mirror of https://github.com/kubernetes/kops.git
1172 lines
57 KiB
YAML
1172 lines
57 KiB
YAML
---
|
||
apiVersion: apiextensions.k8s.io/v1
|
||
kind: CustomResourceDefinition
|
||
metadata:
|
||
annotations:
|
||
controller-gen.kubebuilder.io/version: v0.13.0
|
||
name: instancegroups.kops.k8s.io
|
||
spec:
|
||
group: kops.k8s.io
|
||
names:
|
||
kind: InstanceGroup
|
||
listKind: InstanceGroupList
|
||
plural: instancegroups
|
||
shortNames:
|
||
- ig
|
||
singular: instancegroup
|
||
scope: Namespaced
|
||
versions:
|
||
- additionalPrinterColumns:
|
||
- description: Role
|
||
jsonPath: .spec.role
|
||
name: role
|
||
type: string
|
||
- description: Machine Type
|
||
jsonPath: .spec.machineType
|
||
name: machineType
|
||
type: string
|
||
- description: Min
|
||
jsonPath: .spec.minSize
|
||
name: min
|
||
type: integer
|
||
- description: Max
|
||
jsonPath: .spec.maxSize
|
||
name: max
|
||
type: integer
|
||
- description: Zones
|
||
jsonPath: .spec.zones
|
||
name: zones
|
||
type: string
|
||
name: v1alpha2
|
||
schema:
|
||
openAPIV3Schema:
|
||
description: InstanceGroup represents a group of instances (either nodes or
|
||
masters) with the same configuration
|
||
properties:
|
||
apiVersion:
|
||
description: 'APIVersion defines the versioned schema of this representation
|
||
of an object. Servers should convert recognized schemas to the latest
|
||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||
type: string
|
||
kind:
|
||
description: 'Kind is a string value representing the REST resource this
|
||
object represents. Servers may infer this from the endpoint the client
|
||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||
type: string
|
||
metadata:
|
||
type: object
|
||
spec:
|
||
description: InstanceGroupSpec is the specification for an InstanceGroup
|
||
properties:
|
||
additionalSecurityGroups:
|
||
description: AdditionalSecurityGroups attaches additional security
|
||
groups (e.g. i-123456)
|
||
items:
|
||
type: string
|
||
type: array
|
||
additionalUserData:
|
||
description: AdditionalUserData is any additional user-data to be
|
||
passed to the host
|
||
items:
|
||
description: UserData defines a user-data section
|
||
properties:
|
||
content:
|
||
description: Content is the user-data content
|
||
type: string
|
||
name:
|
||
description: Name is the name of the user-data
|
||
type: string
|
||
type:
|
||
description: Type is the type of user-data
|
||
type: string
|
||
type: object
|
||
type: array
|
||
associatePublicIp:
|
||
description: AssociatePublicIP is true if we want instances to have
|
||
a public IP
|
||
type: boolean
|
||
autoscale:
|
||
description: Autoscale determines if autoscaling will be enabled for
|
||
this instance group if cluster autoscaler is enabled
|
||
type: boolean
|
||
autoscalePriority:
|
||
description: AutoscalePriority determines the InstanceGroup priority
|
||
for scaling when cluster autoscaler uses the priority expander.
|
||
type: integer
|
||
capacityRebalance:
|
||
description: CapacityRebalance makes ASGs proactively replace spot
|
||
instances when the ASG receives a rebalance recommendation (AWS
|
||
Only).
|
||
type: boolean
|
||
cloudLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: CloudLabels defines additional tags or labels on cloud
|
||
provider resources
|
||
type: object
|
||
compressUserData:
|
||
description: CompressUserData compresses parts of the user data to
|
||
save space
|
||
type: boolean
|
||
containerd:
|
||
description: Containerd specifies override configuration for instance
|
||
group
|
||
properties:
|
||
address:
|
||
description: Address of containerd's GRPC server (default "/run/containerd/containerd.sock").
|
||
type: string
|
||
configAdditions:
|
||
additionalProperties:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
x-kubernetes-int-or-string: true
|
||
description: ConfigAdditions adds additional config entries to
|
||
the generated config file.
|
||
type: object
|
||
configOverride:
|
||
description: ConfigOverride is the complete containerd config
|
||
file provided by the user.
|
||
type: string
|
||
logLevel:
|
||
description: LogLevel controls the logging details [trace, debug,
|
||
info, warn, error, fatal, panic] (default "info").
|
||
type: string
|
||
nri:
|
||
description: NRI configures the Node Resource Interface.
|
||
properties:
|
||
enabled:
|
||
description: Enable NRI support in containerd
|
||
type: boolean
|
||
pluginRegistrationTimeout:
|
||
description: PluginRegistrationTimeout is the timeout for
|
||
plugin registration
|
||
type: string
|
||
pluginRequestTimeout:
|
||
description: PluginRequestTimeout is the timeout for a plugin
|
||
to handle a request
|
||
type: string
|
||
type: object
|
||
nvidiaGPU:
|
||
description: NvidiaGPU configures the Nvidia GPU runtime.
|
||
properties:
|
||
dcgmExporter:
|
||
description: DCGMExporterConfig configures the DCGM exporter
|
||
properties:
|
||
enabled:
|
||
description: Enabled determines if kOps will install the
|
||
DCGM exporter
|
||
type: boolean
|
||
type: object
|
||
enabled:
|
||
description: Enabled determines if kOps will install the Nvidia
|
||
GPU runtime and drivers. They will only be installed on
|
||
intances that has an Nvidia GPU.
|
||
type: boolean
|
||
package:
|
||
description: Package is the name of the nvidia driver package
|
||
that will be installed. Default is "nvidia-headless-460-server".
|
||
type: string
|
||
type: object
|
||
packages:
|
||
description: Packages overrides the URL and hash for the packages.
|
||
properties:
|
||
hashAmd64:
|
||
description: HashAmd64 overrides the hash for the AMD64 package.
|
||
type: string
|
||
hashArm64:
|
||
description: HashArm64 overrides the hash for the ARM64 package.
|
||
type: string
|
||
urlAmd64:
|
||
description: UrlAmd64 overrides the URL for the AMD64 package.
|
||
type: string
|
||
urlArm64:
|
||
description: UrlArm64 overrides the URL for the ARM64 package.
|
||
type: string
|
||
type: object
|
||
registryMirrors:
|
||
additionalProperties:
|
||
items:
|
||
type: string
|
||
type: array
|
||
description: RegistryMirrors is list of image registries
|
||
type: object
|
||
root:
|
||
description: Root directory for persistent data (default "/var/lib/containerd").
|
||
type: string
|
||
runc:
|
||
description: Runc configures the runc runtime.
|
||
properties:
|
||
packages:
|
||
description: Packages overrides the URL and hash for the packages.
|
||
properties:
|
||
hashAmd64:
|
||
description: HashAmd64 overrides the hash for the AMD64
|
||
package.
|
||
type: string
|
||
hashArm64:
|
||
description: HashArm64 overrides the hash for the ARM64
|
||
package.
|
||
type: string
|
||
urlAmd64:
|
||
description: UrlAmd64 overrides the URL for the AMD64
|
||
package.
|
||
type: string
|
||
urlArm64:
|
||
description: UrlArm64 overrides the URL for the ARM64
|
||
package.
|
||
type: string
|
||
type: object
|
||
version:
|
||
description: Version used to pick the runc package.
|
||
type: string
|
||
type: object
|
||
selinuxEnabled:
|
||
description: SelinuxEnabled enables SELinux support
|
||
type: boolean
|
||
skipInstall:
|
||
description: SkipInstall prevents kOps from installing and modifying
|
||
containerd in any way (default "false").
|
||
type: boolean
|
||
state:
|
||
description: State directory for execution state files (default
|
||
"/run/containerd").
|
||
type: string
|
||
version:
|
||
description: Version used to pick the containerd package.
|
||
type: string
|
||
type: object
|
||
cpuCredits:
|
||
description: CPUCredits is the credit option for CPU Usage on burstable
|
||
instance types (AWS only)
|
||
type: string
|
||
detailedInstanceMonitoring:
|
||
description: DetailedInstanceMonitoring defines if detailed-monitoring
|
||
is enabled (AWS only)
|
||
type: boolean
|
||
externalLoadBalancers:
|
||
description: ExternalLoadBalancers define loadbalancers that should
|
||
be attached to this instance group
|
||
items:
|
||
description: LoadBalancer defines a load balancer
|
||
properties:
|
||
loadBalancerName:
|
||
description: LoadBalancerName to associate with this instance
|
||
group (AWS ELB)
|
||
type: string
|
||
targetGroupArn:
|
||
description: TargetGroupARN to associate with this instance
|
||
group (AWS ALB/NLB)
|
||
type: string
|
||
type: object
|
||
type: array
|
||
fileAssets:
|
||
description: FileAssets is a collection of file assets for this instance
|
||
group
|
||
items:
|
||
description: FileAssetSpec defines the structure for a file asset
|
||
properties:
|
||
content:
|
||
description: Content is the contents of the file
|
||
type: string
|
||
isBase64:
|
||
description: IsBase64 indicates the contents is base64 encoded
|
||
type: boolean
|
||
mode:
|
||
description: Mode is this file's mode and permission bits
|
||
type: string
|
||
name:
|
||
description: Name is a shortened reference to the asset
|
||
type: string
|
||
path:
|
||
description: Path is the location this file should reside
|
||
type: string
|
||
roles:
|
||
description: Roles is a list of roles the file asset should
|
||
be applied, defaults to all
|
||
items:
|
||
description: InstanceGroupRole string describes the roles
|
||
of the nodes in this InstanceGroup (master or nodes)
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: array
|
||
gcpProvisioningModel:
|
||
description: 'GCPProvisioningModel: Specifies the provisioning model
|
||
of the GCP instance. Valid values: ''STANDARD'': (default) standard
|
||
provisioning with user controlled run time, no discounts ''SPOT'':
|
||
heavily discounted, no guaranteed run time.'
|
||
type: string
|
||
guestAccelerators:
|
||
description: GuestAccelerators configures additional accelerators
|
||
items:
|
||
description: AcceleratorConfig defines an accelerator config
|
||
properties:
|
||
acceleratorCount:
|
||
format: int64
|
||
type: integer
|
||
acceleratorType:
|
||
type: string
|
||
type: object
|
||
type: array
|
||
hooks:
|
||
description: 'Hooks is a list of hooks for this instanceGroup, note:
|
||
these can override the cluster wide ones if required'
|
||
items:
|
||
description: HookSpec is a definition hook
|
||
properties:
|
||
before:
|
||
description: Before is a series of systemd units which this
|
||
hook must run before
|
||
items:
|
||
type: string
|
||
type: array
|
||
disabled:
|
||
description: Disabled indicates if you want the unit switched
|
||
off
|
||
type: boolean
|
||
execContainer:
|
||
description: ExecContainer is the image itself
|
||
properties:
|
||
command:
|
||
description: Command is the command supplied to the above
|
||
image
|
||
items:
|
||
type: string
|
||
type: array
|
||
environment:
|
||
additionalProperties:
|
||
type: string
|
||
description: Environment is a map of environment variables
|
||
added to the hook
|
||
type: object
|
||
image:
|
||
description: Image is the docker image
|
||
type: string
|
||
type: object
|
||
manifest:
|
||
description: Manifest is a raw systemd unit file
|
||
type: string
|
||
name:
|
||
description: Name is an optional name for the hook, otherwise
|
||
the name is kops-hook-<index>
|
||
type: string
|
||
requires:
|
||
description: Requires is a series of systemd units the action
|
||
requires
|
||
items:
|
||
type: string
|
||
type: array
|
||
roles:
|
||
description: Roles is an optional list of roles the hook should
|
||
be rolled out to, defaults to all
|
||
items:
|
||
description: InstanceGroupRole string describes the roles
|
||
of the nodes in this InstanceGroup (master or nodes)
|
||
type: string
|
||
type: array
|
||
useRawManifest:
|
||
description: UseRawManifest indicates that the contents of Manifest
|
||
should be used as the contents of the systemd unit, unmodified.
|
||
Before and Requires are ignored when used together with this
|
||
value (and validation shouldn't allow them to be set)
|
||
type: boolean
|
||
type: object
|
||
type: array
|
||
iam:
|
||
description: IAMProfileSpec defines the identity of the cloud group
|
||
IAM profile (AWS only).
|
||
properties:
|
||
profile:
|
||
description: Profile of the cloud group IAM profile. In aws this
|
||
is the arn for the iam instance profile
|
||
type: string
|
||
type: object
|
||
image:
|
||
description: Image is the instance (ami etc) we should use
|
||
type: string
|
||
instanceInterruptionBehavior:
|
||
description: InstanceInterruptionBehavior defines if a spot instance
|
||
should be terminated, hibernated, or stopped after interruption
|
||
type: string
|
||
instanceMetadata:
|
||
description: InstanceMetadata defines the EC2 instance metadata service
|
||
options (AWS Only)
|
||
properties:
|
||
httpPutResponseHopLimit:
|
||
description: HTTPPutResponseHopLimit is the desired HTTP PUT response
|
||
hop limit for instance metadata requests. The larger the number,
|
||
the further instance metadata requests can travel. The default
|
||
value is 1.
|
||
format: int64
|
||
type: integer
|
||
httpTokens:
|
||
description: HTTPTokens is the state of token usage for the instance
|
||
metadata requests. If the parameter is not specified in the
|
||
request, the default state is "required".
|
||
type: string
|
||
type: object
|
||
instanceProtection:
|
||
description: InstanceProtection makes new instances in an autoscaling
|
||
group protected from scale in
|
||
type: boolean
|
||
kubelet:
|
||
description: Kubelet overrides kubelet config from the ClusterSpec
|
||
properties:
|
||
allowPrivileged:
|
||
description: AllowPrivileged enables containers to request privileged
|
||
mode (defaults to false)
|
||
type: boolean
|
||
allowedUnsafeSysctls:
|
||
description: AllowedUnsafeSysctls are passed to the kubelet config
|
||
to whitelist allowable sysctls
|
||
items:
|
||
type: string
|
||
type: array
|
||
anonymousAuth:
|
||
description: AnonymousAuth permits you to control auth to the
|
||
kubelet api
|
||
type: boolean
|
||
apiServers:
|
||
description: APIServers is not used for clusters version 1.6 and
|
||
later - flag removed
|
||
type: string
|
||
authenticationTokenWebhook:
|
||
description: AuthenticationTokenWebhook uses the TokenReview API
|
||
to determine authentication for bearer tokens.
|
||
type: boolean
|
||
authenticationTokenWebhookCacheTtl:
|
||
description: AuthenticationTokenWebhook sets the duration to cache
|
||
responses from the webhook token authenticator. Default is 2m.
|
||
(default 2m0s)
|
||
type: string
|
||
authorizationMode:
|
||
description: AuthorizationMode is the authorization mode the kubelet
|
||
is running in
|
||
type: string
|
||
babysitDaemons:
|
||
description: The node has babysitter process monitoring docker
|
||
and kubelet. Removed as of 1.7
|
||
type: boolean
|
||
bootstrapKubeconfig:
|
||
description: BootstrapKubeconfig is the path to a kubeconfig file
|
||
that will be used to get client certificate for kubelet
|
||
type: string
|
||
cgroupDriver:
|
||
description: CgroupDriver allows the explicit setting of the kubelet
|
||
cgroup driver. If omitted, defaults to cgroupfs.
|
||
type: string
|
||
cgroupRoot:
|
||
description: cgroupRoot is the root cgroup to use for pods. This
|
||
is handled by the container runtime on a best effort basis.
|
||
type: string
|
||
clientCaFile:
|
||
description: ClientCAFile is the path to a CA certificate
|
||
type: string
|
||
cloudProvider:
|
||
description: CloudProvider is the provider for cloud services.
|
||
type: string
|
||
clusterDNS:
|
||
description: ClusterDNS is the IP address for a cluster DNS server
|
||
type: string
|
||
clusterDomain:
|
||
description: ClusterDomain is the DNS domain for this cluster
|
||
type: string
|
||
configureCbr0:
|
||
description: configureCBR0 enables the kubelet to configure cbr0
|
||
based on Node.Spec.PodCIDR.
|
||
type: boolean
|
||
containerLogMaxFiles:
|
||
description: ContainerLogMaxFiles is the maximum number of container
|
||
log files that can be present for a container. The number must
|
||
be >= 2.
|
||
format: int32
|
||
type: integer
|
||
containerLogMaxSize:
|
||
description: ContainerLogMaxSize is the maximum size (e.g. 10Mi)
|
||
of container log file before it is rotated.
|
||
type: string
|
||
cpuCFSQuota:
|
||
description: CPUCFSQuota enables CPU CFS quota enforcement for
|
||
containers that specify CPU limits
|
||
type: boolean
|
||
cpuCFSQuotaPeriod:
|
||
description: CPUCFSQuotaPeriod sets CPU CFS quota period value,
|
||
cpu.cfs_period_us, defaults to Linux Kernel default
|
||
type: string
|
||
cpuManagerPolicy:
|
||
description: CpuManagerPolicy allows for changing the default
|
||
policy of None to static
|
||
type: string
|
||
dockerDisableSharedPID:
|
||
description: DockerDisableSharedPID was removed.
|
||
type: boolean
|
||
enableCadvisorJsonEndpoints:
|
||
description: EnableCadvisorJsonEndpoints enables cAdvisor json
|
||
`/spec` and `/stats/*` endpoints. Defaults to False.
|
||
type: boolean
|
||
enableCustomMetrics:
|
||
description: Enable gathering custom metrics.
|
||
type: boolean
|
||
enableDebuggingHandlers:
|
||
description: EnableDebuggingHandlers enables server endpoints
|
||
for log collection and local running of containers and commands
|
||
type: boolean
|
||
enforceNodeAllocatable:
|
||
description: Enforce Allocatable across pods whenever the overall
|
||
usage across all pods exceeds Allocatable.
|
||
type: string
|
||
eventBurst:
|
||
description: EventBurst temporarily allows event records to burst
|
||
to this number, while still not exceeding EventQPS. Only used
|
||
if EventQPS > 0.
|
||
format: int32
|
||
type: integer
|
||
eventQPS:
|
||
description: EventQPS if > 0, limit event creations per second
|
||
to this value. If 0, unlimited.
|
||
format: int32
|
||
type: integer
|
||
evictionHard:
|
||
description: Comma-delimited list of hard eviction expressions. For
|
||
example, 'memory.available<300Mi'.
|
||
type: string
|
||
evictionMaxPodGracePeriod:
|
||
description: Maximum allowed grace period (in seconds) to use
|
||
when terminating pods in response to a soft eviction threshold
|
||
being met.
|
||
format: int32
|
||
type: integer
|
||
evictionMinimumReclaim:
|
||
description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi)
|
||
that describes the minimum amount of resource the kubelet will
|
||
reclaim when performing a pod eviction if that resource is under
|
||
pressure.
|
||
type: string
|
||
evictionPressureTransitionPeriod:
|
||
description: Duration for which the kubelet has to wait before
|
||
transitioning out of an eviction pressure condition.
|
||
type: string
|
||
evictionSoft:
|
||
description: Comma-delimited list of soft eviction expressions. For
|
||
example, 'memory.available<300Mi'.
|
||
type: string
|
||
evictionSoftGracePeriod:
|
||
description: Comma-delimited list of grace periods for each soft
|
||
eviction signal. For example, 'memory.available=30s'.
|
||
type: string
|
||
experimentalAllocatableIgnoreEviction:
|
||
description: ExperimentalAllocatableIgnoreEviction enables ignoring
|
||
Hard Eviction Thresholds while calculating Node Allocatable
|
||
type: boolean
|
||
experimentalAllowedUnsafeSysctls:
|
||
description: ExperimentalAllowedUnsafeSysctls are passed to the
|
||
kubelet config to whitelist allowable sysctls Was promoted to
|
||
beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717
|
||
items:
|
||
type: string
|
||
type: array
|
||
failSwapOn:
|
||
description: Tells the Kubelet to fail to start if swap is enabled
|
||
on the node.
|
||
type: boolean
|
||
featureGates:
|
||
additionalProperties:
|
||
type: string
|
||
description: FeatureGates is set of key=value pairs that describe
|
||
feature gates for alpha/experimental features.
|
||
type: object
|
||
hairpinMode:
|
||
description: 'How should the kubelet configure the container bridge
|
||
for hairpin packets. Setting this flag allows endpoints in a
|
||
Service to loadbalance back to themselves if they should try
|
||
to access their own Service. Values: "promiscuous-bridge": make
|
||
the container bridge promiscuous. "hairpin-veth": set
|
||
the hairpin flag on container veth interfaces. "none": do
|
||
nothing. Setting --configure-cbr0 to false implies that to achieve
|
||
hairpin NAT one must set --hairpin-mode=veth-flag, because bridge
|
||
assumes the existence of a container bridge named cbr0.'
|
||
type: string
|
||
hostnameOverride:
|
||
description: HostnameOverride is the hostname used to identify
|
||
the kubelet instead of the actual hostname.
|
||
type: string
|
||
housekeepingInterval:
|
||
description: HousekeepingInterval allows to specify interval between
|
||
container housekeepings.
|
||
type: string
|
||
imageGCHighThresholdPercent:
|
||
description: ImageGCHighThresholdPercent is the percent of disk
|
||
usage after which image garbage collection is always run.
|
||
format: int32
|
||
type: integer
|
||
imageGCLowThresholdPercent:
|
||
description: ImageGCLowThresholdPercent is the percent of disk
|
||
usage before which image garbage collection is never run. Lowest
|
||
disk usage to garbage collect to.
|
||
format: int32
|
||
type: integer
|
||
imagePullProgressDeadline:
|
||
description: ImagePullProgressDeadline is the timeout for image
|
||
pulls If no pulling progress is made before this deadline, the
|
||
image pulling will be cancelled. (default 1m0s)
|
||
type: string
|
||
kernelMemcgNotification:
|
||
description: Integrate with the kernel memcg notification to determine
|
||
if memory eviction thresholds are crossed rather than polling.
|
||
type: boolean
|
||
kubeReserved:
|
||
additionalProperties:
|
||
type: string
|
||
description: Resource reservation for kubernetes system daemons
|
||
like the kubelet, container runtime, node problem detector,
|
||
etc.
|
||
type: object
|
||
kubeReservedCgroup:
|
||
description: Control group for kube daemons.
|
||
type: string
|
||
kubeconfigPath:
|
||
description: KubeconfigPath is the path of kubeconfig for the
|
||
kubelet
|
||
type: string
|
||
kubeletCgroups:
|
||
description: KubeletCgroups is the absolute name of cgroups to
|
||
isolate the kubelet in.
|
||
type: string
|
||
logFormat:
|
||
description: 'LogFormat is the logging format of the kubelet.
|
||
Supported values: text, json. Default: text'
|
||
type: string
|
||
logLevel:
|
||
description: LogLevel is the logging level of the kubelet
|
||
format: int32
|
||
type: integer
|
||
maxPods:
|
||
description: MaxPods is the number of pods that can run on this
|
||
Kubelet.
|
||
format: int32
|
||
type: integer
|
||
memorySwapBehavior:
|
||
description: 'MemorySwapBehavior defines how swap is used by container
|
||
workloads. Supported values: LimitedSwap, "UnlimitedSwap.'
|
||
type: string
|
||
networkPluginMTU:
|
||
description: NetworkPluginMTU is the MTU to be passed to the network
|
||
plugin, and overrides the default MTU for cases where it cannot
|
||
be automatically computed (such as IPSEC).
|
||
format: int32
|
||
type: integer
|
||
networkPluginName:
|
||
description: NetworkPluginName is the name of the network plugin
|
||
to be invoked for various events in kubelet/pod lifecycle
|
||
type: string
|
||
nodeLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: NodeLabels to add when registering the node in the
|
||
cluster.
|
||
type: object
|
||
nodeStatusUpdateFrequency:
|
||
description: NodeStatusUpdateFrequency Specifies how often kubelet
|
||
posts node status to master (default 10s) must work with nodeMonitorGracePeriod
|
||
in KubeControllerManagerConfig.
|
||
type: string
|
||
nonMasqueradeCIDR:
|
||
description: 'NonMasqueradeCIDR configures masquerading: traffic
|
||
to IPs outside this range will use IP masquerade.'
|
||
type: string
|
||
nvidiaGPUs:
|
||
description: NvidiaGPUs is the number of NVIDIA GPU devices on
|
||
this node.
|
||
format: int32
|
||
type: integer
|
||
podCIDR:
|
||
description: PodCIDR is the CIDR to use for pod IP addresses,
|
||
only used in standalone mode. In cluster mode, this is obtained
|
||
from the master.
|
||
type: string
|
||
podInfraContainerImage:
|
||
description: PodInfraContainerImage is the image whose network/ipc
|
||
containers in each pod will use.
|
||
type: string
|
||
podManifestPath:
|
||
description: config is the path to the config file or directory
|
||
of files
|
||
type: string
|
||
podPidsLimit:
|
||
description: PodPidsLimit is the maximum number of pids in any
|
||
pod.
|
||
format: int64
|
||
type: integer
|
||
protectKernelDefaults:
|
||
description: 'Default kubelet behaviour for kernel tuning. If
|
||
set, kubelet errors if any of kernel tunables is different than
|
||
kubelet defaults. (DEPRECATED: This parameter should be set
|
||
via the config file specified by the Kubelet''s --config flag.'
|
||
type: boolean
|
||
readOnlyPort:
|
||
description: ReadOnlyPort is the port used by the kubelet api
|
||
for read-only access (default 10255)
|
||
format: int32
|
||
type: integer
|
||
reconcileCIDR:
|
||
description: ReconcileCIDR is Reconcile node CIDR with the CIDR
|
||
specified by the API server. No-op if register-node or configure-cbr0
|
||
is false.
|
||
type: boolean
|
||
registerNode:
|
||
description: RegisterNode enables automatic registration with
|
||
the apiserver.
|
||
type: boolean
|
||
registerSchedulable:
|
||
description: registerSchedulable tells the kubelet to register
|
||
the node as schedulable. No-op if register-node is false.
|
||
type: boolean
|
||
registryBurst:
|
||
description: RegistryBurst Maximum size of a bursty pulls, temporarily
|
||
allows pulls to burst to this number, while still not exceeding
|
||
registry-qps. Only used if --registry-qps > 0 (default 10)
|
||
format: int32
|
||
type: integer
|
||
registryPullQPS:
|
||
description: RegistryPullQPS if > 0, limit registry pull QPS to
|
||
this value. If 0, unlimited. (default 5)
|
||
format: int32
|
||
type: integer
|
||
requireKubeconfig:
|
||
description: RequireKubeconfig indicates a kubeconfig is required
|
||
type: boolean
|
||
resolvConf:
|
||
description: ResolverConfig is the resolver configuration file
|
||
used as the basis for the container DNS resolution configuration."),
|
||
[]
|
||
type: string
|
||
rootDir:
|
||
description: RootDir is the directory path for managing kubelet
|
||
files (volume mounts,etc)
|
||
type: string
|
||
rotateCertificates:
|
||
description: rotateCertificates enables client certificate rotation.
|
||
type: boolean
|
||
runtimeCgroups:
|
||
description: Cgroups that container runtime is expected to be
|
||
isolated in.
|
||
type: string
|
||
runtimeRequestTimeout:
|
||
description: RuntimeRequestTimeout is timeout for runtime requests
|
||
on - pull, logs, exec and attach
|
||
type: string
|
||
seccompDefault:
|
||
description: SeccompDefault enables the use of `RuntimeDefault`
|
||
as the default seccomp profile for all workloads.
|
||
type: boolean
|
||
seccompProfileRoot:
|
||
description: SeccompProfileRoot is the directory path for seccomp
|
||
profiles.
|
||
type: string
|
||
serializeImagePulls:
|
||
description: SerializeImagePulls when enabled, tells the Kubelet
|
||
to pull images one at a time.
|
||
type: boolean
|
||
shutdownGracePeriod:
|
||
description: 'ShutdownGracePeriod specifies the total duration
|
||
that the node should delay the shutdown by. Default: 30s'
|
||
type: string
|
||
shutdownGracePeriodCriticalPods:
|
||
description: 'ShutdownGracePeriodCriticalPods specifies the duration
|
||
used to terminate critical pods during a node shutdown. Default:
|
||
10s'
|
||
type: string
|
||
streamingConnectionIdleTimeout:
|
||
description: StreamingConnectionIdleTimeout is the maximum time
|
||
a streaming connection can be idle before the connection is
|
||
automatically closed
|
||
type: string
|
||
systemCgroups:
|
||
description: SystemCgroups is absolute name of cgroups in which
|
||
to place all non-kernel processes that are not already in a
|
||
container. Empty for no container. Rolling back the flag requires
|
||
a reboot.
|
||
type: string
|
||
systemReserved:
|
||
additionalProperties:
|
||
type: string
|
||
description: Capture resource reservation for OS system daemons
|
||
like sshd, udev, etc.
|
||
type: object
|
||
systemReservedCgroup:
|
||
description: Parent control group for OS system daemons.
|
||
type: string
|
||
taints:
|
||
description: Taints to add when registering a node in the cluster
|
||
items:
|
||
type: string
|
||
type: array
|
||
tlsCertFile:
|
||
description: 'TODO: Remove unused TLSCertFile'
|
||
type: string
|
||
tlsCipherSuites:
|
||
description: TLSCipherSuites indicates the allowed TLS cipher
|
||
suite
|
||
items:
|
||
type: string
|
||
type: array
|
||
tlsMinVersion:
|
||
description: TLSMinVersion indicates the minimum TLS version allowed
|
||
type: string
|
||
tlsPrivateKeyFile:
|
||
description: 'TODO: Remove unused TLSPrivateKeyFile'
|
||
type: string
|
||
topologyManagerPolicy:
|
||
description: TopologyManagerPolicy determines the allocation policy
|
||
for the topology manager.
|
||
type: string
|
||
volumePluginDirectory:
|
||
description: The full path of the directory in which to search
|
||
for additional third party volume plugins (this path must be
|
||
writeable, dependent on your choice of OS)
|
||
type: string
|
||
volumeStatsAggPeriod:
|
||
description: VolumeStatsAggPeriod is the interval for kubelet
|
||
to calculate and cache the volume disk usage for all pods and
|
||
volumes
|
||
type: string
|
||
type: object
|
||
machineType:
|
||
description: MachineType is the instance class
|
||
type: string
|
||
manager:
|
||
description: Manager determines what is managing the node lifecycle
|
||
type: string
|
||
maxInstanceLifetime:
|
||
description: MaxInstanceLifetime to the maximum amount of time, in
|
||
seconds, that an instance can be in service. Value expected must
|
||
be in form of duration ("ms", "s", "m", "h")
|
||
type: string
|
||
maxPrice:
|
||
description: MaxPrice indicates this is a spot-pricing group, with
|
||
the specified value as our max-price bid
|
||
type: string
|
||
maxSize:
|
||
description: MaxSize is the maximum size of the pool
|
||
format: int32
|
||
type: integer
|
||
minSize:
|
||
description: MinSize is the minimum size of the pool
|
||
format: int32
|
||
type: integer
|
||
mixedInstancesPolicy:
|
||
description: MixedInstancesPolicy defined a optional backing of an
|
||
AWS ASG by a EC2 Fleet (AWS Only)
|
||
properties:
|
||
instanceRequirements:
|
||
description: InstanceRequirements is a list of requirements for
|
||
any instance type we are willing to run in the EC2 fleet.
|
||
properties:
|
||
cpu:
|
||
properties:
|
||
max:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
min:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
type: object
|
||
memory:
|
||
properties:
|
||
max:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
min:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||
x-kubernetes-int-or-string: true
|
||
type: object
|
||
type: object
|
||
instances:
|
||
description: Instances is a list of instance types which we are
|
||
willing to run in the EC2 fleet
|
||
items:
|
||
type: string
|
||
type: array
|
||
onDemandAboveBase:
|
||
description: OnDemandAboveBase controls the percentages of On-Demand
|
||
Instances and Spot Instances for your additional capacity beyond
|
||
OnDemandBase. The range is 0–100. The default value is 100.
|
||
If you leave this parameter set to 100, the percentages are
|
||
100% for On-Demand Instances and 0% for Spot Instances.
|
||
format: int64
|
||
type: integer
|
||
onDemandAllocationStrategy:
|
||
description: OnDemandAllocationStrategy indicates how to allocate
|
||
instance types to fulfill On-Demand capacity
|
||
type: string
|
||
onDemandBase:
|
||
description: OnDemandBase is the minimum amount of the Auto Scaling
|
||
group's capacity that must be fulfilled by On-Demand Instances.
|
||
This base portion is provisioned first as your group scales.
|
||
format: int64
|
||
type: integer
|
||
spotAllocationStrategy:
|
||
description: SpotAllocationStrategy diversifies your Spot capacity
|
||
across multiple instance types to find the best pricing. Higher
|
||
Spot availability may result from a larger number of instance
|
||
types to choose from.
|
||
type: string
|
||
spotInstancePools:
|
||
description: SpotInstancePools is the number of Spot pools to
|
||
use to allocate your Spot capacity (defaults to 2) pools are
|
||
determined from the different instance types in the Overrides
|
||
array of LaunchTemplate
|
||
format: int64
|
||
type: integer
|
||
type: object
|
||
nodeLabels:
|
||
additionalProperties:
|
||
type: string
|
||
description: NodeLabels indicates the kubernetes labels for nodes
|
||
in this instance group
|
||
type: object
|
||
packages:
|
||
description: Packages specifies additional packages to be installed.
|
||
items:
|
||
type: string
|
||
type: array
|
||
role:
|
||
description: 'Type determines the role of instances in this instance
|
||
group: masters or nodes'
|
||
type: string
|
||
rollingUpdate:
|
||
description: RollingUpdate defines the rolling-update behavior
|
||
properties:
|
||
drainAndTerminate:
|
||
description: DrainAndTerminate enables draining and terminating
|
||
nodes during rolling updates. Defaults to true.
|
||
type: boolean
|
||
maxSurge:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
description: 'MaxSurge is the maximum number of extra nodes that
|
||
can be created during the update. The value can be an absolute
|
||
number (for example 5) or a percentage of desired machines (for
|
||
example 10%). The absolute number is calculated from a percentage
|
||
by rounding up. Has no effect on instance groups with role "Master".
|
||
Defaults to 1 on AWS, 0 otherwise. Example: when this is set
|
||
to 30%, the InstanceGroup can be scaled up immediately when
|
||
the rolling update starts, such that the total number of old
|
||
and new nodes do not exceed 130% of desired nodes.'
|
||
x-kubernetes-int-or-string: true
|
||
maxUnavailable:
|
||
anyOf:
|
||
- type: integer
|
||
- type: string
|
||
description: 'MaxUnavailable is the maximum number of nodes that
|
||
can be unavailable during the update. The value can be an absolute
|
||
number (for example 5) or a percentage of desired nodes (for
|
||
example 10%). The absolute number is calculated from a percentage
|
||
by rounding down. Defaults to 1 if MaxSurge is 0, otherwise
|
||
defaults to 0. Example: when this is set to 30%, the InstanceGroup
|
||
can be scaled down to 70% of desired nodes immediately when
|
||
the rolling update starts. Once new nodes are ready, more old
|
||
nodes can be drained, ensuring that the total number of nodes
|
||
available at all times during the update is at least 70% of
|
||
desired nodes.'
|
||
x-kubernetes-int-or-string: true
|
||
type: object
|
||
rootVolumeDeleteOnTermination:
|
||
description: RootVolumeDeleteOnTermination is unused.
|
||
type: boolean
|
||
rootVolumeEncryption:
|
||
description: RootVolumeEncryption enables EBS root volume encryption
|
||
for an instance
|
||
type: boolean
|
||
rootVolumeEncryptionKey:
|
||
description: RootVolumeEncryptionKey provides the key identifier for
|
||
root volume encryption
|
||
type: string
|
||
rootVolumeIops:
|
||
description: RootVolumeIOPS is the provisioned IOPS when the volume
|
||
type is io1, io2 or gp3 (AWS only).
|
||
format: int32
|
||
type: integer
|
||
rootVolumeOptimization:
|
||
description: RootVolumeOptimization enables EBS optimization for an
|
||
instance
|
||
type: boolean
|
||
rootVolumeSize:
|
||
description: RootVolumeSize is the size of the EBS root volume to
|
||
use, in GB
|
||
format: int32
|
||
type: integer
|
||
rootVolumeThroughput:
|
||
description: RootVolumeThroughput is the volume throughput in MBps
|
||
when the volume type is gp3 (AWS only).
|
||
format: int32
|
||
type: integer
|
||
rootVolumeType:
|
||
description: RootVolumeType is the type of the EBS root volume to
|
||
use (e.g. gp2)
|
||
type: string
|
||
securityGroupOverride:
|
||
description: SecurityGroupOverride overrides the default security
|
||
group created by Kops for this IG (AWS only).
|
||
type: string
|
||
spotDurationInMinutes:
|
||
description: SpotDurationInMinutes indicates this is a spot-block
|
||
group, with the specified value as the spot reservation time
|
||
format: int64
|
||
type: integer
|
||
subnets:
|
||
description: Subnets is the names of the Subnets (as specified in
|
||
the Cluster) where machines in this instance group should be placed
|
||
items:
|
||
type: string
|
||
type: array
|
||
suspendProcesses:
|
||
description: SuspendProcesses disables the listed Scaling Policies
|
||
items:
|
||
type: string
|
||
type: array
|
||
sysctlParameters:
|
||
description: SysctlParameters will configure kernel parameters using
|
||
sysctl(8). When specified, each parameter must follow the form variable=value,
|
||
the way it would appear in sysctl.conf.
|
||
items:
|
||
type: string
|
||
type: array
|
||
taints:
|
||
description: Taints indicates the kubernetes taints for nodes in this
|
||
instance group
|
||
items:
|
||
type: string
|
||
type: array
|
||
tenancy:
|
||
description: Describes the tenancy of this instance group. Can be
|
||
either default or dedicated. Currently only applies to AWS.
|
||
type: string
|
||
updatePolicy:
|
||
description: 'UpdatePolicy determines the policy for applying upgrades
|
||
automatically. If specified, this value overrides a value specified
|
||
in the Cluster''s "spec.updatePolicy" field. Valid values: ''automatic''
|
||
(default): apply updates automatically (apply OS security upgrades,
|
||
avoiding rebooting when possible) ''external'': do not apply updates
|
||
automatically; they are applied manually or by an external system'
|
||
type: string
|
||
volumeMounts:
|
||
description: VolumeMounts a collection of volume mounts
|
||
items:
|
||
description: VolumeMountSpec defines the specification for mounting
|
||
a device
|
||
properties:
|
||
device:
|
||
description: Device is the device name to provision and mount
|
||
type: string
|
||
filesystem:
|
||
description: Filesystem is the filesystem to mount
|
||
type: string
|
||
formatOptions:
|
||
description: FormatOptions is a collection of options passed
|
||
when formatting the device
|
||
items:
|
||
type: string
|
||
type: array
|
||
mountOptions:
|
||
description: MountOptions is a collection of mount options
|
||
items:
|
||
type: string
|
||
type: array
|
||
path:
|
||
description: Path is the location to mount the device
|
||
type: string
|
||
type: object
|
||
type: array
|
||
volumes:
|
||
description: Volumes is a collection of additional volumes to create
|
||
for instances within this InstanceGroup
|
||
items:
|
||
description: VolumeSpec defined the spec for an additional volume
|
||
attached to the instance group
|
||
properties:
|
||
deleteOnTermination:
|
||
description: DeleteOnTermination configures volume retention
|
||
policy upon instance termination. The volume is deleted by
|
||
default. Cluster deletion does not remove retained volumes.
|
||
type: boolean
|
||
device:
|
||
description: Device is an optional device name of the block
|
||
device
|
||
type: string
|
||
encrypted:
|
||
description: Encrypted indicates you want to encrypt the volume
|
||
type: boolean
|
||
iops:
|
||
description: IOPS is the provisioned IOPS for the volume when
|
||
the volume type is io1, io2 or gp3 (AWS only).
|
||
format: int64
|
||
type: integer
|
||
key:
|
||
description: Key is the encryption key identifier for the volume
|
||
type: string
|
||
size:
|
||
description: Size is the size of the volume in GB
|
||
format: int64
|
||
type: integer
|
||
throughput:
|
||
description: Throughput is the volume throughput in MBps when
|
||
the volume type is gp3 (AWS only).
|
||
format: int64
|
||
type: integer
|
||
type:
|
||
description: Type is the type of volume to create and is cloud
|
||
specific
|
||
type: string
|
||
type: object
|
||
type: array
|
||
warmPool:
|
||
description: WarmPool configures an ASG warm pool for the instance
|
||
group
|
||
properties:
|
||
enableLifecycleHook:
|
||
description: EnableLifecycleHook determines if an ASG lifecycle
|
||
hook will be added ensuring that nodeup runs to completion.
|
||
Note that the metadata API must be protected from arbitrary
|
||
Pods when this is enabled.
|
||
type: boolean
|
||
maxSize:
|
||
description: MaxSize is the maximum size of the warm pool. The
|
||
desired size of the instance group is subtracted from this number
|
||
to determine the desired size of the warm pool (unless the resulting
|
||
number is smaller than MinSize). The default is the instance
|
||
group's MaxSize.
|
||
format: int64
|
||
type: integer
|
||
minSize:
|
||
description: MinSize is the minimum size of the pool
|
||
format: int64
|
||
type: integer
|
||
type: object
|
||
zones:
|
||
description: Zones is the names of the Zones where machines in this
|
||
instance group should be placed This is needed for regional subnets
|
||
(e.g. GCE), to restrict placement to particular zones
|
||
items:
|
||
type: string
|
||
type: array
|
||
type: object
|
||
type: object
|
||
served: true
|
||
storage: true
|
||
subresources: {}
|