec: description: TLSMinVersion indicates the minimum TLS version allowed type: string useServiceAccountCredentials: - description: UseServiceAccountCredentials controls whether we - use individual service account credentials for each controller. + description: UseServiceAccountCredentials controls whether we use individual service account credentials for each controller. type: boolean type: object kubeDNS: description: KubeDNSConfig defines the kube dns configuration properties: cacheMaxConcurrent: - description: CacheMaxConcurrent is the maximum number of concurrent - queries for dnsmasq + description: CacheMaxConcurrent is the maximum number of concurrent queries for dnsmasq type: integer cacheMaxSize: description: CacheMaxSize is the maximum entries to keep in dnsmasq type: integer coreDNSImage: - description: CoreDNSImage is used to override the default image - used for CoreDNS + description: CoreDNSImage is used to override the default image used for CoreDNS type: string cpuRequest: anyOf: - type: integer - type: string - description: CPURequest specifies the cpu requests of each dns - container in the cluster. Default 100m. + description: CPURequest specifies the cpu requests of each dns container in the cluster. Default 100m. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true domain: description: Domain is the dns domain type: string externalCoreFile: - description: ExternalCoreFile is used to provide a complete CoreDNS - CoreFile by the user - ignores other provided flags which modify - the CoreFile. + description: ExternalCoreFile is used to provide a complete CoreDNS CoreFile by the user - ignores other provided flags which modify the CoreFile. type: string image: - description: Image is the name of the docker image to run - @deprecated - as this is now in the addon + description: Image is the name of the docker image to run - @deprecated as this is now in the addon type: string memoryLimit: anyOf: - type: integer - type: string - description: MemoryLimit specifies the memory limit of each dns - container in the cluster. Default 170m. + description: MemoryLimit specifies the memory limit of each dns container in the cluster. Default 170m. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memoryRequest: anyOf: - type: integer - type: string - description: MemoryRequest specifies the memory requests of each - dns container in the cluster. Default 70m. + description: MemoryRequest specifies the memory requests of each dns container in the cluster. Default 70m. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true nodeLocalDNS: - description: NodeLocalDNS specifies the configuration for the - node-local-dns addon + description: NodeLocalDNS specifies the configuration for the node-local-dns addon properties: enabled: description: Enabled activates the node-local-dns addon type: boolean localIP: - description: Local listen IP address. It can be any IP in - the 169.254.20.0/16 space or any other IP address that can - be guaranteed to not collide with any existing IP. + description: Local listen IP address. It can be any IP in the 169.254.20.0/16 space or any other IP address that can be guaranteed to not collide with any existing IP. type: string type: object provider: - description: Provider indicates whether CoreDNS or kube-dns will - be the default service discovery. + description: Provider indicates whether CoreDNS or kube-dns will be the default service discovery. type: string replicas: - description: Replicas is the number of pod replicas - @deprecated - as this is now in the addon, and controlled by autoscaler + description: Replicas is the number of pod replicas - @deprecated as this is now in the addon, and controlled by autoscaler type: integer serverIP: description: ServerIP is the server ip @@ -1706,8 +1339,7 @@ spec: description: StubDomains redirects a domains to another DNS service type: object upstreamNameservers: - description: UpstreamNameservers sets the upstream nameservers - for queries not on the cluster domain + description: UpstreamNameservers sets the upstream nameservers for queries not on the cluster domain items: type: string type: array @@ -1716,30 +1348,24 @@ spec: description: KubeProxyConfig defines the configuration for a proxy properties: bindAddress: - description: BindAddress is IP address for the proxy server to - serve on + description: BindAddress is IP address for the proxy server to serve on type: string clusterCIDR: - description: ClusterCIDR is the CIDR range of the pods in the - cluster + description: ClusterCIDR is the CIDR range of the pods in the cluster type: string conntrackMaxPerCore: - description: 'Maximum number of NAT connections to track per CPU - core (default: 131072)' + description: 'Maximum number of NAT connections to track per CPU core (default: 131072)' format: int32 type: integer conntrackMin: - description: Minimum number of conntrack entries to allocate, - regardless of conntrack-max-per-core + description: Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core format: int32 type: integer cpuLimit: - description: CPULimit, cpu limit compute resource for kube proxy - e.g. "30m" + description: CPULimit, cpu limit compute resource for kube proxy e.g. "30m" type: string cpuRequest: - description: 'TODO: Better type ? CPURequest, cpu request compute - resource for kube proxy e.g. "20m"' + description: 'TODO: Better type ? CPURequest, cpu request compute resource for kube proxy e.g. "20m"' type: string enabled: description: Enabled allows enabling or disabling kube-proxy @@ -1747,54 +1373,42 @@ spec: featureGates: additionalProperties: type: string - description: FeatureGates is a series of key pairs used to switch - on features for the proxy + description: FeatureGates is a series of key pairs used to switch on features for the proxy type: object hostnameOverride: - description: HostnameOverride, if non-empty, will be used as the - identity instead of the actual hostname. + description: HostnameOverride, if non-empty, will be used as the identity instead of the actual hostname. type: string image: type: string ipvsExcludeCidrs: - description: IPVSExcludeCIDRS is comma-separated list of CIDR's - which the ipvs proxier should not touch when cleaning up IPVS - rules + description: IPVSExcludeCIDRS is comma-separated list of CIDR's which the ipvs proxier should not touch when cleaning up IPVS rules items: type: string type: array ipvsMinSyncPeriod: - description: IPVSMinSyncPeriod is the minimum interval of how - often the ipvs rules can be refreshed as endpoints and services - change (e.g. '5s', '1m', '2h22m') + description: IPVSMinSyncPeriod is the minimum interval of how often the ipvs rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m') type: string ipvsScheduler: - description: IPVSScheduler is the ipvs scheduler type when proxy - mode is ipvs + description: IPVSScheduler is the ipvs scheduler type when proxy mode is ipvs type: string ipvsSyncPeriod: - description: IPVSSyncPeriod duration is the maximum interval of - how often ipvs rules are refreshed + description: IPVSSyncPeriod duration is the maximum interval of how often ipvs rules are refreshed type: string logLevel: description: LogLevel is the logging level of the proxy format: int32 type: integer master: - description: Master is the address of the Kubernetes API server - (overrides any value in kubeconfig) + description: Master is the address of the Kubernetes API server (overrides any value in kubeconfig) type: string memoryLimit: - description: MemoryLimit, memory limit compute resource for kube - proxy e.g. "30Mi" + description: MemoryLimit, memory limit compute resource for kube proxy e.g. "30Mi" type: string memoryRequest: - description: MemoryRequest, memory request compute resource for - kube proxy e.g. "30Mi" + description: MemoryRequest, memory request compute resource for kube proxy e.g. "30Mi" type: string metricsBindAddress: - description: MetricsBindAddress is the IP address for the metrics - server to serve on + description: MetricsBindAddress is the IP address for the metrics server to serve on type: string proxyMode: description: 'Which proxy mode to use: (userspace, iptables, ipvs)' @@ -1804,79 +1418,54 @@ spec: description: KubeSchedulerConfig is the configuration for the kube-scheduler properties: authenticationKubeconfig: - description: AuthenticationKubeconfig is the path to an Authentication - Kubeconfig + description: AuthenticationKubeconfig is the path to an Authentication Kubeconfig type: string authorizationAlwaysAllowPaths: - description: AuthorizationAlwaysAllowPaths is the list of HTTP - paths to skip during authorization + description: AuthorizationAlwaysAllowPaths is the list of HTTP paths to skip during authorization items: type: string type: array authorizationKubeconfig: - description: AuthorizationKubeconfig is the path to an Authorization - Kubeconfig + description: AuthorizationKubeconfig is the path to an Authorization Kubeconfig type: string burst: - description: Burst sets the maximum qps to send to apiserver after - the burst quota is exhausted + description: Burst sets the maximum qps to send to apiserver after the burst quota is exhausted format: int32 type: integer enableProfiling: - description: EnableProfiling enables profiling via web interface - host:port/debug/pprof/ + description: EnableProfiling enables profiling via web interface host:port/debug/pprof/ type: boolean featureGates: additionalProperties: type: string - description: FeatureGates is set of key=value pairs that describe - feature gates for alpha/experimental features. + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. type: object image: description: Image is the docker image to use type: string leaderElection: - description: LeaderElection defines the configuration of leader - election client. + description: LeaderElection defines the configuration of leader election client. properties: leaderElect: - description: leaderElect enables a leader election client - to gain leadership before executing the main loop. Enable - this when running replicated components for high availability. + description: leaderElect enables a leader election client to gain leadership before executing the main loop. Enable this when running replicated components for high availability. type: boolean leaderElectLeaseDuration: - description: leaderElectLeaseDuration is the length in time - non-leader candidates will wait after observing a leadership - renewal until attempting to acquire leadership of a led - but unrenewed leader slot. This is effectively the maximum - duration that a leader can be stopped before it is replaced - by another candidate + description: leaderElectLeaseDuration is the length in time non-leader candidates will wait after observing a leadership renewal until attempting to acquire leadership of a led but unrenewed leader slot. This is effectively the maximum duration that a leader can be stopped before it is replaced by another candidate type: string leaderElectRenewDeadlineDuration: - description: LeaderElectRenewDeadlineDuration is the interval - between attempts by the acting master to renew a leadership - slot before it stops leading. This must be less than or - equal to the lease duration. + description: LeaderElectRenewDeadlineDuration is the interval between attempts by the acting master to renew a leadership slot before it stops leading. This must be less than or equal to the lease duration. type: string leaderElectResourceLock: - description: LeaderElectResourceLock is the type of resource - object that is used for locking during leader election. - Supported options are endpoints (default) and `configmaps`. + description: LeaderElectResourceLock is the type of resource object that is used for locking during leader election. Supported options are endpoints (default) and `configmaps`. type: string leaderElectResourceName: - description: LeaderElectResourceName is the name of resource - object that is used for locking during leader election. + description: LeaderElectResourceName is the name of resource object that is used for locking during leader election. type: string leaderElectResourceNamespace: - description: LeaderElectResourceNamespace is the namespace - of resource object that is used for locking during leader - election. + description: LeaderElectResourceNamespace is the namespace of resource object that is used for locking during leader election. type: string leaderElectRetryPeriod: - description: LeaderElectRetryPeriod is The duration the clients - should wait between attempting acquisition and renewal of - a leadership. This is only applicable if leader election - is enabled. + description: LeaderElectRetryPeriod is The duration the clients should wait between attempting acquisition and renewal of a leadership. This is only applicable if leader election is enabled. type: string type: object logLevel: @@ -1887,72 +1476,54 @@ spec: description: Master is a url to the kube master type: string maxPersistentVolumes: - description: 'MaxPersistentVolumes changes the maximum number - of persistent volumes the scheduler will scheduler onto the - same node. Only takes into affect if value is positive. This - corresponds to the KUBE_MAX_PD_VOLS environment variable, which - has been supported as far back as Kubernetes 1.7. The default - depends on the version and the cloud provider as outlined: https://kubernetes.io/docs/concepts/storage/storage-limits/' + description: 'MaxPersistentVolumes changes the maximum number of persistent volumes the scheduler will scheduler onto the same node. Only takes into affect if value is positive. This corresponds to the KUBE_MAX_PD_VOLS environment variable, which has been supported as far back as Kubernetes 1.7. The default depends on the version and the cloud provider as outlined: https://kubernetes.io/docs/concepts/storage/storage-limits/' format: int32 type: integer qps: anyOf: - type: integer - type: string - description: Qps sets the maximum qps to send to apiserver after - the burst quota is exhausted + description: Qps sets the maximum qps to send to apiserver after the burst quota is exhausted pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true usePolicyConfigMap: - description: UsePolicyConfigMap enable setting the scheduler policy - from a configmap + description: UsePolicyConfigMap enable setting the scheduler policy from a configmap type: boolean type: object kubelet: description: KubeletConfigSpec defines the kubelet configuration properties: allowPrivileged: - description: AllowPrivileged enables containers to request privileged - mode (defaults to false) + description: AllowPrivileged enables containers to request privileged mode (defaults to false) type: boolean allowedUnsafeSysctls: - description: AllowedUnsafeSysctls are passed to the kubelet config - to whitelist allowable sysctls + description: AllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls items: type: string type: array anonymousAuth: - description: AnonymousAuth permits you to control auth to the - kubelet api + description: AnonymousAuth permits you to control auth to the kubelet api type: boolean apiServers: - description: APIServers is not used for clusters version 1.6 and - later - flag removed + description: APIServers is not used for clusters version 1.6 and later - flag removed type: string authenticationTokenWebhook: - description: AuthenticationTokenWebhook uses the TokenReview API - to determine authentication for bearer tokens. + description: AuthenticationTokenWebhook uses the TokenReview API to determine authentication for bearer tokens. type: boolean authenticationTokenWebhookCacheTtl: - description: AuthenticationTokenWebhook sets the duration to cache - responses from the webhook token authenticator. Default is 2m. - (default 2m0s) + description: AuthenticationTokenWebhook sets the duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s) type: string authorizationMode: - description: AuthorizationMode is the authorization mode the kubelet - is running in + description: AuthorizationMode is the authorization mode the kubelet is running in type: string babysitDaemons: - description: The node has babysitter process monitoring docker - and kubelet. Removed as of 1.7 + description: The node has babysitter process monitoring docker and kubelet. Removed as of 1.7 type: boolean bootstrapKubeconfig: - description: BootstrapKubeconfig is the path to a kubeconfig file - that will be used to get client certificate for kubelet + description: BootstrapKubeconfig is the path to a kubeconfig file that will be used to get client certificate for kubelet type: string cgroupRoot: - description: cgroupRoot is the root cgroup to use for pods. This - is handled by the container runtime on a best effort basis. + description: cgroupRoot is the root cgroup to use for pods. This is handled by the container runtime on a best effort basis. type: string clientCaFile: description: ClientCAFile is the path to a CA certificate @@ -1967,266 +1538,189 @@ spec: description: ClusterDomain is the DNS domain for this cluster type: string configureCbr0: - description: configureCBR0 enables the kubelet to configure cbr0 - based on Node.Spec.PodCIDR. + description: configureCBR0 enables the kubelet to configure cbr0 based on Node.Spec.PodCIDR. type: boolean cpuCFSQuota: - description: CPUCFSQuota enables CPU CFS quota enforcement for - containers that specify CPU limits + description: CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits type: boolean cpuCFSQuotaPeriod: - description: CPUCFSQuotaPeriod sets CPU CFS quota period value, - cpu.cfs_period_us, defaults to Linux Kernel default + description: CPUCFSQuotaPeriod sets CPU CFS quota period value, cpu.cfs_period_us, defaults to Linux Kernel default type: string cpuManagerPolicy: - description: CpuManagerPolicy allows for changing the default - policy of None to static + description: CpuManagerPolicy allows for changing the default policy of None to static type: string dockerDisableSharedPID: - description: DockerDisableSharedPID uses a shared PID namespace - for containers in a pod. + description: DockerDisableSharedPID uses a shared PID namespace for containers in a pod. type: boolean enableCustomMetrics: description: Enable gathering custom metrics. type: boolean enableDebuggingHandlers: - description: EnableDebuggingHandlers enables server endpoints - for log collection and local running of containers and commands + description: EnableDebuggingHandlers enables server endpoints for log collection and local running of containers and commands type: boolean enforceNodeAllocatable: - description: Enforce Allocatable across pods whenever the overall - usage across all pods exceeds Allocatable. + description: Enforce Allocatable across pods whenever the overall usage across all pods exceeds Allocatable. type: string evictionHard: - description: Comma-delimited list of hard eviction expressions. For - example, 'memory.available<300Mi'. + description: Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. type: string evictionMaxPodGracePeriod: - description: Maximum allowed grace period (in seconds) to use - when terminating pods in response to a soft eviction threshold - being met. + description: Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. format: int32 type: integer evictionMinimumReclaim: - description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) - that describes the minimum amount of resource the kubelet will - reclaim when performing a pod eviction if that resource is under - pressure. + description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. type: string evictionPressureTransitionPeriod: - description: Duration for which the kubelet has to wait before - transitioning out of an eviction pressure condition. + description: Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. type: string evictionSoft: - description: Comma-delimited list of soft eviction expressions. For - example, 'memory.available<300Mi'. + description: Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. type: string evictionSoftGracePeriod: - description: Comma-delimited list of grace periods for each soft - eviction signal. For example, 'memory.available=30s'. + description: Comma-delimited list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. type: string experimentalAllowedUnsafeSysctls: - description: ExperimentalAllowedUnsafeSysctls are passed to the - kubelet config to whitelist allowable sysctls Was promoted to - beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 + description: ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 items: type: string type: array failSwapOn: - description: Tells the Kubelet to fail to start if swap is enabled - on the node. + description: Tells the Kubelet to fail to start if swap is enabled on the node. type: boolean featureGates: additionalProperties: type: string - description: FeatureGates is set of key=value pairs that describe - feature gates for alpha/experimental features. + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. type: object hairpinMode: - description: 'How should the kubelet configure the container bridge - for hairpin packets. Setting this flag allows endpoints in a - Service to loadbalance back to themselves if they should try - to access their own Service. Values: "promiscuous-bridge": - make the container bridge promiscuous. "hairpin-veth": set - the hairpin flag on container veth interfaces. "none": do - nothing. Setting --configure-cbr0 to false implies that to achieve - hairpin NAT one must set --hairpin-mode=veth-flag, because bridge - assumes the existence of a container bridge named cbr0.' + description: 'How should the kubelet configure the container bridge for hairpin packets. Setting this flag allows endpoints in a Service to loadbalance back to themselves if they should try to access their own Service. Values: "promiscuous-bridge": make the container bridge promiscuous. "hairpin-veth": set the hairpin flag on container veth interfaces. "none": do nothing. Setting --configure-cbr0 to false implies that to achieve hairpin NAT one must set --hairpin-mode=veth-flag, because bridge assumes the existence of a container bridge named cbr0.' type: string hostnameOverride: - description: HostnameOverride is the hostname used to identify - the kubelet instead of the actual hostname. + description: HostnameOverride is the hostname used to identify the kubelet instead of the actual hostname. type: string imageGCHighThresholdPercent: - description: ImageGCHighThresholdPercent is the percent of disk - usage after which image garbage collection is always run. + description: ImageGCHighThresholdPercent is the percent of disk usage after which image garbage collection is always run. format: int32 type: integer imageGCLowThresholdPercent: - description: ImageGCLowThresholdPercent is the percent of disk - usage before which image garbage collection is never run. Lowest - disk usage to garbage collect to. + description: ImageGCLowThresholdPercent is the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. format: int32 type: integer imagePullProgressDeadline: - description: ImagePullProgressDeadline is the timeout for image - pulls If no pulling progress is made before this deadline, the - image pulling will be cancelled. (default 1m0s) + description: ImagePullProgressDeadline is the timeout for image pulls If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) type: string kubeReserved: additionalProperties: type: string - description: Resource reservation for kubernetes system daemons - like the kubelet, container runtime, node problem detector, - etc. + description: Resource reservation for kubernetes system daemons like the kubelet, container runtime, node problem detector, etc. type: object kubeReservedCgroup: description: Control group for kube daemons. type: string kubeconfigPath: - description: KubeconfigPath is the path of kubeconfig for the - kubelet + description: KubeconfigPath is the path of kubeconfig for the kubelet type: string kubeletCgroups: - description: KubeletCgroups is the absolute name of cgroups to - isolate the kubelet in. + description: KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. type: string logLevel: description: LogLevel is the logging level of the kubelet format: int32 type: integer maxPods: - description: MaxPods is the number of pods that can run on this - Kubelet. + description: MaxPods is the number of pods that can run on this Kubelet. format: int32 type: integer networkPluginMTU: - description: NetworkPluginMTU is the MTU to be passed to the network - plugin, and overrides the default MTU for cases where it cannot - be automatically computed (such as IPSEC). + description: NetworkPluginMTU is the MTU to be passed to the network plugin, and overrides the default MTU for cases where it cannot be automatically computed (such as IPSEC). format: int32 type: integer networkPluginName: - description: NetworkPluginName is the name of the network plugin - to be invoked for various events in kubelet/pod lifecycle + description: NetworkPluginName is the name of the network plugin to be invoked for various events in kubelet/pod lifecycle type: string nodeLabels: additionalProperties: type: string - description: NodeLabels to add when registering the node in the - cluster. + description: NodeLabels to add when registering the node in the cluster. type: object nodeStatusUpdateFrequency: - description: NodeStatusUpdateFrequency Specifies how often kubelet - posts node status to master (default 10s) must work with nodeMonitorGracePeriod - in KubeControllerManagerConfig. + description: NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. type: string nonMasqueradeCIDR: - description: 'NonMasqueradeCIDR configures masquerading: traffic - to IPs outside this range will use IP masquerade.' + description: 'NonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.' type: string nvidiaGPUs: - description: NvidiaGPUs is the number of NVIDIA GPU devices on - this node. + description: NvidiaGPUs is the number of NVIDIA GPU devices on this node. format: int32 type: integer podCIDR: - description: PodCIDR is the CIDR to use for pod IP addresses, - only used in standalone mode. In cluster mode, this is obtained - from the master. + description: PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. In cluster mode, this is obtained from the master. type: string podInfraContainerImage: - description: PodInfraContainerImage is the image whose network/ipc - containers in each pod will use. + description: PodInfraContainerImage is the image whose network/ipc containers in each pod will use. type: string podManifestPath: - description: config is the path to the config file or directory - of files + description: config is the path to the config file or directory of files type: string protectKernelDefaults: - description: 'Default kubelet behaviour for kernel tuning. If - set, kubelet errors if any of kernel tunables is different than - kubelet defaults. (DEPRECATED: This parameter should be set - via the config file specified by the Kubelet''s --config flag.' + description: 'Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. (DEPRECATED: This parameter should be set via the config file specified by the Kubelet''s --config flag.' type: boolean readOnlyPort: - description: ReadOnlyPort is the port used by the kubelet api - for read-only access (default 10255) + description: ReadOnlyPort is the port used by the kubelet api for read-only access (default 10255) format: int32 type: integer reconcileCIDR: - description: ReconcileCIDR is Reconcile node CIDR with the CIDR - specified by the API server. No-op if register-node or configure-cbr0 - is false. + description: ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the API server. No-op if register-node or configure-cbr0 is false. type: boolean registerNode: - description: RegisterNode enables automatic registration with - the apiserver. + description: RegisterNode enables automatic registration with the apiserver. type: boolean registerSchedulable: - description: registerSchedulable tells the kubelet to register - the node as schedulable. No-op if register-node is false. + description: registerSchedulable tells the kubelet to register the node as schedulable. No-op if register-node is false. type: boolean registryBurst: - description: RegistryBurst Maximum size of a bursty pulls, temporarily - allows pulls to burst to this number, while still not exceeding - registry-qps. Only used if --registry-qps > 0 (default 10) + description: RegistryBurst Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0 (default 10) format: int32 type: integer registryPullQPS: - description: RegistryPullQPS if > 0, limit registry pull QPS to - this value. If 0, unlimited. (default 5) + description: RegistryPullQPS if > 0, limit registry pull QPS to this value. If 0, unlimited. (default 5) format: int32 type: integer requireKubeconfig: description: RequireKubeconfig indicates a kubeconfig is required type: boolean resolvConf: - description: ResolverConfig is the resolver configuration file - used as the basis for the container DNS resolution configuration."), - [] + description: ResolverConfig is the resolver configuration file used as the basis for the container DNS resolution configuration."), [] type: string rootDir: - description: RootDir is the directory path for managing kubelet - files (volume mounts,etc) + description: RootDir is the directory path for managing kubelet files (volume mounts,etc) type: string rotateCertificates: description: rotateCertificates enables client certificate rotation. type: boolean runtimeCgroups: - description: Cgroups that container runtime is expected to be - isolated in. + description: Cgroups that container runtime is expected to be isolated in. type: string runtimeRequestTimeout: - description: RuntimeRequestTimeout is timeout for runtime requests - on - pull, logs, exec and attach + description: RuntimeRequestTimeout is timeout for runtime requests on - pull, logs, exec and attach type: string seccompProfileRoot: - description: SeccompProfileRoot is the directory path for seccomp - profiles. + description: SeccompProfileRoot is the directory path for seccomp profiles. type: string serializeImagePulls: - description: '// SerializeImagePulls when enabled, tells the Kubelet - to pull images one // at a time. We recommend *not* changing - the default value on nodes that // run docker daemon with version < - 1.9 or an Aufs storage backend. // Issue #10959 has more details.' + description: '// SerializeImagePulls when enabled, tells the Kubelet to pull images one // at a time. We recommend *not* changing the default value on nodes that // run docker daemon with version < 1.9 or an Aufs storage backend. // Issue #10959 has more details.' type: boolean streamingConnectionIdleTimeout: - description: StreamingConnectionIdleTimeout is the maximum time - a streaming connection can be idle before the connection is - automatically closed + description: StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed type: string systemCgroups: - description: SystemCgroups is absolute name of cgroups in which - to place all non-kernel processes that are not already in a - container. Empty for no container. Rolling back the flag requires - a reboot. + description: SystemCgroups is absolute name of cgroups in which to place all non-kernel processes that are not already in a container. Empty for no container. Rolling back the flag requires a reboot. type: string systemReserved: additionalProperties: type: string - description: Capture resource reservation for OS system daemons - like sshd, udev, etc. + description: Capture resource reservation for OS system daemons like sshd, udev, etc. type: object systemReservedCgroup: description: Parent control group for OS system daemons. @@ -2240,8 +1734,7 @@ spec: description: 'TODO: Remove unused TLSCertFile' type: string tlsCipherSuites: - description: TLSCipherSuites indicates the allowed TLS cipher - suite + description: TLSCipherSuites indicates the allowed TLS cipher suite items: type: string type: array @@ -2252,80 +1745,60 @@ spec: description: 'TODO: Remove unused TLSPrivateKeyFile' type: string topologyManagerPolicy: - description: TopologyManagerPolicy determines the allocation policy - for the topology manager. + description: TopologyManagerPolicy determines the allocation policy for the topology manager. type: string volumePluginDirectory: - description: The full path of the directory in which to search - for additional third party volume plugins (this path must be - writeable, dependent on your choice of OS) + description: The full path of the directory in which to search for additional third party volume plugins (this path must be writeable, dependent on your choice of OS) type: string volumeStatsAggPeriod: - description: VolumeStatsAggPeriod is the interval for kubelet - to calculate and cache the volume disk usage for all pods and - volumes + description: VolumeStatsAggPeriod is the interval for kubelet to calculate and cache the volume disk usage for all pods and volumes type: string type: object kubernetesApiAccess: - description: KubernetesAPIAccess determines the permitted access to - the API endpoints (master HTTPS) Currently only a single CIDR is - supported (though a richer grammar could be added in future) + description: KubernetesAPIAccess determines the permitted access to the API endpoints (master HTTPS) Currently only a single CIDR is supported (though a richer grammar could be added in future) items: type: string type: array kubernetesVersion: - description: The version of kubernetes to install (optional, and can - be a "spec" like stable) + description: The version of kubernetes to install (optional, and can be a "spec" like stable) type: string masterInternalName: - description: MasterInternalName is the internal DNS name for the master - nodes + description: MasterInternalName is the internal DNS name for the master nodes type: string masterKubelet: description: KubeletConfigSpec defines the kubelet configuration properties: allowPrivileged: - description: AllowPrivileged enables containers to request privileged - mode (defaults to false) + description: AllowPrivileged enables containers to request privileged mode (defaults to false) type: boolean allowedUnsafeSysctls: - description: AllowedUnsafeSysctls are passed to the kubelet config - to whitelist allowable sysctls + description: AllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls items: type: string type: array anonymousAuth: - description: AnonymousAuth permits you to control auth to the - kubelet api + description: AnonymousAuth permits you to control auth to the kubelet api type: boolean apiServers: - description: APIServers is not used for clusters version 1.6 and - later - flag removed + description: APIServers is not used for clusters version 1.6 and later - flag removed type: string authenticationTokenWebhook: - description: AuthenticationTokenWebhook uses the TokenReview API - to determine authentication for bearer tokens. + description: AuthenticationTokenWebhook uses the TokenReview API to determine authentication for bearer tokens. type: boolean authenticationTokenWebhookCacheTtl: - description: AuthenticationTokenWebhook sets the duration to cache - responses from the webhook token authenticator. Default is 2m. - (default 2m0s) + description: AuthenticationTokenWebhook sets the duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s) type: string authorizationMode: - description: AuthorizationMode is the authorization mode the kubelet - is running in + description: AuthorizationMode is the authorization mode the kubelet is running in type: string babysitDaemons: - description: The node has babysitter process monitoring docker - and kubelet. Removed as of 1.7 + description: The node has babysitter process monitoring docker and kubelet. Removed as of 1.7 type: boolean bootstrapKubeconfig: - description: BootstrapKubeconfig is the path to a kubeconfig file - that will be used to get client certificate for kubelet + description: BootstrapKubeconfig is the path to a kubeconfig file that will be used to get client certificate for kubelet type: string cgroupRoot: - description: cgroupRoot is the root cgroup to use for pods. This - is handled by the container runtime on a best effort basis. + description: cgroupRoot is the root cgroup to use for pods. This is handled by the container runtime on a best effort basis. type: string clientCaFile: description: ClientCAFile is the path to a CA certificate @@ -2340,266 +1813,189 @@ spec: description: ClusterDomain is the DNS domain for this cluster type: string configureCbr0: - description: configureCBR0 enables the kubelet to configure cbr0 - based on Node.Spec.PodCIDR. + description: configureCBR0 enables the kubelet to configure cbr0 based on Node.Spec.PodCIDR. type: boolean cpuCFSQuota: - description: CPUCFSQuota enables CPU CFS quota enforcement for - containers that specify CPU limits + description: CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits type: boolean cpuCFSQuotaPeriod: - description: CPUCFSQuotaPeriod sets CPU CFS quota period value, - cpu.cfs_period_us, defaults to Linux Kernel default + description: CPUCFSQuotaPeriod sets CPU CFS quota period value, cpu.cfs_period_us, defaults to Linux Kernel default type: string cpuManagerPolicy: - description: CpuManagerPolicy allows for changing the default - policy of None to static + description: CpuManagerPolicy allows for changing the default policy of None to static type: string dockerDisableSharedPID: - description: DockerDisableSharedPID uses a shared PID namespace - for containers in a pod. + description: DockerDisableSharedPID uses a shared PID namespace for containers in a pod. type: boolean enableCustomMetrics: description: Enable gathering custom metrics. type: boolean enableDebuggingHandlers: - description: EnableDebuggingHandlers enables server endpoints - for log collection and local running of containers and commands + description: EnableDebuggingHandlers enables server endpoints for log collection and local running of containers and commands type: boolean enforceNodeAllocatable: - description: Enforce Allocatable across pods whenever the overall - usage across all pods exceeds Allocatable. + description: Enforce Allocatable across pods whenever the overall usage across all pods exceeds Allocatable. type: string evictionHard: - description: Comma-delimited list of hard eviction expressions. For - example, 'memory.available<300Mi'. + description: Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. type: string evictionMaxPodGracePeriod: - description: Maximum allowed grace period (in seconds) to use - when terminating pods in response to a soft eviction threshold - being met. + description: Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. format: int32 type: integer evictionMinimumReclaim: - description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) - that describes the minimum amount of resource the kubelet will - reclaim when performing a pod eviction if that resource is under - pressure. + description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. type: string evictionPressureTransitionPeriod: - description: Duration for which the kubelet has to wait before - transitioning out of an eviction pressure condition. + description: Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. type: string evictionSoft: - description: Comma-delimited list of soft eviction expressions. For - example, 'memory.available<300Mi'. + description: Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. type: string evictionSoftGracePeriod: - description: Comma-delimited list of grace periods for each soft - eviction signal. For example, 'memory.available=30s'. + description: Comma-delimited list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. type: string experimentalAllowedUnsafeSysctls: - description: ExperimentalAllowedUnsafeSysctls are passed to the - kubelet config to whitelist allowable sysctls Was promoted to - beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 + description: ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 items: type: string type: array failSwapOn: - description: Tells the Kubelet to fail to start if swap is enabled - on the node. + description: Tells the Kubelet to fail to start if swap is enabled on the node. type: boolean featureGates: additionalProperties: type: string - description: FeatureGates is set of key=value pairs that describe - feature gates for alpha/experimental features. + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. type: object hairpinMode: - description: 'How should the kubelet configure the container bridge - for hairpin packets. Setting this flag allows endpoints in a - Service to loadbalance back to themselves if they should try - to access their own Service. Values: "promiscuous-bridge": - make the container bridge promiscuous. "hairpin-veth": set - the hairpin flag on container veth interfaces. "none": do - nothing. Setting --configure-cbr0 to false implies that to achieve - hairpin NAT one must set --hairpin-mode=veth-flag, because bridge - assumes the existence of a container bridge named cbr0.' + description: 'How should the kubelet configure the container bridge for hairpin packets. Setting this flag allows endpoints in a Service to loadbalance back to themselves if they should try to access their own Service. Values: "promiscuous-bridge": make the container bridge promiscuous. "hairpin-veth": set the hairpin flag on container veth interfaces. "none": do nothing. Setting --configure-cbr0 to false implies that to achieve hairpin NAT one must set --hairpin-mode=veth-flag, because bridge assumes the existence of a container bridge named cbr0.' type: string hostnameOverride: - description: HostnameOverride is the hostname used to identify - the kubelet instead of the actual hostname. + description: HostnameOverride is the hostname used to identify the kubelet instead of the actual hostname. type: string imageGCHighThresholdPercent: - description: ImageGCHighThresholdPercent is the percent of disk - usage after which image garbage collection is always run. + description: ImageGCHighThresholdPercent is the percent of disk usage after which image garbage collection is always run. format: int32 type: integer imageGCLowThresholdPercent: - description: ImageGCLowThresholdPercent is the percent of disk - usage before which image garbage collection is never run. Lowest - disk usage to garbage collect to. + description: ImageGCLowThresholdPercent is the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. format: int32 type: integer imagePullProgressDeadline: - description: ImagePullProgressDeadline is the timeout for image - pulls If no pulling progress is made before this deadline, the - image pulling will be cancelled. (default 1m0s) + description: ImagePullProgressDeadline is the timeout for image pulls If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) type: string kubeReserved: additionalProperties: type: string - description: Resource reservation for kubernetes system daemons - like the kubelet, container runtime, node problem detector, - etc. + description: Resource reservation for kubernetes system daemons like the kubelet, container runtime, node problem detector, etc. type: object kubeReservedCgroup: description: Control group for kube daemons. type: string kubeconfigPath: - description: KubeconfigPath is the path of kubeconfig for the - kubelet + description: KubeconfigPath is the path of kubeconfig for the kubelet type: string kubeletCgroups: - description: KubeletCgroups is the absolute name of cgroups to - isolate the kubelet in. + description: KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. type: string logLevel: description: LogLevel is the logging level of the kubelet format: int32 type: integer maxPods: - description: MaxPods is the number of pods that can run on this - Kubelet. + description: MaxPods is the number of pods that can run on this Kubelet. format: int32 type: integer networkPluginMTU: - description: NetworkPluginMTU is the MTU to be passed to the network - plugin, and overrides the default MTU for cases where it cannot - be automatically computed (such as IPSEC). + description: NetworkPluginMTU is the MTU to be passed to the network plugin, and overrides the default MTU for cases where it cannot be automatically computed (such as IPSEC). format: int32 type: integer networkPluginName: - description: NetworkPluginName is the name of the network plugin - to be invoked for various events in kubelet/pod lifecycle + description: NetworkPluginName is the name of the network plugin to be invoked for various events in kubelet/pod lifecycle type: string nodeLabels: additionalProperties: type: string - description: NodeLabels to add when registering the node in the - cluster. + description: NodeLabels to add when registering the node in the cluster. type: object nodeStatusUpdateFrequency: - description: NodeStatusUpdateFrequency Specifies how often kubelet - posts node status to master (default 10s) must work with nodeMonitorGracePeriod - in KubeControllerManagerConfig. + description: NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. type: string nonMasqueradeCIDR: - description: 'NonMasqueradeCIDR configures masquerading: traffic - to IPs outside this range will use IP masquerade.' + description: 'NonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.' type: string nvidiaGPUs: - description: NvidiaGPUs is the number of NVIDIA GPU devices on - this node. + description: NvidiaGPUs is the number of NVIDIA GPU devices on this node. format: int32 type: integer podCIDR: - description: PodCIDR is the CIDR to use for pod IP addresses, - only used in standalone mode. In cluster mode, this is obtained - from the master. + description: PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. In cluster mode, this is obtained from the master. type: string podInfraContainerImage: - description: PodInfraContainerImage is the image whose network/ipc - containers in each pod will use. + description: PodInfraContainerImage is the image whose network/ipc containers in each pod will use. type: string podManifestPath: - description: config is the path to the config file or directory - of files + description: config is the path to the config file or directory of files type: string protectKernelDefaults: - description: 'Default kubelet behaviour for kernel tuning. If - set, kubelet errors if any of kernel tunables is different than - kubelet defaults. (DEPRECATED: This parameter should be set - via the config file specified by the Kubelet''s --config flag.' + description: 'Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. (DEPRECATED: This parameter should be set via the config file specified by the Kubelet''s --config flag.' type: boolean readOnlyPort: - description: ReadOnlyPort is the port used by the kubelet api - for read-only access (default 10255) + description: ReadOnlyPort is the port used by the kubelet api for read-only access (default 10255) format: int32 type: integer reconcileCIDR: - description: ReconcileCIDR is Reconcile node CIDR with the CIDR - specified by the API server. No-op if register-node or configure-cbr0 - is false. + description: ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the API server. No-op if register-node or configure-cbr0 is false. type: boolean registerNode: - description: RegisterNode enables automatic registration with - the apiserver. + description: RegisterNode enables automatic registration with the apiserver. type: boolean registerSchedulable: - description: registerSchedulable tells the kubelet to register - the node as schedulable. No-op if register-node is false. + description: registerSchedulable tells the kubelet to register the node as schedulable. No-op if register-node is false. type: boolean registryBurst: - description: RegistryBurst Maximum size of a bursty pulls, temporarily - allows pulls to burst to this number, while still not exceeding - registry-qps. Only used if --registry-qps > 0 (default 10) + description: RegistryBurst Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0 (default 10) format: int32 type: integer registryPullQPS: - description: RegistryPullQPS if > 0, limit registry pull QPS to - this value. If 0, unlimited. (default 5) + description: RegistryPullQPS if > 0, limit registry pull QPS to this value. If 0, unlimited. (default 5) format: int32 type: integer requireKubeconfig: description: RequireKubeconfig indicates a kubeconfig is required type: boolean resolvConf: - description: ResolverConfig is the resolver configuration file - used as the basis for the container DNS resolution configuration."), - [] + description: ResolverConfig is the resolver configuration file used as the basis for the container DNS resolution configuration."), [] type: string rootDir: - description: RootDir is the directory path for managing kubelet - files (volume mounts,etc) + description: RootDir is the directory path for managing kubelet files (volume mounts,etc) type: string rotateCertificates: description: rotateCertificates enables client certificate rotation. type: boolean runtimeCgroups: - description: Cgroups that container runtime is expected to be - isolated in. + description: Cgroups that container runtime is expected to be isolated in. type: string runtimeRequestTimeout: - description: RuntimeRequestTimeout is timeout for runtime requests - on - pull, logs, exec and attach + description: RuntimeRequestTimeout is timeout for runtime requests on - pull, logs, exec and attach type: string seccompProfileRoot: - description: SeccompProfileRoot is the directory path for seccomp - profiles. + description: SeccompProfileRoot is the directory path for seccomp profiles. type: string serializeImagePulls: - description: '// SerializeImagePulls when enabled, tells the Kubelet - to pull images one // at a time. We recommend *not* changing - the default value on nodes that // run docker daemon with version < - 1.9 or an Aufs storage backend. // Issue #10959 has more details.' + description: '// SerializeImagePulls when enabled, tells the Kubelet to pull images one // at a time. We recommend *not* changing the default value on nodes that // run docker daemon with version < 1.9 or an Aufs storage backend. // Issue #10959 has more details.' type: boolean streamingConnectionIdleTimeout: - description: StreamingConnectionIdleTimeout is the maximum time - a streaming connection can be idle before the connection is - automatically closed + description: StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed type: string systemCgroups: - description: SystemCgroups is absolute name of cgroups in which - to place all non-kernel processes that are not already in a - container. Empty for no container. Rolling back the flag requires - a reboot. + description: SystemCgroups is absolute name of cgroups in which to place all non-kernel processes that are not already in a container. Empty for no container. Rolling back the flag requires a reboot. type: string systemReserved: additionalProperties: type: string - description: Capture resource reservation for OS system daemons - like sshd, udev, etc. + description: Capture resource reservation for OS system daemons like sshd, udev, etc. type: object systemReservedCgroup: description: Parent control group for OS system daemons. @@ -2613,8 +2009,7 @@ spec: description: 'TODO: Remove unused TLSCertFile' type: string tlsCipherSuites: - description: TLSCipherSuites indicates the allowed TLS cipher - suite + description: TLSCipherSuites indicates the allowed TLS cipher suite items: type: string type: array @@ -2625,62 +2020,40 @@ spec: description: 'TODO: Remove unused TLSPrivateKeyFile' type: string topologyManagerPolicy: - description: TopologyManagerPolicy determines the allocation policy - for the topology manager. + description: TopologyManagerPolicy determines the allocation policy for the topology manager. type: string volumePluginDirectory: - description: The full path of the directory in which to search - for additional third party volume plugins (this path must be - writeable, dependent on your choice of OS) + description: The full path of the directory in which to search for additional third party volume plugins (this path must be writeable, dependent on your choice of OS) type: string volumeStatsAggPeriod: - description: VolumeStatsAggPeriod is the interval for kubelet - to calculate and cache the volume disk usage for all pods and - volumes + description: VolumeStatsAggPeriod is the interval for kubelet to calculate and cache the volume disk usage for all pods and volumes type: string type: object masterPublicName: - description: MasterPublicName is the external DNS name for the master - nodes + description: MasterPublicName is the external DNS name for the master nodes type: string networkCIDR: - description: NetworkCIDR is the CIDR used for the AWS VPC / GCE Network, - or otherwise allocated to k8s This is a real CIDR, not the internal - k8s network On AWS, it maps to the VPC CIDR. It is not required - on GCE. + description: NetworkCIDR is the CIDR used for the AWS VPC / GCE Network, or otherwise allocated to k8s This is a real CIDR, not the internal k8s network On AWS, it maps to the VPC CIDR. It is not required on GCE. type: string networkID: - description: NetworkID is an identifier of a network, if we want to - reuse/share an existing network (e.g. an AWS VPC) + description: NetworkID is an identifier of a network, if we want to reuse/share an existing network (e.g. an AWS VPC) type: string networking: description: Networking configuration properties: amazonvpc: - description: AmazonVPCNetworkingSpec declares that we want Amazon - VPC CNI networking + description: AmazonVPCNetworkingSpec declares that we want Amazon VPC CNI networking properties: env: - description: Env is a list of environment variables to set - in the container. + description: Env is a list of environment variables to set in the container. items: - description: EnvVar represents an environment variable present - in a Container. + description: EnvVar represents an environment variable present in a Container. properties: name: - description: Name of the environment variable. Must - be a C_IDENTIFIER. + description: Name of the environment variable. Must be a C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in - the container and any service environment variables. - If a variable cannot be resolved, the reference in - the input string will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to - "".' + description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' type: string required: - name @@ -2691,48 +2064,32 @@ spec: type: string type: object calico: - description: CalicoNetworkingSpec declares that we want Calico - networking + description: CalicoNetworkingSpec declares that we want Calico networking properties: cpuRequest: anyOf: - type: integer - type: string - description: 'CPURequest CPU request of Calico container. - Default: 100m' + description: 'CPURequest CPU request of Calico container. Default: 100m' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true crossSubnet: - description: CrossSubnet enables Calico's cross-subnet mode - when set to true + description: CrossSubnet enables Calico's cross-subnet mode when set to true type: boolean ipipMode: description: IPIPMode is mode for CALICO_IPV4POOL_IPIP type: string iptablesBackend: - description: 'IptablesBackend controls which variant of iptables - binary Felix uses Default: Auto (other options: Legacy, - NFT)' + description: 'IptablesBackend controls which variant of iptables binary Felix uses Default: Auto (other options: Legacy, NFT)' type: string ipv4AutoDetectionMethod: - description: 'IPv4AutoDetectionMethod configures how Calico - chooses the IP address used to route between nodes. This - should be set when the host has multiple interfaces and - it is important to select the interface used. Options: "first-found" - (default), "can-reach=DESTINATION", "interface=INTERFACE-REGEX", - or "skip-interface=INTERFACE-REGEX"' + description: 'IPv4AutoDetectionMethod configures how Calico chooses the IP address used to route between nodes. This should be set when the host has multiple interfaces and it is important to select the interface used. Options: "first-found" (default), "can-reach=DESTINATION", "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"' type: string ipv6AutoDetectionMethod: - description: 'IPv6AutoDetectionMethod configures how Calico - chooses the IP address used to route between nodes. This - should be set when the host has multiple interfaces and - it is important to select the interface used. Options: "first-found" - (default), "can-reach=DESTINATION", "interface=INTERFACE-REGEX", - or "skip-interface=INTERFACE-REGEX"' + description: 'IPv6AutoDetectionMethod configures how Calico chooses the IP address used to route between nodes. This should be set when the host has multiple interfaces and it is important to select the interface used. Options: "first-found" (default), "can-reach=DESTINATION", "interface=INTERFACE-REGEX", or "skip-interface=INTERFACE-REGEX"' type: string logSeverityScreen: - description: 'LogSeverityScreen lets us set the desired log - level. (Default: info)' + description: 'LogSeverityScreen lets us set the desired log level. (Default: info)' type: string majorVersion: description: MajorVersion is the version of Calico to use @@ -2742,36 +2099,27 @@ spec: format: int32 type: integer prometheusGoMetricsEnabled: - description: PrometheusGoMetricsEnabled enables Prometheus - Go runtime metrics collection + description: PrometheusGoMetricsEnabled enables Prometheus Go runtime metrics collection type: boolean prometheusMetricsEnabled: - description: 'PrometheusMetricsEnabled can be set to enable - the experimental Prometheus metrics server (default: false)' + description: 'PrometheusMetricsEnabled can be set to enable the experimental Prometheus metrics server (default: false)' type: boolean prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the - experimental Prometheus metrics server should bind to (default: - 9091)' + description: 'PrometheusMetricsPort is the TCP port that the experimental Prometheus metrics server should bind to (default: 9091)' format: int32 type: integer prometheusProcessMetricsEnabled: - description: PrometheusProcessMetricsEnabled enables Prometheus - process metrics collection + description: PrometheusProcessMetricsEnabled enables Prometheus process metrics collection type: boolean typhaPrometheusMetricsEnabled: - description: 'TyphaPrometheusMetricsEnabled enables Prometheus - metrics collection from Typha (default: false)' + description: 'TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha (default: false)' type: boolean typhaPrometheusMetricsPort: - description: 'TyphaPrometheusMetricsPort is the TCP port the - typha Prometheus metrics server should bind to (default: - 9093)' + description: 'TyphaPrometheusMetricsPort is the TCP port the typha Prometheus metrics server should bind to (default: 9093)' format: int32 type: integer typhaReplicas: - description: TyphaReplicas is the number of replicas of Typha - to deploy + description: TyphaReplicas is the number of replicas of Typha to deploy format: int32 type: integer type: object @@ -2779,490 +2127,352 @@ spec: description: CanalNetworkingSpec declares that we want Canal networking properties: chainInsertMode: - description: 'ChainInsertMode controls whether Felix inserts - rules to the top of iptables chains, or appends to the bottom. - Leaving the default option is safest to prevent accidentally - breaking connectivity. Default: ''insert'' (other options: - ''append'')' + description: 'ChainInsertMode controls whether Felix inserts rules to the top of iptables chains, or appends to the bottom. Leaving the default option is safest to prevent accidentally breaking connectivity. Default: ''insert'' (other options: ''append'')' type: string cpuRequest: anyOf: - type: integer - type: string - description: 'CPURequest CPU request of Canal container. Default: - 100m' + description: 'CPURequest CPU request of Canal container. Default: 100m' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true defaultEndpointToHostAction: - description: 'DefaultEndpointToHostAction allows users to - configure the default behaviour for traffic between pod - to host after calico rules have been processed. Default: - ACCEPT (other options: DROP, RETURN)' + description: 'DefaultEndpointToHostAction allows users to configure the default behaviour for traffic between pod to host after calico rules have been processed. Default: ACCEPT (other options: DROP, RETURN)' type: string disableFlannelForwardRules: - description: DisableFlannelForwardRules configures Flannel - to NOT add the default ACCEPT traffic rules to the iptables - FORWARD chain + description: DisableFlannelForwardRules configures Flannel to NOT add the default ACCEPT traffic rules to the iptables FORWARD chain type: boolean disableTxChecksumOffloading: - description: DisableTxChecksumOffloading is deprecated as - of kops 1.19 and has no effect + description: DisableTxChecksumOffloading is deprecated as of kops 1.19 and has no effect type: boolean iptablesBackend: - description: 'IptablesBackend controls which variant of iptables - binary Felix uses Default: Auto (other options: Legacy, - NFT)' + description: 'IptablesBackend controls which variant of iptables binary Felix uses Default: Auto (other options: Legacy, NFT)' type: string logSeveritySys: - description: 'LogSeveritySys the severity to set for logs - which are sent to syslog Default: INFO (other options: DEBUG, - WARNING, ERROR, CRITICAL, NONE)' + description: 'LogSeveritySys the severity to set for logs which are sent to syslog Default: INFO (other options: DEBUG, WARNING, ERROR, CRITICAL, NONE)' type: string mtu: - description: 'MTU to be set in the cni-network-config (default: - 1500)' + description: 'MTU to be set in the cni-network-config (default: 1500)' format: int32 type: integer prometheusGoMetricsEnabled: - description: PrometheusGoMetricsEnabled enables Prometheus - Go runtime metrics collection + description: PrometheusGoMetricsEnabled enables Prometheus Go runtime metrics collection type: boolean prometheusMetricsEnabled: - description: 'PrometheusMetricsEnabled can be set to enable - the experimental Prometheus metrics server (default: false)' + description: 'PrometheusMetricsEnabled can be set to enable the experimental Prometheus metrics server (default: false)' type: boolean prometheusMetricsPort: - description: 'PrometheusMetricsPort is the TCP port that the - experimental Prometheus metrics server should bind to (default: - 9091)' + description: 'PrometheusMetricsPort is the TCP port that the experimental Prometheus metrics server should bind to (default: 9091)' format: int32 type: integer prometheusProcessMetricsEnabled: - description: PrometheusProcessMetricsEnabled enables Prometheus - process metrics collection + description: PrometheusProcessMetricsEnabled enables Prometheus process metrics collection type: boolean typhaPrometheusMetricsEnabled: - description: 'TyphaPrometheusMetricsEnabled enables Prometheus - metrics collection from Typha (default: false)' + description: 'TyphaPrometheusMetricsEnabled enables Prometheus metrics collection from Typha (default: false)' type: boolean typhaPrometheusMetricsPort: - description: 'TyphaPrometheusMetricsPort is the TCP port the - typha Prometheus metrics server should bind to (default: - 9093)' + description: 'TyphaPrometheusMetricsPort is the TCP port the typha Prometheus metrics server should bind to (default: 9093)' format: int32 type: integer typhaReplicas: - description: TyphaReplicas is the number of replicas of Typha - to deploy + description: TyphaReplicas is the number of replicas of Typha to deploy format: int32 type: integer type: object cilium: - description: CiliumNetworkingSpec declares that we want Cilium - networking + description: CiliumNetworkingSpec declares that we want Cilium networking properties: IPTablesRulesNoinstall: - description: 'IPTablesRulesNoinstall disables installing the - base IPTables rules used for masquerading and kube-proxy. - Default: false' + description: 'IPTablesRulesNoinstall disables installing the base IPTables rules used for masquerading and kube-proxy. Default: false' type: boolean accessLog: - description: AccessLog is not implemented and may be removed - in the future. Setting this has no effect. + description: AccessLog is not implemented and may be removed in the future. Setting this has no effect. type: string agentLabels: - description: AgentLabels is not implemented and may be removed - in the future. Setting this has no effect. + description: AgentLabels is not implemented and may be removed in the future. Setting this has no effect. items: type: string type: array agentPrometheusPort: - description: AgentPrometheusPort is the port to listen to - for Prometheus metrics. Defaults to 9090. + description: AgentPrometheusPort is the port to listen to for Prometheus metrics. Defaults to 9090. type: integer allowLocalhost: - description: AllowLocalhost is not implemented and may be - removed in the future. Setting this has no effect. + description: AllowLocalhost is not implemented and may be removed in the future. Setting this has no effect. type: string autoDirectNodeRoutes: - description: 'AutoDirectNodeRoutes adds automatic L2 routing - between nodes. Default: false' + description: 'AutoDirectNodeRoutes adds automatic L2 routing between nodes. Default: false' type: boolean autoIpv6NodeRoutes: - description: AutoIpv6NodeRoutes is not implemented and may - be removed in the future. Setting this has no effect. + description: AutoIpv6NodeRoutes is not implemented and may be removed in the future. Setting this has no effect. type: boolean bpfCTGlobalAnyMax: - description: 'BPFCTGlobalAnyMax is the maximum number of entries - in the non-TCP CT table. Default: 262144' + description: 'BPFCTGlobalAnyMax is the maximum number of entries in the non-TCP CT table. Default: 262144' type: integer bpfCTGlobalTCPMax: - description: 'BPFCTGlobalTCPMax is the maximum number of entries - in the TCP CT table. Default: 524288' + description: 'BPFCTGlobalTCPMax is the maximum number of entries in the TCP CT table. Default: 524288' type: integer bpfRoot: - description: BPFRoot is not implemented and may be removed - in the future. Setting this has no effect. + description: BPFRoot is not implemented and may be removed in the future. Setting this has no effect. type: string clusterName: - description: ClusterName is the name of the cluster. It is - only relevant when building a mesh of clusters. + description: ClusterName is the name of the cluster. It is only relevant when building a mesh of clusters. type: string cniBinPath: - description: CniBinPath is not implemented and may be removed - in the future. Setting this has no effect. + description: CniBinPath is not implemented and may be removed in the future. Setting this has no effect. type: string containerRuntime: - description: ContainerRuntime is not implemented and may be - removed in the future. Setting this has no effect. + description: ContainerRuntime is not implemented and may be removed in the future. Setting this has no effect. items: type: string type: array containerRuntimeEndpoint: additionalProperties: type: string - description: ContainerRuntimeEndpoint is not implemented and - may be removed in the future. Setting this has no effect. + description: ContainerRuntimeEndpoint is not implemented and may be removed in the future. Setting this has no effect. type: object containerRuntimeLabels: - description: 'ContainerRuntimeLabels enables fetching of container-runtime - labels from the specified container runtime and associating - them with endpoints. Supported values are: "none", "containerd", - "crio", "docker", "auto" As of Cilium 1.7.0, Cilium no longer - fetches information from the container runtime and this - field is ignored. Default: none' + description: 'ContainerRuntimeLabels enables fetching of container-runtime labels from the specified container runtime and associating them with endpoints. Supported values are: "none", "containerd", "crio", "docker", "auto" As of Cilium 1.7.0, Cilium no longer fetches information from the container runtime and this field is ignored. Default: none' type: string debug: description: Debug runs Cilium in debug mode. type: boolean debugVerbose: - description: DebugVerbose is not implemented and may be removed - in the future. Setting this has no effect. + description: DebugVerbose is not implemented and may be removed in the future. Setting this has no effect. items: type: string type: array device: - description: Device is not implemented and may be removed - in the future. Setting this has no effect. + description: Device is not implemented and may be removed in the future. Setting this has no effect. type: string disableConntrack: - description: DisableConntrack is not implemented and may be - removed in the future. Setting this has no effect. + description: DisableConntrack is not implemented and may be removed in the future. Setting this has no effect. type: boolean disableIpv4: - description: 'DisableIpv4 is deprecated: Use EnableIpv4 instead. - Setting this flag has no effect.' + description: 'DisableIpv4 is deprecated: Use EnableIpv4 instead. Setting this flag has no effect.' type: boolean disableK8sServices: - description: DisableK8sServices is not implemented and may - be removed in the future. Setting this has no effect. + description: DisableK8sServices is not implemented and may be removed in the future. Setting this has no effect. type: boolean disableMasquerade: - description: DisableMasquerade disables masquerading traffic - to external destinations behind the node IP. + description: DisableMasquerade disables masquerading traffic to external destinations behind the node IP. type: boolean enableEncryption: - description: 'EnableEncryption enables Cilium Encryption. - Default: false' + description: 'EnableEncryption enables Cilium Encryption. Default: false' type: boolean enableNodePort: - description: 'EnableNodePort replaces kube-proxy with Cilium''s - BPF implementation. Requires spec.kubeProxy.enabled be set - to false. Default: false' + description: 'EnableNodePort replaces kube-proxy with Cilium''s BPF implementation. Requires spec.kubeProxy.enabled be set to false. Default: false' type: boolean enablePolicy: - description: 'EnablePolicy specifies the policy enforcement - mode. "default": Follows Kubernetes policy enforcement. - "always": Cilium restricts all traffic if no policy is in - place. "never": Cilium allows all traffic regardless of - policies in place. If unspecified, "default" policy mode - will be used.' + description: 'EnablePolicy specifies the policy enforcement mode. "default": Follows Kubernetes policy enforcement. "always": Cilium restricts all traffic if no policy is in place. "never": Cilium allows all traffic regardless of policies in place. If unspecified, "default" policy mode will be used.' type: string enablePrometheusMetrics: - description: EnablePrometheusMetrics enables the Cilium "/metrics" - endpoint for both the agent and the operator. + description: EnablePrometheusMetrics enables the Cilium "/metrics" endpoint for both the agent and the operator. type: boolean enableRemoteNodeIdentity: - description: 'EnableRemoteNodeIdentity enables the remote-node-identity - added in Cilium 1.7.0. Default: false' + description: 'EnableRemoteNodeIdentity enables the remote-node-identity added in Cilium 1.7.0. Default: false' type: boolean enableTracing: - description: EnableTracing is not implemented and may be removed - in the future. Setting this has no effect. + description: EnableTracing is not implemented and may be removed in the future. Setting this has no effect. type: boolean enableipv4: - description: EnableIpv4 is not implemented and may be removed - in the future. Setting this has no effect. + description: EnableIpv4 is not implemented and may be removed in the future. Setting this has no effect. type: boolean enableipv6: - description: EnableIpv6 is not implemented and may be removed - in the future. Setting this has no effect. + description: EnableIpv6 is not implemented and may be removed in the future. Setting this has no effect. type: boolean envoyLog: - description: EnvoyLog is not implemented and may be removed - in the future. Setting this has no effect. + description: EnvoyLog is not implemented and may be removed in the future. Setting this has no effect. type: string etcdManaged: - description: 'EtcdManagd installs an additional etcd cluster - that is used for Cilium state change. The cluster is operated - by cilium-etcd-operator. Default: false' + description: 'EtcdManagd installs an additional etcd cluster that is used for Cilium state change. The cluster is operated by cilium-etcd-operator. Default: false' type: boolean hubble: - description: Hubble configures the Hubble service on the Cilium - agent. + description: Hubble configures the Hubble service on the Cilium agent. properties: enabled: - description: Enabled specifies whether Hubble is enabled - on the agent. + description: Enabled specifies whether Hubble is enabled on the agent. type: boolean metrics: - description: Metrics is a list of metrics to collect. - If empty or null, metrics are disabled. See https://docs.cilium.io/en/stable/configuration/metrics/#hubble-exported-metrics + description: Metrics is a list of metrics to collect. If empty or null, metrics are disabled. See https://docs.cilium.io/en/stable/configuration/metrics/#hubble-exported-metrics items: type: string type: array type: object ipam: - description: Ipam specifies the IP address allocation mode - to use. Possible values are "crd" and "eni". "eni" will - use AWS native networking for pods. Eni requires masquerade - to be set to false. "crd" will use CRDs for controlling - IP address management. "hostscope" will use hostscope IPAM - mode. "kubernetes" will use addersing based on node pod - CIDR. Empty value will use host-scope address management. + description: Ipam specifies the IP address allocation mode to use. Possible values are "crd" and "eni". "eni" will use AWS native networking for pods. Eni requires masquerade to be set to false. "crd" will use CRDs for controlling IP address management. "hostscope" will use hostscope IPAM mode. "kubernetes" will use addersing based on node pod CIDR. Empty value will use host-scope address management. type: string ipv4ClusterCidrMaskSize: - description: Ipv4ClusterCIDRMaskSize is not implemented and - may be removed in the future. Setting this has no effect. + description: Ipv4ClusterCIDRMaskSize is not implemented and may be removed in the future. Setting this has no effect. type: integer ipv4Node: - description: Ipv4Node is not implemented and may be removed - in the future. Setting this has no effect. + description: Ipv4Node is not implemented and may be removed in the future. Setting this has no effect. type: string ipv4Range: - description: Ipv4Range is not implemented and may be removed - in the future. Setting this has no effect. + description: Ipv4Range is not implemented and may be removed in the future. Setting this has no effect. type: string ipv4ServiceRange: - description: Ipv4ServiceRange is not implemented and may be - removed in the future. Setting this has no effect. + description: Ipv4ServiceRange is not implemented and may be removed in the future. Setting this has no effect. type: string ipv6ClusterAllocCidr: - description: Ipv6ClusterAllocCidr is not implemented and may - be removed in the future. Setting this has no effect. + description: Ipv6ClusterAllocCidr is not implemented and may be removed in the future. Setting this has no effect. type: string ipv6Node: - description: Ipv6Node is not implemented and may be removed - in the future. Setting this has no effect. + description: Ipv6Node is not implemented and may be removed in the future. Setting this has no effect. type: string ipv6Range: - description: Ipv6Range is not implemented and may be removed - in the future. Setting this has no effect. + description: Ipv6Range is not implemented and may be removed in the future. Setting this has no effect. type: string ipv6ServiceRange: - description: Ipv6ServiceRange is not implemented and may be - removed in the future. Setting this has no effect. + description: Ipv6ServiceRange is not implemented and may be removed in the future. Setting this has no effect. type: string k8sApiServer: - description: K8sAPIServer is not implemented and may be removed - in the future. Setting this has no effect. + description: K8sAPIServer is not implemented and may be removed in the future. Setting this has no effect. type: string k8sKubeconfigPath: - description: K8sKubeconfigPath is not implemented and may - be removed in the future. Setting this has no effect. + description: K8sKubeconfigPath is not implemented and may be removed in the future. Setting this has no effect. type: string keepBpfTemplates: - description: KeepBPFTemplates is not implemented and may be - removed in the future. Setting this has no effect. + description: KeepBPFTemplates is not implemented and may be removed in the future. Setting this has no effect. type: boolean keepConfig: - description: KeepConfig is not implemented and may be removed - in the future. Setting this has no effect. + description: KeepConfig is not implemented and may be removed in the future. Setting this has no effect. type: boolean labelPrefixFile: - description: LabelPrefixFile is not implemented and may be - removed in the future. Setting this has currently no effect + description: LabelPrefixFile is not implemented and may be removed in the future. Setting this has currently no effect type: string labels: - description: Labels is not implemented and may be removed - in the future. Setting this has no effect. + description: Labels is not implemented and may be removed in the future. Setting this has no effect. items: type: string type: array lb: - description: LB is not implemented and may be removed in the - future. Setting this has no effect. + description: LB is not implemented and may be removed in the future. Setting this has no effect. type: string libDir: - description: LibDir is not implemented and may be removed - in the future. Setting this has no effect. + description: LibDir is not implemented and may be removed in the future. Setting this has no effect. type: string logDriver: - description: LogDrivers is not implemented and may be removed - in the future. Setting this has no effect. + description: LogDrivers is not implemented and may be removed in the future. Setting this has no effect. items: type: string type: array logOpt: additionalProperties: type: string - description: LogOpt is not implemented and may be removed - in the future. Setting this has no effect. + description: LogOpt is not implemented and may be removed in the future. Setting this has no effect. type: object logstash: - description: Logstash is not implemented and may be removed - in the future. Setting this has no effect. + description: Logstash is not implemented and may be removed in the future. Setting this has no effect. type: boolean logstashAgent: - description: LogstashAgent is not implemented and may be removed - in the future. Setting this has no effect. + description: LogstashAgent is not implemented and may be removed in the future. Setting this has no effect. type: string logstashProbeTimer: - description: LogstashProbeTimer is not implemented and may - be removed in the future. Setting this has no effect. + description: LogstashProbeTimer is not implemented and may be removed in the future. Setting this has no effect. format: int32 type: integer monitorAggregation: - description: 'MonitorAggregation sets the level of packet - monitoring. Possible values are "low", "medium", or "maximum". - Default: medium' + description: 'MonitorAggregation sets the level of packet monitoring. Possible values are "low", "medium", or "maximum". Default: medium' type: string nat46Range: - description: Nat6Range is not implemented and may be removed - in the future. Setting this has no effect. + description: Nat6Range is not implemented and may be removed in the future. Setting this has no effect. type: string nodeInitBootstrapFile: - description: NodeInitBootstrapFile is not implemented and - may be removed in the future. Setting this has no effect. + description: NodeInitBootstrapFile is not implemented and may be removed in the future. Setting this has no effect. type: string pprof: - description: Pprof is not implemented and may be removed in - the future. Setting this has no effect. + description: Pprof is not implemented and may be removed in the future. Setting this has no effect. type: boolean preallocateBPFMaps: - description: 'PreallocateBPFMaps reduces the per-packet latency - at the expense of up-front memory allocation. Default: true' + description: 'PreallocateBPFMaps reduces the per-packet latency at the expense of up-front memory allocation. Default: true' type: boolean prefilterDevice: - description: PrefilterDevice is not implemented and may be - removed in the future. Setting this has no effect. + description: PrefilterDevice is not implemented and may be removed in the future. Setting this has no effect. type: string prometheusServeAddr: - description: PrometheusServeAddr is deprecated. Use EnablePrometheusMetrics - and AgentPrometheusPort instead. Setting this has no effect. + description: PrometheusServeAddr is deprecated. Use EnablePrometheusMetrics and AgentPrometheusPort instead. Setting this has no effect. type: string reconfigureKubelet: - description: ReconfigureKubelet is not implemented and may - be removed in the future. Setting this has no effect. + description: ReconfigureKubelet is not implemented and may be removed in the future. Setting this has no effect. type: boolean removeCbrBridge: - description: RemoveCbrBridge is not implemented and may be - removed in the future. Setting this has no effect. + description: RemoveCbrBridge is not implemented and may be removed in the future. Setting this has no effect. type: boolean restartPods: - description: RestartPods is not implemented and may be removed - in the future. Setting this has no effect. + description: RestartPods is not implemented and may be removed in the future. Setting this has no effect. type: boolean restore: - description: Restore is not implemented and may be removed - in the future. Setting this has no effect. + description: Restore is not implemented and may be removed in the future. Setting this has no effect. type: boolean sidecarIstioProxyImage: - description: 'SidecarIstioProxyImage is the regular expression - matching compatible Istio sidecar istio-proxy container - image names. Default: cilium/istio_proxy' + description: 'SidecarIstioProxyImage is the regular expression matching compatible Istio sidecar istio-proxy container image names. Default: cilium/istio_proxy' type: string singleClusterRoute: - description: SingleClusterRoute is not implemented and may - be removed in the future. Setting this has no effect. + description: SingleClusterRoute is not implemented and may be removed in the future. Setting this has no effect. type: boolean socketPath: - description: SocketPath is not implemented and may be removed - in the future. Setting this has no effect. + description: SocketPath is not implemented and may be removed in the future. Setting this has no effect. type: string stateDir: - description: StateDir is not implemented and may be removed - in the future. Setting this has no effect. + description: StateDir is not implemented and may be removed in the future. Setting this has no effect. type: string toFqdnsDnsRejectResponseCode: - description: 'ToFqdnsDNSRejectResponseCode sets the DNS response - code for rejecting DNS requests. Possible values are "nameError" - or "refused". Default: refused' + description: 'ToFqdnsDNSRejectResponseCode sets the DNS response code for rejecting DNS requests. Possible values are "nameError" or "refused". Default: refused' type: string toFqdnsEnablePoller: - description: 'ToFqdnsEnablePoller replaces the DNS proxy-based - implementation of FQDN policies with the less powerful legacy - implementation. Default: false' + description: 'ToFqdnsEnablePoller replaces the DNS proxy-based implementation of FQDN policies with the less powerful legacy implementation. Default: false' type: boolean tracePayloadlen: - description: TracePayloadLen is not implemented and may be - removed in the future. Setting this has no effect. + description: TracePayloadLen is not implemented and may be removed in the future. Setting this has no effect. type: integer tunnel: - description: 'Tunnel specifies the Cilium tunnelling mode. - Possible values are "vxlan", "geneve", or "disabled". Default: - vxlan' + description: 'Tunnel specifies the Cilium tunnelling mode. Possible values are "vxlan", "geneve", or "disabled". Default: vxlan' type: string version: - description: Version is the version of the Cilium agent and - the Cilium Operator. + description: Version is the version of the Cilium agent and the Cilium Operator. type: string type: object classic: - description: ClassicNetworkingSpec is the specification of classic - networking mode, integrated into kubernetes. Support been removed - since kubernetes 1.4. + description: ClassicNetworkingSpec is the specification of classic networking mode, integrated into kubernetes. Support been removed since kubernetes 1.4. type: object cni: - description: CNINetworkingSpec is the specification for networking - that is implemented by a user-provided Daemonset, which uses - the CNI kubelet networking plugin. + description: CNINetworkingSpec is the specification for networking that is implemented by a user-provided Daemonset, which uses the CNI kubelet networking plugin. properties: usesSecondaryIP: type: boolean type: object external: - description: ExternalNetworkingSpec is the specification for networking - that is implemented by a user-provided Daemonset that uses the - Kubenet kubelet networking plugin. + description: ExternalNetworkingSpec is the specification for networking that is implemented by a user-provided Daemonset that uses the Kubenet kubelet networking plugin. type: object flannel: - description: FlannelNetworkingSpec declares that we want Flannel - networking + description: FlannelNetworkingSpec declares that we want Flannel networking properties: backend: - description: Backend is the backend overlay type we want to - use (vxlan or udp) + description: Backend is the backend overlay type we want to use (vxlan or udp) type: string disableTxChecksumOffloading: - description: DisableTxChecksumOffloading is deprecated as - of kops 1.19 and has no effect + description: DisableTxChecksumOffloading is deprecated as of kops 1.19 and has no effect type: boolean iptablesResyncSeconds: - description: IptablesResyncSeconds sets resync period for - iptables rules, in seconds + description: IptablesResyncSeconds sets resync period for iptables rules, in seconds format: int32 type: integer type: object gce: - description: GCENetworkingSpec is the specification of GCE's native - networking mode, using IP aliases + description: GCENetworkingSpec is the specification of GCE's native networking mode, using IP aliases type: object kopeio: - description: KopeioNetworkingSpec declares that we want Kopeio - networking + description: KopeioNetworkingSpec declares that we want Kopeio networking type: object kubenet: - description: KubenetNetworkingSpec is the specification for kubenet - networking, largely integrated but intended to replace classic + description: KubenetNetworkingSpec is the specification for kubenet networking, largely integrated but intended to replace classic type: object kuberouter: - description: KuberouterNetworkingSpec declares that we want Kube-router - networking + description: KuberouterNetworkingSpec declares that we want Kube-router networking type: object lyftvpc: - description: LyftIpVlanNetworkingSpec declares that we want to - use the cni-ipvlan-vpc-k8s CNI networking + description: LyftIpVlanNetworkingSpec declares that we want to use the cni-ipvlan-vpc-k8s CNI networking properties: subnetTags: additionalProperties: @@ -3270,17 +2480,13 @@ spec: type: object type: object romana: - description: RomanaNetworkingSpec declares that we want Romana - networking Romana is deprecated as of kops 1.18 and removed - as of kops 1.19 + description: RomanaNetworkingSpec declares that we want Romana networking Romana is deprecated as of kops 1.18 and removed as of kops 1.19 properties: daemonServiceIP: - description: DaemonServiceIP is the Kubernetes Service IP - for the romana-daemon pod + description: DaemonServiceIP is the Kubernetes Service IP for the romana-daemon pod type: string etcdServiceIP: - description: EtcdServiceIP is the Kubernetes Service IP for - the etcd backend used by Romana + description: EtcdServiceIP is the Kubernetes Service IP for the etcd backend used by Romana type: string type: object weave: @@ -3300,32 +2506,28 @@ spec: anyOf: - type: integer - type: string - description: CPURequest CPU request of weave container. Default - 50m + description: CPURequest CPU request of weave container. Default 50m pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memoryLimit: anyOf: - type: integer - type: string - description: MemoryLimit memory limit of weave container. - Default 200Mi + description: MemoryLimit memory limit of weave container. Default 200Mi pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memoryRequest: anyOf: - type: integer - type: string - description: MemoryRequest memory request of weave container. - Default 200Mi + description: MemoryRequest memory request of weave container. Default 200Mi pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true mtu: format: int32 type: integer netExtraArgs: - description: NetExtraArgs are extra arguments that are passed - to weave-kube. + description: NetExtraArgs are extra arguments that are passed to weave-kube. type: string noMasqLocal: format: int32 @@ -3341,46 +2543,39 @@ spec: anyOf: - type: integer - type: string - description: NPCCPURequest CPU request of weave npc container. - Default 50m + description: NPCCPURequest CPU request of weave npc container. Default 50m pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true npcExtraArgs: - description: NPCExtraArgs are extra arguments that are passed - to weave-npc. + description: NPCExtraArgs are extra arguments that are passed to weave-npc. type: string npcMemoryLimit: anyOf: - type: integer - type: string - description: NPCMemoryLimit memory limit of weave npc container. - Default 200Mi + description: NPCMemoryLimit memory limit of weave npc container. Default 200Mi pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true npcMemoryRequest: anyOf: - type: integer - type: string - description: NPCMemoryRequest memory request of weave npc - container. Default 200Mi + description: NPCMemoryRequest memory request of weave npc container. Default 200Mi pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object nodeAuthorization: - description: NodeAuthorization defined the custom node authorization - configuration + description: NodeAuthorization defined the custom node authorization configuration properties: nodeAuthorizer: - description: NodeAuthorizer defined the configuration for the - node authorizer + description: NodeAuthorizer defined the configuration for the node authorizer properties: authorizer: description: Authorizer is the authorizer to use type: string features: - description: Features is a series of authorizer features to - enable or disable + description: Features is a series of authorizer features to enable or disable items: type: string type: array @@ -3388,15 +2583,13 @@ spec: description: Image is the location of container type: string interval: - description: Interval the time between retires for authorization - request + description: Interval the time between retires for authorization request type: string nodeURL: description: NodeURL is the node authorization service url type: string port: - description: Port is the port the service is running on the - master + description: Port is the port the service is running on the master type: integer timeout: description: Timeout the max time for authorization request @@ -3407,73 +2600,46 @@ spec: type: object type: object nodePortAccess: - description: NodePortAccess is a list of the CIDRs that can access - the node ports range (30000-32767). + description: NodePortAccess is a list of the CIDRs that can access the node ports range (30000-32767). items: type: string type: array nonMasqueradeCIDR: - description: MasterIPRange string `json:",omitempty"` - NonMasqueradeCIDR is the CIDR for the internal k8s network (on which - pods & services live) It cannot overlap ServiceClusterIPRange + description: MasterIPRange string `json:",omitempty"` NonMasqueradeCIDR is the CIDR for the internal k8s network (on which pods & services live) It cannot overlap ServiceClusterIPRange type: string podCIDR: description: PodCIDR is the CIDR from which we allocate IPs for pods type: string project: - description: Project is the cloud project we should use, required - on GCE + description: Project is the cloud project we should use, required on GCE type: string rollingUpdate: - description: RollingUpdate defines the default rolling-update settings - for instance groups + description: RollingUpdate defines the default rolling-update settings for instance groups properties: drainAndTerminate: - description: DrainAndTerminate enables draining and terminating - nodes during rolling updates. Defaults to true. + description: DrainAndTerminate enables draining and terminating nodes during rolling updates. Defaults to true. type: boolean maxSurge: anyOf: - type: integer - type: string - description: 'MaxSurge is the maximum number of extra nodes that - can be created during the update. The value can be an absolute - number (for example 5) or a percentage of desired machines (for - example 10%). The absolute number is calculated from a percentage - by rounding up. Has no effect on instance groups with role "Master". - Defaults to 1 on AWS, 0 otherwise. Example: when this is set - to 30%, the InstanceGroup can be scaled up immediately when - the rolling update starts, such that the total number of old - and new nodes do not exceed 130% of desired nodes.' + description: 'MaxSurge is the maximum number of extra nodes that can be created during the update. The value can be an absolute number (for example 5) or a percentage of desired machines (for example 10%). The absolute number is calculated from a percentage by rounding up. Has no effect on instance groups with role "Master". Defaults to 1 on AWS, 0 otherwise. Example: when this is set to 30%, the InstanceGroup can be scaled up immediately when the rolling update starts, such that the total number of old and new nodes do not exceed 130% of desired nodes.' x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: integer - type: string - description: 'MaxUnavailable is the maximum number of nodes that - can be unavailable during the update. The value can be an absolute - number (for example 5) or a percentage of desired nodes (for - example 10%). The absolute number is calculated from a percentage - by rounding down. Defaults to 1 if MaxSurge is 0, otherwise - defaults to 0. Example: when this is set to 30%, the InstanceGroup - can be scaled down to 70% of desired nodes immediately when - the rolling update starts. Once new nodes are ready, more old - nodes can be drained, ensuring that the total number of nodes - available at all times during the update is at least 70% of - desired nodes.' + description: 'MaxUnavailable is the maximum number of nodes that can be unavailable during the update. The value can be an absolute number (for example 5) or a percentage of desired nodes (for example 10%). The absolute number is calculated from a percentage by rounding down. Defaults to 1 if MaxSurge is 0, otherwise defaults to 0. Example: when this is set to 30%, the InstanceGroup can be scaled down to 70% of desired nodes immediately when the rolling update starts. Once new nodes are ready, more old nodes can be drained, ensuring that the total number of nodes available at all times during the update is at least 70% of desired nodes.' x-kubernetes-int-or-string: true type: object secretStore: description: SecretStore is the VFS path to where secrets are stored type: string serviceClusterIPRange: - description: ServiceClusterIPRange is the CIDR, from the internal - network, where we allocate IPs for services + description: ServiceClusterIPRange is the CIDR, from the internal network, where we allocate IPs for services type: string sshAccess: - description: SSHAccess determines the permitted access to SSH Currently - only a single CIDR is supported (though a richer grammar could be - added in future) + description: SSHAccess determines the permitted access to SSH Currently only a single CIDR is supported (though a richer grammar could be added in future) items: type: string type: array @@ -3487,12 +2653,10 @@ spec: cidr: type: string egress: - description: Egress defines the method of traffic egress for - this subnet + description: Egress defines the method of traffic egress for this subnet type: string id: - description: ProviderID is the cloud provider id for the objects - associated with the zone (the subnet on AWS) + description: ProviderID is the cloud provider id for the objects associated with the zone (the subnet on AWS) type: string name: type: string @@ -3500,60 +2664,44 @@ spec: description: PublicIP to attach to NatGateway type: string region: - description: Region is the region the subnet is in, set for - subnets that are regionally scoped + description: Region is the region the subnet is in, set for subnets that are regionally scoped type: string type: - description: SubnetType string describes subnet types (public, - private, utility) + description: SubnetType string describes subnet types (public, private, utility) type: string zone: - description: Zone is the zone the subnet is in, set for subnets - that are zonally scoped + description: Zone is the zone the subnet is in, set for subnets that are zonally scoped type: string type: object type: array sysctlParameters: - description: SysctlParameters will configure kernel parameters using - sysctl(8). When specified, each parameter must follow the form variable=value, - the way it would appear in sysctl.conf. + description: SysctlParameters will configure kernel parameters using sysctl(8). When specified, each parameter must follow the form variable=value, the way it would appear in sysctl.conf. items: type: string type: array target: - description: Target allows for us to nest extra config for targets - such as terraform + description: Target allows for us to nest extra config for targets such as terraform properties: terraform: - description: TerraformSpec allows us to specify terraform config - in an extensible way + description: TerraformSpec allows us to specify terraform config in an extensible way properties: providerExtraConfig: additionalProperties: type: string - description: ProviderExtraConfig contains key/value pairs - to add to the rendered terraform "provider" block + description: ProviderExtraConfig contains key/value pairs to add to the rendered terraform "provider" block type: object type: object type: object topology: - description: Topology defines the type of network topology to use - on the cluster - default public This is heavily weighted towards - AWS for the time being, but should also be agnostic enough to port - out to GCE later if needed + description: Topology defines the type of network topology to use on the cluster - default public This is heavily weighted towards AWS for the time being, but should also be agnostic enough to port out to GCE later if needed properties: bastion: - description: Bastion provide an external facing point of entry - into a network containing private network instances. This host - can provide a single point of fortification or audit and can - be started and stopped to enable or disable inbound SSH communication - from the Internet, some call bastion as the "jump server". + description: Bastion provide an external facing point of entry into a network containing private network instances. This host can provide a single point of fortification or audit and can be started and stopped to enable or disable inbound SSH communication from the Internet, some call bastion as the "jump server". properties: bastionPublicName: type: string idleTimeoutSeconds: - description: IdleTimeoutSeconds is the bastion's Loadbalancer - idle timeout + description: IdleTimeoutSeconds is the bastion's Loadbalancer idle timeout format: int64 type: integer loadBalancer: @@ -3565,32 +2713,23 @@ spec: type: object type: object dns: - description: DNS configures options relating to DNS, in particular - whether we use a public or a private hosted zone + description: DNS configures options relating to DNS, in particular whether we use a public or a private hosted zone properties: type: type: string type: object masters: - description: The environment to launch the Kubernetes masters - in public|private + description: The environment to launch the Kubernetes masters in public|private type: string nodes: - description: The environment to launch the Kubernetes nodes in - public|private + description: The environment to launch the Kubernetes nodes in public|private type: string type: object updatePolicy: - description: 'UpdatePolicy determines the policy for applying upgrades - automatically. Valid values: ''external'' do not apply updates - automatically - they are applied manually or by an external system missing: - default policy (currently OS security upgrades that do not require - a reboot)' + description: 'UpdatePolicy determines the policy for applying upgrades automatically. Valid values: ''external'' do not apply updates automatically - they are applied manually or by an external system missing: default policy (currently OS security upgrades that do not require a reboot)' type: string useHostCertificates: - description: UseHostCertificates will mount /etc/ssl/certs to inside - needed containers. This is needed if some APIs do have self-signed - certs + description: UseHostCertificates will mount /etc/ssl/certs to inside needed containers. This is needed if some APIs do have self-signed certs type: boolean type: object type: object diff --git a/k8s/crds/kops.k8s.io_instancegroups.yaml b/k8s/crds/kops.k8s.io_instancegroups.yaml index 50336d4d45..bf3fdf878a 100644 --- a/k8s/crds/kops.k8s.io_instancegroups.yaml +++ b/k8s/crds/kops.k8s.io_instancegroups.yaml @@ -42,18 +42,13 @@ spec: name: v1alpha2 schema: openAPIV3Schema: - description: InstanceGroup represents a group of instances (either nodes or - masters) with the same configuration + description: InstanceGroup represents a group of instances (either nodes or masters) with the same configuration properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -61,14 +56,12 @@ spec: description: InstanceGroupSpec is the specification for an instanceGroup properties: additionalSecurityGroups: - description: AdditionalSecurityGroups attaches additional security - groups (e.g. i-123456) + description: AdditionalSecurityGroups attaches additional security groups (e.g. i-123456) items: type: string type: array additionalUserData: - description: AdditionalUserData is any additional user-data to be - passed to the host + description: AdditionalUserData is any additional user-data to be passed to the host items: description: UserData defines a user-data section properties: @@ -84,38 +77,31 @@ spec: type: object type: array associatePublicIp: - description: AssociatePublicIP is true if we want instances to have - a public IP + description: AssociatePublicIP is true if we want instances to have a public IP type: boolean cloudLabels: additionalProperties: type: string - description: CloudLabels indicates the labels for instances in this - group, at the AWS level + description: CloudLabels indicates the labels for instances in this group, at the AWS level type: object detailedInstanceMonitoring: - description: DetailedInstanceMonitoring defines if detailed-monitoring - is enabled (AWS only) + description: DetailedInstanceMonitoring defines if detailed-monitoring is enabled (AWS only) type: boolean externalLoadBalancers: - description: ExternalLoadBalancers define loadbalancers that should - be attached to the instancegroup + description: ExternalLoadBalancers define loadbalancers that should be attached to the instancegroup items: description: LoadBalancer defines a load balancer properties: loadBalancerName: - description: LoadBalancerName to associate with this instance - group (AWS ELB) + description: LoadBalancerName to associate with this instance group (AWS ELB) type: string targetGroupArn: - description: TargetGroupARN to associate with this instance - group (AWS ALB/NLB) + description: TargetGroupARN to associate with this instance group (AWS ALB/NLB) type: string type: object type: array fileAssets: - description: FileAssets is a collection of file assets for this instance - group + description: FileAssets is a collection of file assets for this instance group items: description: FileAssetSpec defines the structure for a file asset properties: @@ -132,45 +118,38 @@ spec: description: Path is the location this file should reside type: string roles: - description: Roles is a list of roles the file asset should - be applied, defaults to all + description: Roles is a list of roles the file asset should be applied, defaults to all items: - description: InstanceGroupRole string describes the roles - of the nodes in this InstanceGroup (master or nodes) + description: InstanceGroupRole string describes the roles of the nodes in this InstanceGroup (master or nodes) type: string type: array type: object type: array hooks: - description: 'Hooks is a list of hooks for this instanceGroup, note: - these can override the cluster wide ones if required' + description: 'Hooks is a list of hooks for this instanceGroup, note: these can override the cluster wide ones if required' items: description: HookSpec is a definition hook properties: before: - description: Before is a series of systemd units which this - hook must run before + description: Before is a series of systemd units which this hook must run before items: type: string type: array disabled: - description: Disabled indicates if you want the unit switched - off + description: Disabled indicates if you want the unit switched off type: boolean execContainer: description: ExecContainer is the image itself properties: command: - description: Command is the command supplied to the above - image + description: Command is the command supplied to the above image items: type: string type: array environment: additionalProperties: type: string - description: Environment is a map of environment variables - added to the hook + description: Environment is a map of environment variables added to the hook type: object image: description: Image is the docker image @@ -180,96 +159,74 @@ spec: description: Manifest is a raw systemd unit file type: string name: - description: Name is an optional name for the hook, otherwise - the name is kops-hook- + description: Name is an optional name for the hook, otherwise the name is kops-hook- type: string requires: - description: Requires is a series of systemd units the action - requires + description: Requires is a series of systemd units the action requires items: type: string type: array roles: - description: Roles is an optional list of roles the hook should - be rolled out to, defaults to all + description: Roles is an optional list of roles the hook should be rolled out to, defaults to all items: - description: InstanceGroupRole string describes the roles - of the nodes in this InstanceGroup (master or nodes) + description: InstanceGroupRole string describes the roles of the nodes in this InstanceGroup (master or nodes) type: string type: array useRawManifest: - description: UseRawManifest indicates that the contents of Manifest - should be used as the contents of the systemd unit, unmodified. - Before and Requires are ignored when used together with this - value (and validation shouldn't allow them to be set) + description: UseRawManifest indicates that the contents of Manifest should be used as the contents of the systemd unit, unmodified. Before and Requires are ignored when used together with this value (and validation shouldn't allow them to be set) type: boolean type: object type: array iam: - description: IAMProfileSpec defines the identity of the cloud group - IAM profile (AWS only). + description: IAMProfileSpec defines the identity of the cloud group IAM profile (AWS only). properties: profile: - description: Profile of the cloud group IAM profile. In aws this - is the arn for the iam instance profile + description: Profile of the cloud group IAM profile. In aws this is the arn for the iam instance profile type: string type: object image: description: Image is the instance (ami etc) we should use type: string instanceInterruptionBehavior: - description: InstanceInterruptionBehavior defines if a spot instance - should be terminated, hibernated, or stopped after interruption + description: InstanceInterruptionBehavior defines if a spot instance should be terminated, hibernated, or stopped after interruption type: string instanceProtection: - description: InstanceProtection makes new instances in an autoscaling - group protected from scale in + description: InstanceProtection makes new instances in an autoscaling group protected from scale in type: boolean kubelet: description: Kubelet overrides kubelet config from the ClusterSpec properties: allowPrivileged: - description: AllowPrivileged enables containers to request privileged - mode (defaults to false) + description: AllowPrivileged enables containers to request privileged mode (defaults to false) type: boolean allowedUnsafeSysctls: - description: AllowedUnsafeSysctls are passed to the kubelet config - to whitelist allowable sysctls + description: AllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls items: type: string type: array anonymousAuth: - description: AnonymousAuth permits you to control auth to the - kubelet api + description: AnonymousAuth permits you to control auth to the kubelet api type: boolean apiServers: - description: APIServers is not used for clusters version 1.6 and - later - flag removed + description: APIServers is not used for clusters version 1.6 and later - flag removed type: string authenticationTokenWebhook: - description: AuthenticationTokenWebhook uses the TokenReview API - to determine authentication for bearer tokens. + description: AuthenticationTokenWebhook uses the TokenReview API to determine authentication for bearer tokens. type: boolean authenticationTokenWebhookCacheTtl: - description: AuthenticationTokenWebhook sets the duration to cache - responses from the webhook token authenticator. Default is 2m. - (default 2m0s) + description: AuthenticationTokenWebhook sets the duration to cache responses from the webhook token authenticator. Default is 2m. (default 2m0s) type: string authorizationMode: - description: AuthorizationMode is the authorization mode the kubelet - is running in + description: AuthorizationMode is the authorization mode the kubelet is running in type: string babysitDaemons: - description: The node has babysitter process monitoring docker - and kubelet. Removed as of 1.7 + description: The node has babysitter process monitoring docker and kubelet. Removed as of 1.7 type: boolean bootstrapKubeconfig: - description: BootstrapKubeconfig is the path to a kubeconfig file - that will be used to get client certificate for kubelet + description: BootstrapKubeconfig is the path to a kubeconfig file that will be used to get client certificate for kubelet type: string cgroupRoot: - description: cgroupRoot is the root cgroup to use for pods. This - is handled by the container runtime on a best effort basis. + description: cgroupRoot is the root cgroup to use for pods. This is handled by the container runtime on a best effort basis. type: string clientCaFile: description: ClientCAFile is the path to a CA certificate @@ -284,266 +241,189 @@ spec: description: ClusterDomain is the DNS domain for this cluster type: string configureCbr0: - description: configureCBR0 enables the kubelet to configure cbr0 - based on Node.Spec.PodCIDR. + description: configureCBR0 enables the kubelet to configure cbr0 based on Node.Spec.PodCIDR. type: boolean cpuCFSQuota: - description: CPUCFSQuota enables CPU CFS quota enforcement for - containers that specify CPU limits + description: CPUCFSQuota enables CPU CFS quota enforcement for containers that specify CPU limits type: boolean cpuCFSQuotaPeriod: - description: CPUCFSQuotaPeriod sets CPU CFS quota period value, - cpu.cfs_period_us, defaults to Linux Kernel default + description: CPUCFSQuotaPeriod sets CPU CFS quota period value, cpu.cfs_period_us, defaults to Linux Kernel default type: string cpuManagerPolicy: - description: CpuManagerPolicy allows for changing the default - policy of None to static + description: CpuManagerPolicy allows for changing the default policy of None to static type: string dockerDisableSharedPID: - description: DockerDisableSharedPID uses a shared PID namespace - for containers in a pod. + description: DockerDisableSharedPID uses a shared PID namespace for containers in a pod. type: boolean enableCustomMetrics: description: Enable gathering custom metrics. type: boolean enableDebuggingHandlers: - description: EnableDebuggingHandlers enables server endpoints - for log collection and local running of containers and commands + description: EnableDebuggingHandlers enables server endpoints for log collection and local running of containers and commands type: boolean enforceNodeAllocatable: - description: Enforce Allocatable across pods whenever the overall - usage across all pods exceeds Allocatable. + description: Enforce Allocatable across pods whenever the overall usage across all pods exceeds Allocatable. type: string evictionHard: - description: Comma-delimited list of hard eviction expressions. For - example, 'memory.available<300Mi'. + description: Comma-delimited list of hard eviction expressions. For example, 'memory.available<300Mi'. type: string evictionMaxPodGracePeriod: - description: Maximum allowed grace period (in seconds) to use - when terminating pods in response to a soft eviction threshold - being met. + description: Maximum allowed grace period (in seconds) to use when terminating pods in response to a soft eviction threshold being met. format: int32 type: integer evictionMinimumReclaim: - description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) - that describes the minimum amount of resource the kubelet will - reclaim when performing a pod eviction if that resource is under - pressure. + description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi) that describes the minimum amount of resource the kubelet will reclaim when performing a pod eviction if that resource is under pressure. type: string evictionPressureTransitionPeriod: - description: Duration for which the kubelet has to wait before - transitioning out of an eviction pressure condition. + description: Duration for which the kubelet has to wait before transitioning out of an eviction pressure condition. type: string evictionSoft: - description: Comma-delimited list of soft eviction expressions. For - example, 'memory.available<300Mi'. + description: Comma-delimited list of soft eviction expressions. For example, 'memory.available<300Mi'. type: string evictionSoftGracePeriod: - description: Comma-delimited list of grace periods for each soft - eviction signal. For example, 'memory.available=30s'. + description: Comma-delimited list of grace periods for each soft eviction signal. For example, 'memory.available=30s'. type: string experimentalAllowedUnsafeSysctls: - description: ExperimentalAllowedUnsafeSysctls are passed to the - kubelet config to whitelist allowable sysctls Was promoted to - beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 + description: ExperimentalAllowedUnsafeSysctls are passed to the kubelet config to whitelist allowable sysctls Was promoted to beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717 items: type: string type: array failSwapOn: - description: Tells the Kubelet to fail to start if swap is enabled - on the node. + description: Tells the Kubelet to fail to start if swap is enabled on the node. type: boolean featureGates: additionalProperties: type: string - description: FeatureGates is set of key=value pairs that describe - feature gates for alpha/experimental features. + description: FeatureGates is set of key=value pairs that describe feature gates for alpha/experimental features. type: object hairpinMode: - description: 'How should the kubelet configure the container bridge - for hairpin packets. Setting this flag allows endpoints in a - Service to loadbalance back to themselves if they should try - to access their own Service. Values: "promiscuous-bridge": - make the container bridge promiscuous. "hairpin-veth": set - the hairpin flag on container veth interfaces. "none": do - nothing. Setting --configure-cbr0 to false implies that to achieve - hairpin NAT one must set --hairpin-mode=veth-flag, because bridge - assumes the existence of a container bridge named cbr0.' + description: 'How should the kubelet configure the container bridge for hairpin packets. Setting this flag allows endpoints in a Service to loadbalance back to themselves if they should try to access their own Service. Values: "promiscuous-bridge": make the container bridge promiscuous. "hairpin-veth": set the hairpin flag on container veth interfaces. "none": do nothing. Setting --configure-cbr0 to false implies that to achieve hairpin NAT one must set --hairpin-mode=veth-flag, because bridge assumes the existence of a container bridge named cbr0.' type: string hostnameOverride: - description: HostnameOverride is the hostname used to identify - the kubelet instead of the actual hostname. + description: HostnameOverride is the hostname used to identify the kubelet instead of the actual hostname. type: string imageGCHighThresholdPercent: - description: ImageGCHighThresholdPercent is the percent of disk - usage after which image garbage collection is always run. + description: ImageGCHighThresholdPercent is the percent of disk usage after which image garbage collection is always run. format: int32 type: integer imageGCLowThresholdPercent: - description: ImageGCLowThresholdPercent is the percent of disk - usage before which image garbage collection is never run. Lowest - disk usage to garbage collect to. + description: ImageGCLowThresholdPercent is the percent of disk usage before which image garbage collection is never run. Lowest disk usage to garbage collect to. format: int32 type: integer imagePullProgressDeadline: - description: ImagePullProgressDeadline is the timeout for image - pulls If no pulling progress is made before this deadline, the - image pulling will be cancelled. (default 1m0s) + description: ImagePullProgressDeadline is the timeout for image pulls If no pulling progress is made before this deadline, the image pulling will be cancelled. (default 1m0s) type: string kubeReserved: additionalProperties: type: string - description: Resource reservation for kubernetes system daemons - like the kubelet, container runtime, node problem detector, - etc. + description: Resource reservation for kubernetes system daemons like the kubelet, container runtime, node problem detector, etc. type: object kubeReservedCgroup: description: Control group for kube daemons. type: string kubeconfigPath: - description: KubeconfigPath is the path of kubeconfig for the - kubelet + description: KubeconfigPath is the path of kubeconfig for the kubelet type: string kubeletCgroups: - description: KubeletCgroups is the absolute name of cgroups to - isolate the kubelet in. + description: KubeletCgroups is the absolute name of cgroups to isolate the kubelet in. type: string logLevel: description: LogLevel is the logging level of the kubelet format: int32 type: integer maxPods: - description: MaxPods is the number of pods that can run on this - Kubelet. + description: MaxPods is the number of pods that can run on this Kubelet. format: int32 type: integer networkPluginMTU: - description: NetworkPluginMTU is the MTU to be passed to the network - plugin, and overrides the default MTU for cases where it cannot - be automatically computed (such as IPSEC). + description: NetworkPluginMTU is the MTU to be passed to the network plugin, and overrides the default MTU for cases where it cannot be automatically computed (such as IPSEC). format: int32 type: integer networkPluginName: - description: NetworkPluginName is the name of the network plugin - to be invoked for various events in kubelet/pod lifecycle + description: NetworkPluginName is the name of the network plugin to be invoked for various events in kubelet/pod lifecycle type: string nodeLabels: additionalProperties: type: string - description: NodeLabels to add when registering the node in the - cluster. + description: NodeLabels to add when registering the node in the cluster. type: object nodeStatusUpdateFrequency: - description: NodeStatusUpdateFrequency Specifies how often kubelet - posts node status to master (default 10s) must work with nodeMonitorGracePeriod - in KubeControllerManagerConfig. + description: NodeStatusUpdateFrequency Specifies how often kubelet posts node status to master (default 10s) must work with nodeMonitorGracePeriod in KubeControllerManagerConfig. type: string nonMasqueradeCIDR: - description: 'NonMasqueradeCIDR configures masquerading: traffic - to IPs outside this range will use IP masquerade.' + description: 'NonMasqueradeCIDR configures masquerading: traffic to IPs outside this range will use IP masquerade.' type: string nvidiaGPUs: - description: NvidiaGPUs is the number of NVIDIA GPU devices on - this node. + description: NvidiaGPUs is the number of NVIDIA GPU devices on this node. format: int32 type: integer podCIDR: - description: PodCIDR is the CIDR to use for pod IP addresses, - only used in standalone mode. In cluster mode, this is obtained - from the master. + description: PodCIDR is the CIDR to use for pod IP addresses, only used in standalone mode. In cluster mode, this is obtained from the master. type: string podInfraContainerImage: - description: PodInfraContainerImage is the image whose network/ipc - containers in each pod will use. + description: PodInfraContainerImage is the image whose network/ipc containers in each pod will use. type: string podManifestPath: - description: config is the path to the config file or directory - of files + description: config is the path to the config file or directory of files type: string protectKernelDefaults: - description: 'Default kubelet behaviour for kernel tuning. If - set, kubelet errors if any of kernel tunables is different than - kubelet defaults. (DEPRECATED: This parameter should be set - via the config file specified by the Kubelet''s --config flag.' + description: 'Default kubelet behaviour for kernel tuning. If set, kubelet errors if any of kernel tunables is different than kubelet defaults. (DEPRECATED: This parameter should be set via the config file specified by the Kubelet''s --config flag.' type: boolean readOnlyPort: - description: ReadOnlyPort is the port used by the kubelet api - for read-only access (default 10255) + description: ReadOnlyPort is the port used by the kubelet api for read-only access (default 10255) format: int32 type: integer reconcileCIDR: - description: ReconcileCIDR is Reconcile node CIDR with the CIDR - specified by the API server. No-op if register-node or configure-cbr0 - is false. + description: ReconcileCIDR is Reconcile node CIDR with the CIDR specified by the API server. No-op if register-node or configure-cbr0 is false. type: boolean registerNode: - description: RegisterNode enables automatic registration with - the apiserver. + description: RegisterNode enables automatic registration with the apiserver. type: boolean registerSchedulable: - description: registerSchedulable tells the kubelet to register - the node as schedulable. No-op if register-node is false. + description: registerSchedulable tells the kubelet to register the node as schedulable. No-op if register-node is false. type: boolean registryBurst: - description: RegistryBurst Maximum size of a bursty pulls, temporarily - allows pulls to burst to this number, while still not exceeding - registry-qps. Only used if --registry-qps > 0 (default 10) + description: RegistryBurst Maximum size of a bursty pulls, temporarily allows pulls to burst to this number, while still not exceeding registry-qps. Only used if --registry-qps > 0 (default 10) format: int32 type: integer registryPullQPS: - description: RegistryPullQPS if > 0, limit registry pull QPS to - this value. If 0, unlimited. (default 5) + description: RegistryPullQPS if > 0, limit registry pull QPS to this value. If 0, unlimited. (default 5) format: int32 type: integer requireKubeconfig: description: RequireKubeconfig indicates a kubeconfig is required type: boolean resolvConf: - description: ResolverConfig is the resolver configuration file - used as the basis for the container DNS resolution configuration."), - [] + description: ResolverConfig is the resolver configuration file used as the basis for the container DNS resolution configuration."), [] type: string rootDir: - description: RootDir is the directory path for managing kubelet - files (volume mounts,etc) + description: RootDir is the directory path for managing kubelet files (volume mounts,etc) type: string rotateCertificates: description: rotateCertificates enables client certificate rotation. type: boolean runtimeCgroups: - description: Cgroups that container runtime is expected to be - isolated in. + description: Cgroups that container runtime is expected to be isolated in. type: string runtimeRequestTimeout: - description: RuntimeRequestTimeout is timeout for runtime requests - on - pull, logs, exec and attach + description: RuntimeRequestTimeout is timeout for runtime requests on - pull, logs, exec and attach type: string seccompProfileRoot: - description: SeccompProfileRoot is the directory path for seccomp - profiles. + description: SeccompProfileRoot is the directory path for seccomp profiles. type: string serializeImagePulls: - description: '// SerializeImagePulls when enabled, tells the Kubelet - to pull images one // at a time. We recommend *not* changing - the default value on nodes that // run docker daemon with version < - 1.9 or an Aufs storage backend. // Issue #10959 has more details.' + description: '// SerializeImagePulls when enabled, tells the Kubelet to pull images one // at a time. We recommend *not* changing the default value on nodes that // run docker daemon with version < 1.9 or an Aufs storage backend. // Issue #10959 has more details.' type: boolean streamingConnectionIdleTimeout: - description: StreamingConnectionIdleTimeout is the maximum time - a streaming connection can be idle before the connection is - automatically closed + description: StreamingConnectionIdleTimeout is the maximum time a streaming connection can be idle before the connection is automatically closed type: string systemCgroups: - description: SystemCgroups is absolute name of cgroups in which - to place all non-kernel processes that are not already in a - container. Empty for no container. Rolling back the flag requires - a reboot. + description: SystemCgroups is absolute name of cgroups in which to place all non-kernel processes that are not already in a container. Empty for no container. Rolling back the flag requires a reboot. type: string systemReserved: additionalProperties: type: string - description: Capture resource reservation for OS system daemons - like sshd, udev, etc. + description: Capture resource reservation for OS system daemons like sshd, udev, etc. type: object systemReservedCgroup: description: Parent control group for OS system daemons. @@ -557,8 +437,7 @@ spec: description: 'TODO: Remove unused TLSCertFile' type: string tlsCipherSuites: - description: TLSCipherSuites indicates the allowed TLS cipher - suite + description: TLSCipherSuites indicates the allowed TLS cipher suite items: type: string type: array @@ -569,26 +448,20 @@ spec: description: 'TODO: Remove unused TLSPrivateKeyFile' type: string topologyManagerPolicy: - description: TopologyManagerPolicy determines the allocation policy - for the topology manager. + description: TopologyManagerPolicy determines the allocation policy for the topology manager. type: string volumePluginDirectory: - description: The full path of the directory in which to search - for additional third party volume plugins (this path must be - writeable, dependent on your choice of OS) + description: The full path of the directory in which to search for additional third party volume plugins (this path must be writeable, dependent on your choice of OS) type: string volumeStatsAggPeriod: - description: VolumeStatsAggPeriod is the interval for kubelet - to calculate and cache the volume disk usage for all pods and - volumes + description: VolumeStatsAggPeriod is the interval for kubelet to calculate and cache the volume disk usage for all pods and volumes type: string type: object machineType: description: MachineType is the instance class type: string maxPrice: - description: MaxPrice indicates this is a spot-pricing group, with - the specified value as our max-price bid + description: MaxPrice indicates this is a spot-pricing group, with the specified value as our max-price bid type: string maxSize: description: MaxSize is the maximum size of the pool @@ -599,136 +472,88 @@ spec: format: int32 type: integer mixedInstancesPolicy: - description: MixedInstancesPolicy defined a optional backing of an - AWS ASG by a EC2 Fleet (AWS Only) + description: MixedInstancesPolicy defined a optional backing of an AWS ASG by a EC2 Fleet (AWS Only) properties: instances: - description: Instances is a list of instance types which we are - willing to run in the EC2 fleet + description: Instances is a list of instance types which we are willing to run in the EC2 fleet items: type: string type: array onDemandAboveBase: - description: OnDemandAboveBase controls the percentages of On-Demand - Instances and Spot Instances for your additional capacity beyond - OnDemandBase. The range is 0–100. The default value is 100. - If you leave this parameter set to 100, the percentages are - 100% for On-Demand Instances and 0% for Spot Instances. + description: OnDemandAboveBase controls the percentages of On-Demand Instances and Spot Instances for your additional capacity beyond OnDemandBase. The range is 0–100. The default value is 100. If you leave this parameter set to 100, the percentages are 100% for On-Demand Instances and 0% for Spot Instances. format: int64 type: integer onDemandAllocationStrategy: - description: OnDemandAllocationStrategy indicates how to allocate - instance types to fulfill On-Demand capacity + description: OnDemandAllocationStrategy indicates how to allocate instance types to fulfill On-Demand capacity type: string onDemandBase: - description: OnDemandBase is the minimum amount of the Auto Scaling - group's capacity that must be fulfilled by On-Demand Instances. - This base portion is provisioned first as your group scales. + description: OnDemandBase is the minimum amount of the Auto Scaling group's capacity that must be fulfilled by On-Demand Instances. This base portion is provisioned first as your group scales. format: int64 type: integer spotAllocationStrategy: - description: SpotAllocationStrategy diversifies your Spot capacity - across multiple instance types to find the best pricing. Higher - Spot availability may result from a larger number of instance - types to choose from. + description: SpotAllocationStrategy diversifies your Spot capacity across multiple instance types to find the best pricing. Higher Spot availability may result from a larger number of instance types to choose from. type: string spotInstancePools: - description: SpotInstancePools is the number of Spot pools to - use to allocate your Spot capacity (defaults to 2) pools are - determined from the different instance types in the Overrides - array of LaunchTemplate + description: SpotInstancePools is the number of Spot pools to use to allocate your Spot capacity (defaults to 2) pools are determined from the different instance types in the Overrides array of LaunchTemplate format: int64 type: integer type: object nodeLabels: additionalProperties: type: string - description: NodeLabels indicates the kubernetes labels for nodes - in this group + description: NodeLabels indicates the kubernetes labels for nodes in this group type: object role: - description: 'Type determines the role of instances in this group: - masters or nodes' + description: 'Type determines the role of instances in this group: masters or nodes' type: string rollingUpdate: description: RollingUpdate defines the rolling-update behavior properties: drainAndTerminate: - description: DrainAndTerminate enables draining and terminating - nodes during rolling updates. Defaults to true. + description: DrainAndTerminate enables draining and terminating nodes during rolling updates. Defaults to true. type: boolean maxSurge: anyOf: - type: integer - type: string - description: 'MaxSurge is the maximum number of extra nodes that - can be created during the update. The value can be an absolute - number (for example 5) or a percentage of desired machines (for - example 10%). The absolute number is calculated from a percentage - by rounding up. Has no effect on instance groups with role "Master". - Defaults to 1 on AWS, 0 otherwise. Example: when this is set - to 30%, the InstanceGroup can be scaled up immediately when - the rolling update starts, such that the total number of old - and new nodes do not exceed 130% of desired nodes.' + description: 'MaxSurge is the maximum number of extra nodes that can be created during the update. The value can be an absolute number (for example 5) or a percentage of desired machines (for example 10%). The absolute number is calculated from a percentage by rounding up. Has no effect on instance groups with role "Master". Defaults to 1 on AWS, 0 otherwise. Example: when this is set to 30%, the InstanceGroup can be scaled up immediately when the rolling update starts, such that the total number of old and new nodes do not exceed 130% of desired nodes.' x-kubernetes-int-or-string: true maxUnavailable: anyOf: - type: integer - type: string - description: 'MaxUnavailable is the maximum number of nodes that - can be unavailable during the update. The value can be an absolute - number (for example 5) or a percentage of desired nodes (for - example 10%). The absolute number is calculated from a percentage - by rounding down. Defaults to 1 if MaxSurge is 0, otherwise - defaults to 0. Example: when this is set to 30%, the InstanceGroup - can be scaled down to 70% of desired nodes immediately when - the rolling update starts. Once new nodes are ready, more old - nodes can be drained, ensuring that the total number of nodes - available at all times during the update is at least 70% of - desired nodes.' + description: 'MaxUnavailable is the maximum number of nodes that can be unavailable during the update. The value can be an absolute number (for example 5) or a percentage of desired nodes (for example 10%). The absolute number is calculated from a percentage by rounding down. Defaults to 1 if MaxSurge is 0, otherwise defaults to 0. Example: when this is set to 30%, the InstanceGroup can be scaled down to 70% of desired nodes immediately when the rolling update starts. Once new nodes are ready, more old nodes can be drained, ensuring that the total number of nodes available at all times during the update is at least 70% of desired nodes.' x-kubernetes-int-or-string: true type: object rootVolumeDeleteOnTermination: - description: 'RootVolumeDeleteOnTermination configures root volume - retention policy upon instance termination. The root volume is deleted - by default. Cluster deletion does not remove retained root volumes. - NOTE: This setting applies only to the Launch Configuration and - does not affect Launch Templates.' + description: 'RootVolumeDeleteOnTermination configures root volume retention policy upon instance termination. The root volume is deleted by default. Cluster deletion does not remove retained root volumes. NOTE: This setting applies only to the Launch Configuration and does not affect Launch Templates.' type: boolean rootVolumeEncryption: - description: RootVolumeEncryption enables EBS root volume encryption - for an instance + description: RootVolumeEncryption enables EBS root volume encryption for an instance type: boolean rootVolumeIops: - description: If volume type is io1, then we need to specify the number - of Iops. + description: If volume type is io1, then we need to specify the number of Iops. format: int32 type: integer rootVolumeOptimization: - description: RootVolumeOptimization enables EBS optimization for an - instance + description: RootVolumeOptimization enables EBS optimization for an instance type: boolean rootVolumeSize: - description: RootVolumeSize is the size of the EBS root volume to - use, in GB + description: RootVolumeSize is the size of the EBS root volume to use, in GB format: int32 type: integer rootVolumeType: - description: RootVolumeType is the type of the EBS root volume to - use (e.g. gp2) + description: RootVolumeType is the type of the EBS root volume to use (e.g. gp2) type: string securityGroupOverride: - description: SecurityGroupOverride overrides the default security - group created by Kops for this IG (AWS only). + description: SecurityGroupOverride overrides the default security group created by Kops for this IG (AWS only). type: string spotDurationInMinutes: - description: SpotDurationInMinutes indicates this is a spot-block - group, with the specified value as the spot reservation time + description: SpotDurationInMinutes indicates this is a spot-block group, with the specified value as the spot reservation time format: int64 type: integer subnets: - description: Subnets is the names of the Subnets (as specified in - the Cluster) where machines in this instance group should be placed + description: Subnets is the names of the Subnets (as specified in the Cluster) where machines in this instance group should be placed items: type: string type: array @@ -738,27 +563,22 @@ spec: type: string type: array sysctlParameters: - description: SysctlParameters will configure kernel parameters using - sysctl(8). When specified, each parameter must follow the form variable=value, - the way it would appear in sysctl.conf. + description: SysctlParameters will configure kernel parameters using sysctl(8). When specified, each parameter must follow the form variable=value, the way it would appear in sysctl.conf. items: type: string type: array taints: - description: Taints indicates the kubernetes taints for nodes in this - group + description: Taints indicates the kubernetes taints for nodes in this group items: type: string type: array tenancy: - description: Describes the tenancy of the instance group. Can be either - default or dedicated. Currently only applies to AWS. + description: Describes the tenancy of the instance group. Can be either default or dedicated. Currently only applies to AWS. type: string volumeMounts: description: VolumeMounts a collection of volume mounts items: - description: VolumeMountSpec defines the specification for mounting - a device + description: VolumeMountSpec defines the specification for mounting a device properties: device: description: Device is the device name to provision and mount @@ -767,8 +587,7 @@ spec: description: Filesystem is the filesystem to mount type: string formatOptions: - description: FormatOptions is a collection of options passed - when formatting the device + description: FormatOptions is a collection of options passed when formatting the device items: type: string type: array @@ -783,29 +602,21 @@ spec: type: object type: array volumes: - description: Volumes is a collection of additional volumes to create - for instances within this InstanceGroup + description: Volumes is a collection of additional volumes to create for instances within this InstanceGroup items: - description: VolumeSpec defined the spec for an additional volume - attached to the instance group + description: VolumeSpec defined the spec for an additional volume attached to the instance group properties: deleteOnTermination: - description: 'DeleteOnTermination configures volume retention - policy upon instance termination. The volume is deleted by - default. Cluster deletion does not remove retained volumes. - NOTE: This setting applies only to the Launch Configuration - and does not affect Launch Templates.' + description: 'DeleteOnTermination configures volume retention policy upon instance termination. The volume is deleted by default. Cluster deletion does not remove retained volumes. NOTE: This setting applies only to the Launch Configuration and does not affect Launch Templates.' type: boolean device: - description: Device is an optional device name of the block - device + description: Device is an optional device name of the block device type: string encrypted: description: Encrypted indicates you want to encrypt the volume type: boolean iops: - description: Iops is the provision iops for this iops (think - io1 in aws) + description: Iops is the provision iops for this iops (think io1 in aws) format: int64 type: integer size: @@ -813,15 +624,12 @@ spec: format: int64 type: integer type: - description: Type is the type of volume to create and is cloud - specific + description: Type is the type of volume to create and is cloud specific type: string type: object type: array zones: - description: Zones is the names of the Zones where machines in this - instance group should be placed This is needed for regional subnets - (e.g. GCE), to restrict placement to particular zones + description: Zones is the names of the Zones where machines in this instance group should be placed This is needed for regional subnets (e.g. GCE), to restrict placement to particular zones items: type: string type: array diff --git a/k8s/crds/kops.k8s.io_keysets.yaml b/k8s/crds/kops.k8s.io_keysets.yaml index 5036b0e7e4..fdd761090e 100644 --- a/k8s/crds/kops.k8s.io_keysets.yaml +++ b/k8s/crds/kops.k8s.io_keysets.yaml @@ -19,18 +19,13 @@ spec: - name: v1alpha2 schema: openAPIV3Schema: - description: Keyset is a set of system keypairs, or other secret material. - It is a set to support credential rotation etc. + description: Keyset is a set of system keypairs, or other secret material. It is a set to support credential rotation etc. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -40,28 +35,23 @@ spec: keys: description: Keys is the set of keys that make up the keyset items: - description: KeysetItem is an item (keypair or other secret material) - in a Keyset + description: KeysetItem is an item (keypair or other secret material) in a Keyset properties: id: - description: Id is the unique identifier for this key in the - keyset + description: Id is the unique identifier for this key in the keyset type: string privateMaterial: - description: PrivateMaterial holds secret material (e.g. a private - key, or symmetric token) + description: PrivateMaterial holds secret material (e.g. a private key, or symmetric token) format: byte type: string publicMaterial: - description: PublicMaterial holds non-secret material (e.g. - a certificate) + description: PublicMaterial holds non-secret material (e.g. a certificate) format: byte type: string type: object type: array type: - description: Type is the type of the Keyset (PKI keypair, or secret - token) + description: Type is the type of the Keyset (PKI keypair, or secret token) type: string type: object type: object diff --git a/k8s/crds/kops.k8s.io_sshcredentials.yaml b/k8s/crds/kops.k8s.io_sshcredentials.yaml index db7b27cded..67c3cd92b0 100644 --- a/k8s/crds/kops.k8s.io_sshcredentials.yaml +++ b/k8s/crds/kops.k8s.io_sshcredentials.yaml @@ -22,14 +22,10 @@ spec: description: SSHCredential represent a set of kops secrets properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object diff --git a/pkg/client/clientset_generated/clientset/fake/register.go b/pkg/client/clientset_generated/clientset/fake/register.go index 035317b128..ee936b83ac 100644 --- a/pkg/client/clientset_generated/clientset/fake/register.go +++ b/pkg/client/clientset_generated/clientset/fake/register.go @@ -30,7 +30,7 @@ import ( var scheme = runtime.NewScheme() var codecs = serializer.NewCodecFactory(scheme) -var parameterCodec = runtime.NewParameterCodec(scheme) + var localSchemeBuilder = runtime.SchemeBuilder{ kopsinternalversion.AddToScheme, kopsv1alpha2.AddToScheme, diff --git a/pkg/client/clientset_generated/internalclientset/fake/register.go b/pkg/client/clientset_generated/internalclientset/fake/register.go index 035317b128..ee936b83ac 100644 --- a/pkg/client/clientset_generated/internalclientset/fake/register.go +++ b/pkg/client/clientset_generated/internalclientset/fake/register.go @@ -30,7 +30,7 @@ import ( var scheme = runtime.NewScheme() var codecs = serializer.NewCodecFactory(scheme) -var parameterCodec = runtime.NewParameterCodec(scheme) + var localSchemeBuilder = runtime.SchemeBuilder{ kopsinternalversion.AddToScheme, kopsv1alpha2.AddToScheme, diff --git a/pkg/model/components/etcdmanager/tests/minimal/tasks.yaml b/pkg/model/components/etcdmanager/tests/minimal/tasks.yaml index 1121175e16..367d3d7d92 100644 --- a/pkg/model/components/etcdmanager/tests/minimal/tasks.yaml +++ b/pkg/model/components/etcdmanager/tests/minimal/tasks.yaml @@ -79,14 +79,7 @@ Contents: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-events - --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true - --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3997 - --insecure=false --peer-urls=https://__name__:2381 --quarantine-client-urls=https://__name__:3995 - --v=6 --volume-name-tag=k8s.io/etcd/events --volume-provider=aws --volume-tag=k8s.io/etcd/events - --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned - > /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-events --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3997 --insecure=false --peer-urls=https://__name__:2381 --quarantine-client-urls=https://__name__:3995 --v=6 --volume-name-tag=k8s.io/etcd/events --volume-provider=aws --volume-tag=k8s.io/etcd/events --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 image: kopeio/etcd-manager:3.0.20200531 name: etcd-manager resources: @@ -145,14 +138,7 @@ Contents: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-main - --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true - --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3996 - --insecure=false --peer-urls=https://__name__:2380 --quarantine-client-urls=https://__name__:3994 - --v=6 --volume-name-tag=k8s.io/etcd/main --volume-provider=aws --volume-tag=k8s.io/etcd/main - --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned - > /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-main --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3996 --insecure=false --peer-urls=https://__name__:2380 --quarantine-client-urls=https://__name__:3994 --v=6 --volume-name-tag=k8s.io/etcd/main --volume-provider=aws --volume-tag=k8s.io/etcd/main --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 image: kopeio/etcd-manager:3.0.20200531 name: etcd-manager resources: diff --git a/pkg/model/components/etcdmanager/tests/old_versions_mount_hosts/tasks.yaml b/pkg/model/components/etcdmanager/tests/old_versions_mount_hosts/tasks.yaml index 42476b0472..e4178af572 100644 --- a/pkg/model/components/etcdmanager/tests/old_versions_mount_hosts/tasks.yaml +++ b/pkg/model/components/etcdmanager/tests/old_versions_mount_hosts/tasks.yaml @@ -79,14 +79,7 @@ Contents: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-events - --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true - --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3997 - --insecure=false --peer-urls=https://__name__:2381 --quarantine-client-urls=https://__name__:3995 - --v=6 --volume-name-tag=k8s.io/etcd/events --volume-provider=aws --volume-tag=k8s.io/etcd/events - --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned - > /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-events --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3997 --insecure=false --peer-urls=https://__name__:2381 --quarantine-client-urls=https://__name__:3995 --v=6 --volume-name-tag=k8s.io/etcd/events --volume-provider=aws --volume-tag=k8s.io/etcd/events --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 image: kopeio/etcd-manager:3.0.20200531 name: etcd-manager resources: @@ -151,14 +144,7 @@ Contents: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-main - --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true - --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3996 - --insecure=false --peer-urls=https://__name__:2380 --quarantine-client-urls=https://__name__:3994 - --v=6 --volume-name-tag=k8s.io/etcd/main --volume-provider=aws --volume-tag=k8s.io/etcd/main - --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned - > /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-main --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3996 --insecure=false --peer-urls=https://__name__:2380 --quarantine-client-urls=https://__name__:3994 --v=6 --volume-name-tag=k8s.io/etcd/main --volume-provider=aws --volume-tag=k8s.io/etcd/main --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 image: kopeio/etcd-manager:3.0.20200531 name: etcd-manager resources: diff --git a/pkg/model/components/etcdmanager/tests/overwrite_settings/tasks.yaml b/pkg/model/components/etcdmanager/tests/overwrite_settings/tasks.yaml index 74392f310a..dd33be7c4c 100644 --- a/pkg/model/components/etcdmanager/tests/overwrite_settings/tasks.yaml +++ b/pkg/model/components/etcdmanager/tests/overwrite_settings/tasks.yaml @@ -79,14 +79,7 @@ Contents: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-events - --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true - --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3997 - --insecure=false --peer-urls=https://__name__:2381 --quarantine-client-urls=https://__name__:3995 - --v=6 --volume-name-tag=k8s.io/etcd/events --volume-provider=aws --volume-tag=k8s.io/etcd/events - --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned - > /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-events --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3997 --insecure=false --peer-urls=https://__name__:2381 --quarantine-client-urls=https://__name__:3995 --v=6 --volume-name-tag=k8s.io/etcd/events --volume-provider=aws --volume-tag=k8s.io/etcd/events --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 env: - name: ETCD_QUOTA_BACKEND_BYTES value: "10737418240" @@ -148,14 +141,7 @@ Contents: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-main - --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true - --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3996 - --insecure=false --peer-urls=https://__name__:2380 --quarantine-client-urls=https://__name__:3994 - --v=6 --volume-name-tag=k8s.io/etcd/main --volume-provider=aws --volume-tag=k8s.io/etcd/main - --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned - > /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-main --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3996 --insecure=false --peer-urls=https://__name__:2380 --quarantine-client-urls=https://__name__:3994 --v=6 --volume-name-tag=k8s.io/etcd/main --volume-provider=aws --volume-tag=k8s.io/etcd/main --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 env: - name: ETCD_QUOTA_BACKEND_BYTES value: "10737418240" diff --git a/pkg/model/components/etcdmanager/tests/proxy/tasks.yaml b/pkg/model/components/etcdmanager/tests/proxy/tasks.yaml index 6e11e3abdb..789e91daa0 100644 --- a/pkg/model/components/etcdmanager/tests/proxy/tasks.yaml +++ b/pkg/model/components/etcdmanager/tests/proxy/tasks.yaml @@ -79,14 +79,7 @@ Contents: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-events - --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true - --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3997 - --insecure=false --peer-urls=https://__name__:2381 --quarantine-client-urls=https://__name__:3995 - --v=6 --volume-name-tag=k8s.io/etcd/events --volume-provider=aws --volume-tag=k8s.io/etcd/events - --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned - > /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-events --client-urls=https://__name__:4002 --cluster-name=etcd-events --containerized=true --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3997 --insecure=false --peer-urls=https://__name__:2381 --quarantine-client-urls=https://__name__:3995 --v=6 --volume-name-tag=k8s.io/etcd/events --volume-provider=aws --volume-tag=k8s.io/etcd/events --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 env: - name: NO_PROXY value: noproxy.example.com @@ -160,14 +153,7 @@ Contents: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager - --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-main - --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true - --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3996 - --insecure=false --peer-urls=https://__name__:2380 --quarantine-client-urls=https://__name__:3994 - --v=6 --volume-name-tag=k8s.io/etcd/main --volume-provider=aws --volume-tag=k8s.io/etcd/main - --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned - > /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /etcd-manager --backup-store=memfs://clusters.example.com/minimal.example.com/backups/etcd-main --client-urls=https://__name__:4001 --cluster-name=etcd --containerized=true --dns-suffix=.internal.minimal.example.com --etcd-insecure=true --grpc-port=3996 --insecure=false --peer-urls=https://__name__:2380 --quarantine-client-urls=https://__name__:3994 --v=6 --volume-name-tag=k8s.io/etcd/main --volume-provider=aws --volume-tag=k8s.io/etcd/main --volume-tag=k8s.io/role/master=1 --volume-tag=kubernetes.io/cluster/minimal.example.com=owned > /tmp/pipe 2>&1 env: - name: NO_PROXY value: noproxy.example.com diff --git a/protokube/tests/integration/build_etcd_manifest/main/etcd_env_vars.yaml b/protokube/tests/integration/build_etcd_manifest/main/etcd_env_vars.yaml index 772a7c0da7..ab9e6f9fda 100644 --- a/protokube/tests/integration/build_etcd_manifest/main/etcd_env_vars.yaml +++ b/protokube/tests/integration/build_etcd_manifest/main/etcd_env_vars.yaml @@ -38,8 +38,7 @@ spec: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /usr/local/bin/etcd > - /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /usr/local/bin/etcd > /tmp/pipe 2>&1 env: - name: ETCD_NAME value: node0 diff --git a/protokube/tests/integration/build_etcd_manifest/main/non_tls.yaml b/protokube/tests/integration/build_etcd_manifest/main/non_tls.yaml index a74a413f77..338fbbf62c 100644 --- a/protokube/tests/integration/build_etcd_manifest/main/non_tls.yaml +++ b/protokube/tests/integration/build_etcd_manifest/main/non_tls.yaml @@ -36,8 +36,7 @@ spec: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /usr/local/bin/etcd > - /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /usr/local/bin/etcd > /tmp/pipe 2>&1 env: - name: ETCD_NAME value: node0 diff --git a/protokube/tests/integration/build_etcd_manifest/main/tls.yaml b/protokube/tests/integration/build_etcd_manifest/main/tls.yaml index 14ef074e38..2e1203aca3 100644 --- a/protokube/tests/integration/build_etcd_manifest/main/tls.yaml +++ b/protokube/tests/integration/build_etcd_manifest/main/tls.yaml @@ -42,8 +42,7 @@ spec: - command: - /bin/sh - -c - - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /usr/local/bin/etcd > - /tmp/pipe 2>&1 + - mkfifo /tmp/pipe; (tee -a /var/log/etcd.log < /tmp/pipe & ) ; exec /usr/local/bin/etcd > /tmp/pipe 2>&1 env: - name: ETCD_NAME value: node0 diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml index 45bc798c50..11259faab4 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml @@ -21,7 +21,7 @@ spec: - id: k8s-1.6 kubernetesVersion: <1.12.0 manifest: kube-dns.addons.k8s.io/k8s-1.6.yaml - manifestHash: 79dc1f02e5b03f6cfd06631bf26a9e4d3cb304f6 + manifestHash: a50e6a4c2f800b4af4ac0d80edf7762cfc1de9e3 name: kube-dns.addons.k8s.io selector: k8s-addon: kube-dns.addons.k8s.io @@ -57,7 +57,7 @@ spec: - id: k8s-1.6 kubernetesVersion: <1.12.0 manifest: dns-controller.addons.k8s.io/k8s-1.6.yaml - manifestHash: a3f11d5dccd7f62f41e808a5b3cb7b85f931fec7 + manifestHash: c844ffd7477e2b1fcb0a5524b3bfea4df8e1fc8b name: dns-controller.addons.k8s.io selector: k8s-addon: dns-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml index 53c3e8b5b0..40cead5117 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/awsiamauthenticator/manifest.yaml @@ -21,7 +21,7 @@ spec: - id: k8s-1.6 kubernetesVersion: <1.12.0 manifest: kube-dns.addons.k8s.io/k8s-1.6.yaml - manifestHash: 79dc1f02e5b03f6cfd06631bf26a9e4d3cb304f6 + manifestHash: a50e6a4c2f800b4af4ac0d80edf7762cfc1de9e3 name: kube-dns.addons.k8s.io selector: k8s-addon: kube-dns.addons.k8s.io @@ -57,7 +57,7 @@ spec: - id: k8s-1.6 kubernetesVersion: <1.12.0 manifest: dns-controller.addons.k8s.io/k8s-1.6.yaml - manifestHash: a3f11d5dccd7f62f41e808a5b3cb7b85f931fec7 + manifestHash: c844ffd7477e2b1fcb0a5524b3bfea4df8e1fc8b name: dns-controller.addons.k8s.io selector: k8s-addon: dns-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml index 7af1e4f96f..13430b9580 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/cilium/manifest.yaml @@ -21,7 +21,7 @@ spec: - id: k8s-1.6 kubernetesVersion: <1.12.0 manifest: kube-dns.addons.k8s.io/k8s-1.6.yaml - manifestHash: 79dc1f02e5b03f6cfd06631bf26a9e4d3cb304f6 + manifestHash: a50e6a4c2f800b4af4ac0d80edf7762cfc1de9e3 name: kube-dns.addons.k8s.io selector: k8s-addon: kube-dns.addons.k8s.io @@ -57,7 +57,7 @@ spec: - id: k8s-1.6 kubernetesVersion: <1.12.0 manifest: dns-controller.addons.k8s.io/k8s-1.6.yaml - manifestHash: a3f11d5dccd7f62f41e808a5b3cb7b85f931fec7 + manifestHash: c844ffd7477e2b1fcb0a5524b3bfea4df8e1fc8b name: dns-controller.addons.k8s.io selector: k8s-addon: dns-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml index c346740e7c..90a5489cad 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/simple/manifest.yaml @@ -21,7 +21,7 @@ spec: - id: k8s-1.6 kubernetesVersion: <1.12.0 manifest: kube-dns.addons.k8s.io/k8s-1.6.yaml - manifestHash: 79dc1f02e5b03f6cfd06631bf26a9e4d3cb304f6 + manifestHash: a50e6a4c2f800b4af4ac0d80edf7762cfc1de9e3 name: kube-dns.addons.k8s.io selector: k8s-addon: kube-dns.addons.k8s.io @@ -57,7 +57,7 @@ spec: - id: k8s-1.6 kubernetesVersion: <1.12.0 manifest: dns-controller.addons.k8s.io/k8s-1.6.yaml - manifestHash: a3f11d5dccd7f62f41e808a5b3cb7b85f931fec7 + manifestHash: c844ffd7477e2b1fcb0a5524b3bfea4df8e1fc8b name: dns-controller.addons.k8s.io selector: k8s-addon: dns-controller.addons.k8s.io diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml index a198fd2dee..e7895c0839 100644 --- a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml +++ b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/weave/manifest.yaml @@ -21,7 +21,7 @@ spec: - id: k8s-1.6 kubernetesVersion: <1.12.0 manifest: kube-dns.addons.k8s.io/k8s-1.6.yaml - manifestHash: 79dc1f02e5b03f6cfd06631bf26a9e4d3cb304f6 + manifestHash: a50e6a4c2f800b4af4ac0d80edf7762cfc1de9e3 name: kube-dns.addons.k8s.io selector: k8s-addon: kube-dns.addons.k8s.io @@ -57,7 +57,7 @@ spec: - id: k8s-1.6 kubernetesVersion: <1.12.0 manifest: dns-controller.addons.k8s.io/k8s-1.6.yaml - manifestHash: a3f11d5dccd7f62f41e808a5b3cb7b85f931fec7 + manifestHash: c844ffd7477e2b1fcb0a5524b3bfea4df8e1fc8b name: dns-controller.addons.k8s.io selector: k8s-addon: dns-controller.addons.k8s.io