kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kops/k8s/crds/kops.k8s.io_clusters.yaml

2934 lines
139 KiB
YAML
Raw Blame History

---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
creationTimestamp: null
name: clusters.kops.k8s.io
spec:
group: kops.k8s.io
names:
kind: Cluster
listKind: ClusterList
plural: clusters
singular: cluster
scope: ""
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ClusterSpec defines the configuration for a cluster
properties:
DisableSubnetTags:
description: DisableSubnetTags controls if subnets are tagged in AWS
type: boolean
additionalNetworkCIDRs:
description: AdditionalNetworkCIDRs is a list of additional CIDR used
for the AWS VPC or otherwise allocated to k8s. This is a real CIDR,
not the internal k8s network On AWS, it maps to any additional CIDRs
added to a VPC.
items:
type: string
type: array
additionalPolicies:
additionalProperties:
type: string
description: Additional policies to add for roles
type: object
additionalSans:
description: AdditionalSANs adds additional Subject Alternate Names
to apiserver cert that kops generates
items:
type: string
type: array
addons:
description: Additional addons that should be installed on the cluster
items:
description: AddonSpec defines an addon that we want to install in
the cluster
properties:
manifest:
description: Manifest is a path to the manifest that defines the
addon
type: string
type: object
type: array
api:
description: API field controls how the API is exposed outside the cluster
properties:
dns:
description: DNS will be used to provide config on kube-apiserver
ELB DNS
type: object
loadBalancer:
description: LoadBalancer is the configuration for the kube-apiserver
ELB
properties:
additionalSecurityGroups:
description: AdditionalSecurityGroups attaches additional security
groups (e.g. sg-123456).
items:
type: string
type: array
crossZoneLoadBalancing:
description: CrossZoneLoadBalancing allows you to enable the
cross zone load balancing
type: boolean
idleTimeoutSeconds:
description: IdleTimeoutSeconds sets the timeout of the api
loadbalancer.
format: int64
type: integer
securityGroupOverride:
description: SecurityGroupOverride overrides the default Kops
created SG for the load balancer.
type: string
sslCertificate:
description: SSLCertificate allows you to specify the ACM cert
to be used the LB
type: string
type:
description: Type of load balancer to create may Public or Internal.
type: string
useForInternalApi:
description: UseForInternalApi indicates whether the LB should
be used by the kubelet
type: boolean
type: object
type: object
assets:
description: Alternative locations for files and containers
properties:
containerProxy:
description: ContainerProxy is a url for a pull-through proxy of
a docker registry
type: string
containerRegistry:
description: ContainerRegistry is a url for to a docker registry
type: string
fileRepository:
description: FileRepository is the url for a private file serving
repository
type: string
type: object
authentication:
description: Authentication field controls how the cluster is configured
for authentication
properties:
aws:
properties:
cpuLimit:
description: CPULimit CPU limit of AWS IAM Authenticator container.
Default 10m
type: string
cpuRequest:
description: CPURequest CPU request of AWS IAM Authenticator
container. Default 10m
type: string
image:
description: Image is the AWS IAM Authenticator docker image
to uses
type: string
memoryLimit:
description: MemoryLimit memory limit of AWS IAM Authenticator
container. Default 20Mi
type: string
memoryRequest:
description: MemoryRequest memory request of AWS IAM Authenticator
container. Default 20Mi
type: string
type: object
kopeio:
type: object
type: object
authorization:
description: Authorization field controls how the cluster is configured
for authorization
properties:
alwaysAllow:
type: object
rbac:
type: object
type: object
channel:
description: The Channel we are following
type: string
cloudConfig:
description: CloudConfiguration defines the cloud provider configuration
properties:
disableSecurityGroupIngress:
description: AWS cloud-config options
type: boolean
elbSecurityGroup:
type: string
multizone:
description: GCE cloud-config options
type: boolean
nodeInstancePrefix:
type: string
nodeTags:
type: string
openstack:
description: Openstack cloud-config options
properties:
blockStorage:
properties:
bs-version:
type: string
ignore-volume-az:
type: boolean
override-volume-az:
type: string
type: object
insecureSkipVerify:
type: boolean
loadbalancer:
description: OpenstackLoadbalancerConfig defines the config
for a neutron loadbalancer
properties:
floatingNetwork:
type: string
floatingNetworkID:
type: string
floatingSubnet:
type: string
manageSecurityGroups:
type: boolean
method:
type: string
provider:
type: string
subnetID:
type: string
useOctavia:
type: boolean
type: object
monitor:
description: OpenstackMonitor defines the config for a health
monitor
properties:
delay:
type: string
maxRetries:
type: integer
timeout:
type: string
type: object
router:
description: OpenstackRouter defines the config for a router
properties:
dnsServers:
type: string
externalNetwork:
type: string
externalSubnet:
type: string
type: object
type: object
spotinstOrientation:
type: string
spotinstProduct:
description: Spotinst cloud-config specs
type: string
vSphereCoreDNSServer:
type: string
vSphereDatacenter:
type: string
vSphereDatastore:
type: string
vSpherePassword:
type: string
vSphereResourcePool:
type: string
vSphereServer:
type: string
vSphereUsername:
description: vSphere cloud-config specs
type: string
type: object
cloudControllerManager:
description: CloudControllerManagerConfig is the configuration of the
cloud controller
properties:
allocateNodeCIDRs:
description: AllocateNodeCIDRs enables CIDRs for Pods to be allocated
and, if ConfigureCloudRoutes is true, to be set on the cloud provider.
type: boolean
cidrAllocatorType:
description: CIDRAllocatorType specifies the type of CIDR allocator
to use.
type: string
cloudProvider:
description: CloudProvider is the provider for cloud services.
type: string
clusterCIDR:
description: ClusterCIDR is CIDR Range for Pods in cluster.
type: string
clusterName:
description: ClusterName is the instance prefix for the cluster.
type: string
configureCloudRoutes:
description: ConfigureCloudRoutes enables CIDRs allocated with to
be configured on the cloud provider.
type: boolean
image:
description: Image is the OCI image of the cloud controller manager.
type: string
leaderElection:
description: LeaderElection defines the configuration of leader
election client.
properties:
leaderElect:
description: leaderElect enables a leader election client to
gain leadership before executing the main loop. Enable this
when running replicated components for high availability.
type: boolean
leaderElectLeaseDuration:
description: leaderElectLeaseDuration is the length in time
non-leader candidates will wait after observing a leadership
renewal until attempting to acquire leadership of a led but
unrenewed leader slot. This is effectively the maximum duration
that a leader can be stopped before it is replaced by another
candidate
type: string
leaderElectRenewDeadlineDuration:
description: LeaderElectRenewDeadlineDuration is the interval
between attempts by the acting master to renew a leadership
slot before it stops leading. This must be less than or equal
to the lease duration.
type: string
leaderElectResourceLock:
description: LeaderElectResourceLock is the type of resource
object that is used for locking during leader election. Supported
options are endpoints (default) and `configmaps`.
type: string
leaderElectResourceName:
description: LeaderElectResourceName is the name of resource
object that is used for locking during leader election.
type: string
leaderElectResourceNamespace:
description: LeaderElectResourceNamespace is the namespace of
resource object that is used for locking during leader election.
type: string
leaderElectRetryPeriod:
description: LeaderElectRetryPeriod is The duration the clients
should wait between attempting acquisition and renewal of
a leadership. This is only applicable if leader election is
enabled.
type: string
type: object
logLevel:
description: LogLevel is the verbosity of the logs.
format: int32
type: integer
master:
description: Master is the url for the kube api master.
type: string
useServiceAccountCredentials:
description: UseServiceAccountCredentials controls whether we use
individual service account credentials for each controller.
type: boolean
type: object
cloudLabels:
additionalProperties:
type: string
description: Tags for AWS resources
type: object
cloudProvider:
description: The CloudProvider to use (aws or gce)
type: string
clusterDNSDomain:
description: ClusterDNSDomain is the suffix we use for internal DNS
names (normally cluster.local)
type: string
configBase:
description: ConfigBase is the path where we store configuration for
the cluster This might be different that the location when the cluster
spec itself is stored, both because this must be accessible to the
cluster, and because it might be on a different cloud or storage system
(etcd vs S3)
type: string
configStore:
description: ConfigStore is the VFS path to where the configuration
(Cluster, InstanceGroups etc) is stored
type: string
dnsControllerGossipConfig:
description: DNSControllerGossipConfig for the cluster assuming the
use of gossip DNS
properties:
listen:
type: string
protocol:
type: string
secondary: {}
secret:
type: string
seed:
type: string
type: object
dnsZone:
description: DNSZone is the DNS zone we should use when configuring
DNS This is because some clouds let us define a managed zone foo.bar,
and then have kubernetes.dev.foo.bar, without needing to define dev.foo.bar
as a hosted zone. DNSZone will probably be a suffix of the MasterPublicName
and MasterInternalName Note that DNSZone can either by the host name
of the zone (containing dots), or can be an identifier for the zone.
type: string
docker:
description: Component configurations
properties:
authorizationPlugins:
description: AuthorizationPlugins is a list of authorization plugins
items:
type: string
type: array
bridge:
description: Bridge is the network interface containers should bind
onto
type: string
bridgeIP:
description: BridgeIP is a specific IP address and netmask for the
docker0 bridge, using standard CIDR notation
type: string
dataRoot:
description: DataRoot is the root directory of persistent docker
state (default "/var/lib/docker")
type: string
defaultUlimit:
description: DefaultUlimit is the ulimits for containers
items:
type: string
type: array
execOpt:
description: ExecOpt is a series of options passed to the runtime
items:
type: string
type: array
execRoot:
description: ExecRoot is the root directory for execution state
files (default "/var/run/docker")
type: string
experimental:
description: Experimental features permits enabling new features
such as dockerd metrics
type: boolean
hosts:
description: Hosts enables you to configure the endpoints the docker
daemon listens on i.e. tcp://0.0.0.0.2375 or unix:///var/run/docker.sock
etc
items:
type: string
type: array
insecureRegistries:
description: InsecureRegistries enables multiple insecure docker
registry communications
items:
type: string
type: array
insecureRegistry:
description: InsecureRegistry enable insecure registry communication
@question according to dockers this a list??
type: string
ipMasq:
description: IPMasq enables ip masquerading for containers
type: boolean
ipTables:
description: IPtables enables addition of iptables rules
type: boolean
liveRestore:
description: LiveRestore enables live restore of docker when containers
are still running
type: boolean
logDriver:
description: LogDriver is the default driver for container logs
(default "json-file")
type: string
logLevel:
description: LogLevel is the logging level ("debug", "info", "warn",
"error", "fatal") (default "info")
type: string
logOpt:
description: Logopt is a series of options given to the log driver
options for containers
items:
type: string
type: array
metricsAddress:
description: Metrics address is the endpoint to serve with Prometheus
format metrics
type: string
mtu:
description: MTU is the containers network MTU
format: int32
type: integer
registryMirrors:
description: RegistryMirrors is a referred list of docker registry
mirror
items:
type: string
type: array
skipInstall:
description: SkipInstall when set to true will prevent kops from
installing and modifying Docker in any way
type: boolean
storage:
description: Storage is the docker storage driver to use
type: string
storageOpts:
description: StorageOpts is a series of options passed to the storage
driver
items:
type: string
type: array
userNamespaceRemap:
description: UserNamespaceRemap sets the user namespace remapping
option for the docker daemon
type: string
version:
description: Version is consumed by the nodeup and used to pick
the docker version
type: string
type: object
egressProxy:
description: HTTPProxy defines connection information to support use
of a private cluster behind an forward HTTP Proxy
properties:
excludes:
type: string
httpProxy:
properties:
host:
type: string
port:
type: integer
type: object
type: object
encryptionConfig:
description: EncryptionConfig holds the encryption config
type: boolean
etcdClusters:
description: EtcdClusters stores the configuration for each cluster
items:
description: EtcdClusterSpec is the etcd cluster specification
properties:
backups:
description: Backups describes how we do backups of etcd
properties:
backupStore:
description: BackupStore is the VFS path where we will read/write
backup data
type: string
image:
description: Image is the etcd backup manager image to use. Setting
this will create a sidecar container in the etcd pod with
the specified image.
type: string
type: object
cpuRequest:
description: CPURequest specifies the cpu requests of each etcd
container in the cluster.
type: string
enableEtcdTLS:
description: EnableEtcdTLS indicates the etcd service should use
TLS between peers and clients
type: boolean
enableTLSAuth:
description: EnableTLSAuth indicates client and peer TLS auth
should be enforced
type: boolean
etcdMembers:
description: Members stores the configurations for each member
of the cluster (including the data volume)
items:
description: EtcdMemberSpec is a specification for a etcd member
properties:
encryptedVolume:
description: EncryptedVolume indicates you want to encrypt
the volume
type: boolean
instanceGroup:
description: InstanceGroup is the instanceGroup this volume
is associated
type: string
kmsKeyId:
description: KmsKeyId is a AWS KMS ID used to encrypt the
volume
type: string
name:
description: Name is the name of the member within the etcd
cluster
type: string
volumeIops:
description: If volume type is io1, then we need to specify
the number of Iops.
format: int32
type: integer
volumeSize:
description: VolumeSize is the underlying cloud volume size
format: int32
type: integer
volumeType:
description: VolumeType is the underlying cloud storage
class
type: string
type: object
type: array
heartbeatInterval:
description: HeartbeatInterval is the time (in milliseconds) for
an etcd heartbeat interval
type: string
image:
description: Image is the etcd docker image to use. Setting this
will ignore the Version specified.
type: string
leaderElectionTimeout:
description: LeaderElectionTimeout is the time (in milliseconds)
for an etcd leader election timeout
type: string
manager:
description: Manager describes the manager configuration
properties:
image:
description: Image is the etcd manager image to use.
type: string
type: object
memoryRequest:
description: MemoryRequest specifies the memory requests of each
etcd container in the cluster.
type: string
name:
description: Name is the name of the etcd cluster (main, events
etc)
type: string
provider:
description: 'Provider is the provider used to run etcd: standalone,
manager. We default to manager for kubernetes 1.11 or if the
manager is configured; otherwise standalone.'
type: string
version:
description: Version is the version of etcd to run i.e. 2.1.2,
3.0.17 etcd
type: string
type: object
type: array
externalDns:
description: ExternalDNSConfig are options of the dns-controller
properties:
disable:
description: Disable indicates we do not wish to run the dns-controller
addon
type: boolean
watchIngress:
description: WatchIngress indicates you want the dns-controller
to watch and create dns entries for ingress resources
type: boolean
watchNamespace:
description: WatchNamespace is namespace to watch, defaults to all
(use to control whom can creates dns entries)
type: string
type: object
fileAssets:
description: A collection of files assets for deployed cluster wide
items:
description: FileAssetSpec defines the structure for a file asset
properties:
content:
description: Content is the contents of the file
type: string
isBase64:
description: IsBase64 indicates the contents is base64 encoded
type: boolean
name:
description: Name is a shortened reference to the asset
type: string
path:
description: Path is the location this file should reside
type: string
roles:
description: Roles is a list of roles the file asset should be
applied, defaults to all
items:
description: InstanceGroupRole string describes the roles of
the nodes in this InstanceGroup (master or nodes)
type: string
type: array
type: object
type: array
gossipConfig:
description: GossipConfig for the cluster assuming the use of gossip
DNS
properties:
listen:
type: string
protocol:
type: string
secondary: {}
secret:
type: string
type: object
hooks:
description: Hooks for custom actions e.g. on first installation
items:
description: HookSpec is a definition hook
properties:
before:
description: Before is a series of systemd units which this hook
must run before
items:
type: string
type: array
disabled:
description: Disabled indicates if you want the unit switched
off
type: boolean
execContainer:
description: ExecContainer is the image itself
properties:
command:
description: Command is the command supplied to the above
image
items:
type: string
type: array
environment:
additionalProperties:
type: string
description: Environment is a map of environment variables
added to the hook
type: object
image:
description: Image is the docker image
type: string
type: object
manifest:
description: Manifest is a raw systemd unit file
type: string
name:
description: Name is an optional name for the hook, otherwise
the name is kops-hook-<index>
type: string
requires:
description: Requires is a series of systemd units the action
requires
items:
type: string
type: array
roles:
description: Roles is an optional list of roles the hook should
be rolled out to, defaults to all
items:
description: InstanceGroupRole string describes the roles of
the nodes in this InstanceGroup (master or nodes)
type: string
type: array
useRawManifest:
description: UseRawManifest indicates that the contents of Manifest
should be used as the contents of the systemd unit, unmodified.
Before and Requires are ignored when used together with this
value (and validation shouldn't allow them to be set)
type: boolean
type: object
type: array
iam:
description: IAM field adds control over the IAM security policies applied
to resources
properties:
allowContainerRegistry:
type: boolean
legacy:
type: boolean
required:
- legacy
type: object
isolateMasters:
description: 'IsolateMasters determines whether we should lock down
masters so that they are not on the pod network. true is the kube-up
behaviour, but it is very surprising: it means that daemonsets only
work on the master if they have hostNetwork=true. false is now the
default, and it will: * give the master a normal PodCIDR * run kube-proxy
on the master * enable debugging handlers on the master, so kubectl
logs works'
type: boolean
keyStore:
description: KeyStore is the VFS path to where SSL keys and certificates
are stored
type: string
kubeAPIServer:
description: KubeAPIServerConfig defines the configuration for the kube
api
properties:
address:
description: 'Address is the binding address for the kube api: Deprecated
- use insecure-bind-address and bind-address'
type: string
admissionControl:
description: 'Deprecated: AdmissionControl is a list of admission
controllers to use'
items:
type: string
type: array
admissionControlConfigFile:
description: AdmissionControlConfigFile is the location of the admission-control-config-file
type: string
allowPrivileged:
description: AllowPrivileged indicates if we can run privileged
containers
type: boolean
anonymousAuth:
description: AnonymousAuth indicates if anonymous authentication
is permitted
type: boolean
apiAudiences:
description: Identifiers of the API. The service account token authenticator
will validate that tokens used against the API are bound to at
least one of these audiences. If the --service-account-issuer
flag is configured and this flag is not, this field defaults to
a single element list containing the issuer URL.
items:
type: string
type: array
apiServerCount:
description: APIServerCount is the number of api servers
format: int32
type: integer
appendAdmissionPlugins:
description: AppendAdmissionPlugins appends list of enabled admission
plugins
items:
type: string
type: array
auditDynamicConfiguration:
description: AuditDynamicConfiguration enables dynamic audit configuration
via AuditSinks
type: boolean
auditLogFormat:
description: AuditLogFormat flag specifies the format type for audit
log files.
type: string
auditLogMaxAge:
description: The maximum number of days to retain old audit log
files based on the timestamp encoded in their filename.
format: int32
type: integer
auditLogMaxBackups:
description: The maximum number of old audit log files to retain.
format: int32
type: integer
auditLogMaxSize:
description: The maximum size in megabytes of the audit log file
before it gets rotated. Defaults to 100MB.
format: int32
type: integer
auditLogPath:
description: If set, all requests coming to the apiserver will be
logged to this file.
type: string
auditPolicyFile:
description: AuditPolicyFile is the full path to a advanced audit
configuration file e.g. /srv/kubernetes/audit.conf
type: string
auditWebhookBatchBufferSize:
description: AuditWebhookBatchBufferSize is The size of the buffer
to store events before batching and writing. Only used in batch
mode. (default 10000)
format: int32
type: integer
auditWebhookBatchMaxSize:
description: AuditWebhookBatchMaxSize is The maximum size of a batch.
Only used in batch mode. (default 400)
format: int32
type: integer
auditWebhookBatchMaxWait:
description: AuditWebhookBatchMaxWait is The amount of time to wait
before force writing the batch that hadn't reached the max size.
Only used in batch mode. (default 30s)
type: string
auditWebhookBatchThrottleBurst:
description: AuditWebhookBatchThrottleBurst is Maximum number of
requests sent at the same moment if ThrottleQPS was not utilized
before. Only used in batch mode. (default 15)
format: int32
type: integer
auditWebhookBatchThrottleEnable:
description: AuditWebhookBatchThrottleEnable is Whether batching
throttling is enabled. Only used in batch mode. (default true)
type: boolean
auditWebhookBatchThrottleQps:
description: AuditWebhookBatchThrottleQps is Maximum average number
of batches per second. Only used in batch mode. (default 10)
type: string
auditWebhookConfigFile:
description: AuditWebhookConfigFile is Path to a kubeconfig formatted
file that defines the audit webhook configuration. Requires the
'AdvancedAuditing' feature gate.
type: string
auditWebhookInitialBackoff:
description: AuditWebhookInitialBackoff is The amount of time to
wait before retrying the first failed request. (default 10s)
type: string
auditWebhookMode:
description: AuditWebhookMode is Strategy for sending audit events.
Blocking indicates sending events should block server responses.
Batch causes the backend to buffer and write events asynchronously.
Known modes are batch,blocking. (default "batch")
type: string
authenticationTokenWebhookCacheTtl:
description: The duration to cache responses from the webhook token
authenticator. Default is 2m. (default 2m0s)
type: string
authenticationTokenWebhookConfigFile:
description: File with webhook configuration for token authentication
in kubeconfig format. The API server will query the remote service
to determine authentication for bearer tokens.
type: string
authorizationMode:
description: AuthorizationMode is the authorization mode the kubeapi
is running in
type: string
authorizationRbacSuperUser:
description: AuthorizationRBACSuperUser is the name of the superuser
for default rbac
type: string
authorizationWebhookCacheAuthorizedTtl:
description: The duration to cache authorized responses from the
webhook token authorizer. Default is 5m. (default 5m0s)
type: string
authorizationWebhookCacheUnauthorizedTtl:
description: The duration to cache authorized responses from the
webhook token authorizer. Default is 30s. (default 30s)
type: string
authorizationWebhookConfigFile:
description: File with webhook configuration for authorization in
kubeconfig format. The API server will query the remote service
to determine whether to authorize the request.
type: string
basicAuthFile:
description: 'TODO: Remove unused BasicAuthFile'
type: string
bindAddress:
description: BindAddress is the binding address for the secure kubernetes
API
type: string
clientCAFile:
description: 'TODO: Remove unused ClientCAFile'
type: string
cloudProvider:
description: CloudProvider is the name of the cloudProvider we are
using, aws, gce etcd
type: string
cpuRequest:
description: CPURequest, cpu request compute resource for api server.
Defaults to "150m"
type: string
disableAdmissionPlugins:
description: DisableAdmissionPlugins is a list of disabled admission
plugins
items:
type: string
type: array
disableBasicAuth:
description: DisableBasicAuth removes the --basic-auth-file flag
type: boolean
enableAdmissionPlugins:
description: EnableAdmissionPlugins is a list of enabled admission
plugins
items:
type: string
type: array
enableAggregatorRouting:
description: EnableAggregatorRouting enables aggregator routing
requests to endpoints IP rather than cluster IP
type: boolean
enableBootstrapTokenAuth:
description: EnableBootstrapAuthToken enables 'bootstrap.kubernetes.io/token'
in the 'kube-system' namespace to be used for TLS bootstrapping
authentication
type: boolean
etcdCaFile:
description: EtcdCAFile is the path to a ca certificate
type: string
etcdCertFile:
description: EtcdCertFile is the path to a certificate
type: string
etcdKeyFile:
description: EtcdKeyFile is the path to a private key
type: string
etcdQuorumRead:
description: EtcdQuorumRead configures the etcd-quorum-read flag,
which forces consistent reads from etcd
type: boolean
etcdServers:
description: EtcdServers is a list of the etcd service to connect
items:
type: string
type: array
etcdServersOverrides:
description: 'EtcdServersOverrides is per-resource etcd servers
overrides, comma separated. The individual override format: group/resource#servers,
where servers are http://ip:port, semicolon separated'
items:
type: string
type: array
eventTTL:
description: Amount of time to retain Kubernetes events
type: string
experimentalEncryptionProviderConfig:
description: ExperimentalEncryptionProviderConfig enables encryption
at rest for secrets.
type: string
featureGates:
additionalProperties:
type: string
description: FeatureGates is set of key=value pairs that describe
feature gates for alpha/experimental features.
type: object
http2MaxStreamsPerConnection:
description: HTTP2MaxStreamsPerConnection sets the limit that the
server gives to clients for the maximum number of streams in an
HTTP/2 connection. Zero means to use golang's default.
format: int32
type: integer
image:
description: Image is the docker container used
type: string
insecureBindAddress:
description: InsecureBindAddress is the binding address for the
InsecurePort for the insecure kubernetes API
type: string
insecurePort:
description: InsecurePort is the port the insecure api runs
format: int32
type: integer
kubeletClientCertificate:
description: KubeletClientCertificate is the path of a certificate
for secure communication between api and kubelet
type: string
kubeletClientKey:
description: KubeletClientKey is the path of a private to secure
communication between api and kubelet
type: string
kubeletPreferredAddressTypes:
description: KubeletPreferredAddressTypes is a list of the preferred
NodeAddressTypes to use for kubelet connections
items:
type: string
type: array
logLevel:
description: LogLevel is the logging level of the api
format: int32
type: integer
maxMutatingRequestsInflight:
description: MaxMutatingRequestsInflight The maximum number of mutating
requests in flight at a given time. Defaults to 200
format: int32
type: integer
maxRequestsInflight:
description: MaxRequestsInflight The maximum number of non-mutating
requests in flight at a given time.
format: int32
type: integer
minRequestTimeout:
description: MinRequestTimeout configures the minimum number of
seconds a handler must keep a request open before timing it out.
Currently only honored by the watch request handler
format: int32
type: integer
oidcCAFile:
description: OIDCCAFile if set, the OpenID server's certificate
will be verified by one of the authorities in the oidc-ca-file
type: string
oidcClientID:
description: OIDCClientID is the client ID for the OpenID Connect
client, must be set if oidc-issuer-url is set.
type: string
oidcGroupsClaim:
description: OIDCGroupsClaim if provided, the name of a custom OpenID
Connect claim for specifying user groups. The claim value is expected
to be a string or array of strings.
type: string
oidcGroupsPrefix:
description: OIDCGroupsPrefix is the prefix prepended to group claims
to prevent clashes with existing names (such as 'system:' groups)
type: string
oidcIssuerURL:
description: OIDCIssuerURL is the URL of the OpenID issuer, only
HTTPS scheme will be accepted. If set, it will be used to verify
the OIDC JSON Web Token (JWT).
type: string
oidcRequiredClaim:
description: A key=value pair that describes a required claim in
the ID Token. If set, the claim is verified to be present in the
ID Token with a matching value. Repeat this flag to specify multiple
claims.
items:
type: string
type: array
oidcUsernameClaim:
description: OIDCUsernameClaim is the OpenID claim to use as the
user name. Note that claims other than the default ('sub') is
not guaranteed to be unique and immutable.
type: string
oidcUsernamePrefix:
description: OIDCUsernamePrefix is the prefix prepended to username
claims to prevent clashes with existing names (such as 'system:'
users).
type: string
proxyClientCertFile:
description: The apiserver's client certificate used for outbound
requests.
type: string
proxyClientKeyFile:
description: The apiserver's client key used for outbound requests.
type: string
requestheaderAllowedNames:
description: List of client certificate common names to allow to
provide usernames in headers specified by --requestheader-username-headers.
If empty, any client certificate validated by the authorities
in --requestheader-client-ca-file is allowed.
items:
type: string
type: array
requestheaderClientCAFile:
description: Root certificate bundle to use to verify client certificates
on incoming requests before trusting usernames in headers specified
by --requestheader-username-headers
type: string
requestheaderExtraHeaderPrefixes:
description: List of request header prefixes to inspect. X-Remote-Extra-
is suggested.
items:
type: string
type: array
requestheaderGroupHeaders:
description: List of request headers to inspect for groups. X-Remote-Group
is suggested.
items:
type: string
type: array
requestheaderUsernameHeaders:
description: List of request headers to inspect for usernames. X-Remote-User
is common.
items:
type: string
type: array
runtimeConfig:
additionalProperties:
type: string
description: RuntimeConfig is a series of keys/values are parsed
into the `--runtime-config` parameters
type: object
securePort:
description: SecurePort is the port the kube runs on
format: int32
type: integer
serviceAccountIssuer:
description: Identifier of the service account token issuer. The
issuer will assert this identifier in "iss" claim of issued tokens.
This value is a string or URI.
type: string
serviceAccountKeyFile:
description: File containing PEM-encoded x509 RSA or ECDSA private
or public keys, used to verify ServiceAccount tokens. The specified
file can contain multiple keys, and the flag can be specified
multiple times with different files. If unspecified, --tls-private-key-file
is used.
items:
type: string
type: array
serviceAccountSigningKeyFile:
description: Path to the file that contains the current private
key of the service account token issuer. The issuer will sign
issued ID tokens with this private key. (Requires the 'TokenRequest'
feature gate.)
type: string
serviceClusterIPRange:
description: ServiceClusterIPRange is the service address range
type: string
serviceNodePortRange:
description: Passed as --service-node-port-range to kube-apiserver.
Expects 'startPort-endPort' format e.g. 30000-33000
type: string
storageBackend:
description: StorageBackend is the backend storage
type: string
targetRamMb:
description: Memory limit for apiserver in MB (used to configure
sizes of caches, etc.)
format: int32
type: integer
tlsCertFile:
description: 'TODO: Remove unused TLSCertFile'
type: string
tlsCipherSuites:
description: TLSCipherSuites indicates the allowed TLS cipher suite
items:
type: string
type: array
tlsMinVersion:
description: TLSMinVersion indicates the minimum TLS version allowed
type: string
tlsPrivateKeyFile:
description: 'TODO: Remove unused TLSPrivateKeyFile'
type: string
tokenAuthFile:
description: 'TODO: Remove unused TokenAuthFile'
type: string
type: object
kubeControllerManager:
description: KubeControllerManagerConfig is the configuration for the
controller
properties:
allocateNodeCIDRs:
description: AllocateNodeCIDRs enables CIDRs for Pods to be allocated
and, if ConfigureCloudRoutes is true, to be set on the cloud provider.
type: boolean
attachDetachReconcileSyncPeriod:
description: ReconcilerSyncLoopPeriod is the amount of time the
reconciler sync states loop wait between successive executions.
Is set to 1 min by kops by default
type: string
cidrAllocatorType:
description: CIDRAllocatorType specifies the type of CIDR allocator
to use.
type: string
cloudProvider:
description: CloudProvider is the provider for cloud services.
type: string
clusterCIDR:
description: ClusterCIDR is CIDR Range for Pods in cluster.
type: string
clusterName:
description: ClusterName is the instance prefix for the cluster.
type: string
concurrentDeploymentSyncs:
description: The number of deployment objects that are allowed to
sync concurrently.
format: int32
type: integer
concurrentEndpointSyncs:
description: The number of endpoint objects that are allowed to
sync concurrently.
format: int32
type: integer
concurrentNamespaceSyncs:
description: The number of namespace objects that are allowed to
sync concurrently.
format: int32
type: integer
concurrentRcSyncs:
description: The number of replicationcontroller objects that are
allowed to sync concurrently. This only works on kubernetes >=
1.14
format: int32
type: integer
concurrentReplicasetSyncs:
description: The number of replicaset objects that are allowed to
sync concurrently.
format: int32
type: integer
concurrentResourceQuotaSyncs:
description: The number of resourcequota objects that are allowed
to sync concurrently.
format: int32
type: integer
concurrentServiceSyncs:
description: The number of service objects that are allowed to sync
concurrently.
format: int32
type: integer
concurrentServiceaccountTokenSyncs:
description: The number of serviceaccount objects that are allowed
to sync concurrently to create tokens.
format: int32
type: integer
configureCloudRoutes:
description: ConfigureCloudRoutes enables CIDRs allocated with to
be configured on the cloud provider.
type: boolean
controllers:
description: Controllers is a list of controllers to enable on the
controller-manager
items:
type: string
type: array
experimentalClusterSigningDuration:
description: ExperimentalClusterSigningDuration is the duration
that determines the length of duration that the signed certificates
will be given. (default 8760h0m0s)
type: string
featureGates:
additionalProperties:
type: string
description: FeatureGates is set of key=value pairs that describe
feature gates for alpha/experimental features.
type: object
horizontalPodAutoscalerDownscaleDelay:
description: HorizontalPodAutoscalerDownscaleDelay is a duration
that specifies how long the autoscaler has to wait before another
downscale operation can be performed after the current one has
completed.
type: string
horizontalPodAutoscalerDownscaleStabilization:
description: HorizontalPodAutoscalerDownscaleStabilization is the
period for which autoscaler will look backwards and not scale
down below any recommendation it made during that period.
type: string
horizontalPodAutoscalerSyncPeriod:
description: HorizontalPodAutoscalerSyncPeriod is the amount of
time between syncs During each period, the controller manager
queries the resource utilization against the metrics specified
in each HorizontalPodAutoscaler definition.
type: string
horizontalPodAutoscalerTolerance:
description: HorizontalPodAutoscalerTolerance is the minimum change
(from 1.0) in the desired-to-actual metrics ratio for the horizontal
pod autoscaler to consider scaling.
type: string
horizontalPodAutoscalerUpscaleDelay:
description: HorizontalPodAutoscalerUpscaleDelay is a duration that
specifies how long the autoscaler has to wait before another upscale
operation can be performed after the current one has completed.
type: string
horizontalPodAutoscalerUseRestClients:
description: HorizontalPodAutoscalerUseRestClients determines if
the new-style clients should be used if support for custom metrics
is enabled.
type: boolean
image:
description: Image is the docker image to use
type: string
kubeAPIBurst:
description: KubeAPIBurst Burst to use while talking with kubernetes
apiserver. (default 30)
format: int32
type: integer
kubeAPIQPS:
description: KubeAPIQPS QPS to use while talking with kubernetes
apiserver. (default 20)
type: string
leaderElection:
description: LeaderElection defines the configuration of leader
election client.
properties:
leaderElect:
description: leaderElect enables a leader election client to
gain leadership before executing the main loop. Enable this
when running replicated components for high availability.
type: boolean
leaderElectLeaseDuration:
description: leaderElectLeaseDuration is the length in time
non-leader candidates will wait after observing a leadership
renewal until attempting to acquire leadership of a led but
unrenewed leader slot. This is effectively the maximum duration
that a leader can be stopped before it is replaced by another
candidate
type: string
leaderElectRenewDeadlineDuration:
description: LeaderElectRenewDeadlineDuration is the interval
between attempts by the acting master to renew a leadership
slot before it stops leading. This must be less than or equal
to the lease duration.
type: string
leaderElectResourceLock:
description: LeaderElectResourceLock is the type of resource
object that is used for locking during leader election. Supported
options are endpoints (default) and `configmaps`.
type: string
leaderElectResourceName:
description: LeaderElectResourceName is the name of resource
object that is used for locking during leader election.
type: string
leaderElectResourceNamespace:
description: LeaderElectResourceNamespace is the namespace of
resource object that is used for locking during leader election.
type: string
leaderElectRetryPeriod:
description: LeaderElectRetryPeriod is The duration the clients
should wait between attempting acquisition and renewal of
a leadership. This is only applicable if leader election is
enabled.
type: string
type: object
logLevel:
description: LogLevel is the defined logLevel
format: int32
type: integer
master:
description: Master is the url for the kube api master
type: string
minResyncPeriod:
description: MinResyncPeriod indicates the resync period in reflectors.
The resync period will be random between MinResyncPeriod and 2*MinResyncPeriod.
(default 12h0m0s)
type: string
nodeCIDRMaskSize:
description: NodeCIDRMaskSize set the size for the mask of the nodes.
format: int32
type: integer
nodeMonitorGracePeriod:
description: NodeMonitorGracePeriod is the amount of time which
we allow running Node to be unresponsive before marking it unhealthy.
(default 40s) Must be N-1 times more than kubelet's nodeStatusUpdateFrequency,
where N means number of retries allowed for kubelet to post node
status.
type: string
nodeMonitorPeriod:
description: NodeMonitorPeriod is the period for syncing NodeStatus
in NodeController. (default 5s)
type: string
podEvictionTimeout:
description: PodEvictionTimeout is the grace period for deleting
pods on failed nodes. (default 5m0s)
type: string
rootCAFile:
description: rootCAFile is the root certificate authority will be
included in service account's token secret. This must be a valid
PEM-encoded CA bundle.
type: string
serviceAccountPrivateKeyFile:
description: ServiceAccountPrivateKeyFile the location for a certificate
for service account signing
type: string
terminatedPodGCThreshold:
description: TerminatedPodGCThreshold is the number of terminated
pods that can exist before the terminated pod garbage collector
starts deleting terminated pods. If <= 0, the terminated pod garbage
collector is disabled.
format: int32
type: integer
tlsCipherSuites:
description: TLSCipherSuites indicates the allowed TLS cipher suite
items:
type: string
type: array
tlsMinVersion:
description: TLSMinVersion indicates the minimum TLS version allowed
type: string
useServiceAccountCredentials:
description: UseServiceAccountCredentials controls whether we use
individual service account credentials for each controller.
type: boolean
type: object
kubeDNS:
description: KubeDNSConfig defines the kube dns configuration
properties:
cacheMaxConcurrent:
description: CacheMaxConcurrent is the maximum number of concurrent
queries for dnsmasq
type: integer
cacheMaxSize:
description: CacheMaxSize is the maximum entries to keep in dnsmasq
type: integer
coreDNSImage:
description: CoreDNSImage is used to override the default image
used for CoreDNS
type: string
cpuRequest:
description: CPURequest specifies the cpu requests of each dns container
in the cluster. Default 100m.
type: string
domain:
description: Domain is the dns domain
type: string
externalCoreFile:
description: ExternalCoreFile is used to provide a complete CoreDNS
CoreFile by the user - ignores other provided flags which modify
the CoreFile.
type: string
image:
description: Image is the name of the docker image to run - @deprecated
as this is now in the addon
type: string
memoryLimit:
description: MemoryLimit specifies the memory limit of each dns
container in the cluster. Default 170m.
type: string
memoryRequest:
description: MemoryRequest specifies the memory requests of each
dns container in the cluster. Default 70m.
type: string
provider:
description: Provider indicates whether CoreDNS or kube-dns will
be the default service discovery.
type: string
replicas:
description: Replicas is the number of pod replicas - @deprecated
as this is now in the addon, and controlled by autoscaler
type: integer
serverIP:
description: ServerIP is the server ip
type: string
stubDomains:
additionalProperties:
items:
type: string
type: array
description: StubDomains redirects a domains to another DNS service
type: object
upstreamNameservers:
description: UpstreamNameservers sets the upstream nameservers for
queries not on the cluster domain
items:
type: string
type: array
type: object
kubeProxy:
description: KubeProxyConfig defines the configuration for a proxy
properties:
bindAddress:
description: BindAddress is IP address for the proxy server to serve
on
type: string
clusterCIDR:
description: ClusterCIDR is the CIDR range of the pods in the cluster
type: string
conntrackMaxPerCore:
description: 'Maximum number of NAT connections to track per CPU
core (default: 131072)'
format: int32
type: integer
conntrackMin:
description: Minimum number of conntrack entries to allocate, regardless
of conntrack-max-per-core
format: int32
type: integer
cpuLimit:
description: CPULimit, cpu limit compute resource for kube proxy
e.g. "30m"
type: string
cpuRequest:
description: 'TODO: Better type ? CPURequest, cpu request compute
resource for kube proxy e.g. "20m"'
type: string
enabled:
description: Enabled allows enabling or disabling kube-proxy
type: boolean
featureGates:
additionalProperties:
type: string
description: FeatureGates is a series of key pairs used to switch
on features for the proxy
type: object
hostnameOverride:
description: HostnameOverride, if non-empty, will be used as the
identity instead of the actual hostname.
type: string
image:
type: string
ipvsExcludeCidrs:
description: IPVSExcludeCIDRS is comma-separated list of CIDR's
which the ipvs proxier should not touch when cleaning up IPVS
rules
items:
type: string
type: array
ipvsMinSyncPeriod:
description: IPVSMinSyncPeriod is the minimum interval of how often
the ipvs rules can be refreshed as endpoints and services change
(e.g. '5s', '1m', '2h22m')
type: string
ipvsScheduler:
description: IPVSScheduler is the ipvs scheduler type when proxy
mode is ipvs
type: string
ipvsSyncPeriod:
description: IPVSSyncPeriod duration is the maximum interval of
how often ipvs rules are refreshed
type: string
logLevel:
description: LogLevel is the logging level of the proxy
format: int32
type: integer
master:
description: Master is the address of the Kubernetes API server
(overrides any value in kubeconfig)
type: string
memoryLimit:
description: MemoryLimit, memory limit compute resource for kube
proxy e.g. "30Mi"
type: string
memoryRequest:
description: MemoryRequest, memory request compute resource for
kube proxy e.g. "30Mi"
type: string
metricsBindAddress:
description: MetricsBindAddress is the IP address for the metrics
server to serve on
type: string
proxyMode:
description: 'Which proxy mode to use: (userspace, iptables, ipvs)'
type: string
type: object
kubeScheduler:
description: KubeSchedulerConfig is the configuration for the kube-scheduler
properties:
featureGates:
additionalProperties:
type: string
description: FeatureGates is set of key=value pairs that describe
feature gates for alpha/experimental features.
type: object
image:
description: Image is the docker image to use
type: string
leaderElection:
description: LeaderElection defines the configuration of leader
election client.
properties:
leaderElect:
description: leaderElect enables a leader election client to
gain leadership before executing the main loop. Enable this
when running replicated components for high availability.
type: boolean
leaderElectLeaseDuration:
description: leaderElectLeaseDuration is the length in time
non-leader candidates will wait after observing a leadership
renewal until attempting to acquire leadership of a led but
unrenewed leader slot. This is effectively the maximum duration
that a leader can be stopped before it is replaced by another
candidate
type: string
leaderElectRenewDeadlineDuration:
description: LeaderElectRenewDeadlineDuration is the interval
between attempts by the acting master to renew a leadership
slot before it stops leading. This must be less than or equal
to the lease duration.
type: string
leaderElectResourceLock:
description: LeaderElectResourceLock is the type of resource
object that is used for locking during leader election. Supported
options are endpoints (default) and `configmaps`.
type: string
leaderElectResourceName:
description: LeaderElectResourceName is the name of resource
object that is used for locking during leader election.
type: string
leaderElectResourceNamespace:
description: LeaderElectResourceNamespace is the namespace of
resource object that is used for locking during leader election.
type: string
leaderElectRetryPeriod:
description: LeaderElectRetryPeriod is The duration the clients
should wait between attempting acquisition and renewal of
a leadership. This is only applicable if leader election is
enabled.
type: string
type: object
logLevel:
description: LogLevel is the logging level
format: int32
type: integer
master:
description: Master is a url to the kube master
type: string
maxPersistentVolumes:
description: 'MaxPersistentVolumes changes the maximum number of
persistent volumes the scheduler will scheduler onto the same
node. Only takes into affect if value is positive. This corresponds
to the KUBE_MAX_PD_VOLS environment variable, which has been supported
as far back as Kubernetes 1.7. The default depends on the version
and the cloud provider as outlined: https://kubernetes.io/docs/concepts/storage/storage-limits/'
format: int32
type: integer
usePolicyConfigMap:
description: UsePolicyConfigMap enable setting the scheduler policy
from a configmap
type: boolean
type: object
kubelet:
description: KubeletConfigSpec defines the kubelet configuration
properties:
allowPrivileged:
description: AllowPrivileged enables containers to request privileged
mode (defaults to false)
type: boolean
allowedUnsafeSysctls:
description: AllowedUnsafeSysctls are passed to the kubelet config
to whitelist allowable sysctls
items:
type: string
type: array
anonymousAuth:
description: AnonymousAuth permits you to control auth to the kubelet
api
type: boolean
apiServers:
description: APIServers is not used for clusters version 1.6 and
later - flag removed
type: string
authenticationTokenWebhook:
description: AuthenticationTokenWebhook uses the TokenReview API
to determine authentication for bearer tokens.
type: boolean
authenticationTokenWebhookCacheTtl:
description: AuthenticationTokenWebhook sets the duration to cache
responses from the webhook token authenticator. Default is 2m.
(default 2m0s)
type: string
authorizationMode:
description: AuthorizationMode is the authorization mode the kubelet
is running in
type: string
babysitDaemons:
description: The node has babysitter process monitoring docker and
kubelet. Removed as of 1.7
type: boolean
bootstrapKubeconfig:
description: BootstrapKubeconfig is the path to a kubeconfig file
that will be used to get client certificate for kubelet
type: string
cgroupRoot:
description: cgroupRoot is the root cgroup to use for pods. This
is handled by the container runtime on a best effort basis.
type: string
clientCaFile:
description: ClientCAFile is the path to a CA certificate
type: string
cloudProvider:
description: CloudProvider is the provider for cloud services.
type: string
clusterDNS:
description: ClusterDNS is the IP address for a cluster DNS server
type: string
clusterDomain:
description: ClusterDomain is the DNS domain for this cluster
type: string
configureCbr0:
description: configureCBR0 enables the kubelet to configure cbr0
based on Node.Spec.PodCIDR.
type: boolean
cpuCFSQuota:
description: CPUCFSQuota enables CPU CFS quota enforcement for containers
that specify CPU limits
type: boolean
cpuCFSQuotaPeriod:
description: CPUCFSQuotaPeriod sets CPU CFS quota period value,
cpu.cfs_period_us, defaults to Linux Kernel default
type: string
cpuManagerPolicy:
description: CpuManagerPolicy allows for changing the default policy
of None to static
type: string
dockerDisableSharedPID:
description: DockerDisableSharedPID uses a shared PID namespace
for containers in a pod.
type: boolean
enableCustomMetrics:
description: Enable gathering custom metrics.
type: boolean
enableDebuggingHandlers:
description: EnableDebuggingHandlers enables server endpoints for
log collection and local running of containers and commands
type: boolean
enforceNodeAllocatable:
description: Enforce Allocatable across pods whenever the overall
usage across all pods exceeds Allocatable.
type: string
evictionHard:
description: Comma-delimited list of hard eviction expressions. For
example, 'memory.available<300Mi'.
type: string
evictionMaxPodGracePeriod:
description: Maximum allowed grace period (in seconds) to use when
terminating pods in response to a soft eviction threshold being
met.
format: int32
type: integer
evictionMinimumReclaim:
description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi)
that describes the minimum amount of resource the kubelet will
reclaim when performing a pod eviction if that resource is under
pressure.
type: string
evictionPressureTransitionPeriod:
description: Duration for which the kubelet has to wait before transitioning
out of an eviction pressure condition.
type: string
evictionSoft:
description: Comma-delimited list of soft eviction expressions. For
example, 'memory.available<300Mi'.
type: string
evictionSoftGracePeriod:
description: Comma-delimited list of grace periods for each soft
eviction signal. For example, 'memory.available=30s'.
type: string
experimentalAllowedUnsafeSysctls:
description: ExperimentalAllowedUnsafeSysctls are passed to the
kubelet config to whitelist allowable sysctls Was promoted to
beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717
items:
type: string
type: array
failSwapOn:
description: Tells the Kubelet to fail to start if swap is enabled
on the node.
type: boolean
featureGates:
additionalProperties:
type: string
description: FeatureGates is set of key=value pairs that describe
feature gates for alpha/experimental features.
type: object
hairpinMode:
description: 'How should the kubelet configure the container bridge
for hairpin packets. Setting this flag allows endpoints in a Service
to loadbalance back to themselves if they should try to access
their own Service. Values: "promiscuous-bridge": make the container
bridge promiscuous. "hairpin-veth": set the hairpin flag
on container veth interfaces. "none": do nothing.
Setting --configure-cbr0 to false implies that to achieve hairpin
NAT one must set --hairpin-mode=veth-flag, because bridge assumes
the existence of a container bridge named cbr0.'
type: string
hostnameOverride:
description: HostnameOverride is the hostname used to identify the
kubelet instead of the actual hostname.
type: string
imageGCHighThresholdPercent:
description: ImageGCHighThresholdPercent is the percent of disk
usage after which image garbage collection is always run.
format: int32
type: integer
imageGCLowThresholdPercent:
description: ImageGCLowThresholdPercent is the percent of disk usage
before which image garbage collection is never run. Lowest disk
usage to garbage collect to.
format: int32
type: integer
imagePullProgressDeadline:
description: ImagePullProgressDeadline is the timeout for image
pulls If no pulling progress is made before this deadline, the
image pulling will be cancelled. (default 1m0s)
type: string
kubeReserved:
additionalProperties:
type: string
description: Resource reservation for kubernetes system daemons
like the kubelet, container runtime, node problem detector, etc.
type: object
kubeReservedCgroup:
description: Control group for kube daemons.
type: string
kubeconfigPath:
description: KubeconfigPath is the path of kubeconfig for the kubelet
type: string
kubeletCgroups:
description: KubeletCgroups is the absolute name of cgroups to isolate
the kubelet in.
type: string
logLevel:
description: LogLevel is the logging level of the kubelet
format: int32
type: integer
maxPods:
description: MaxPods is the number of pods that can run on this
Kubelet.
format: int32
type: integer
networkPluginMTU:
description: NetworkPluginMTU is the MTU to be passed to the network
plugin, and overrides the default MTU for cases where it cannot
be automatically computed (such as IPSEC).
format: int32
type: integer
networkPluginName:
description: NetworkPluginName is the name of the network plugin
to be invoked for various events in kubelet/pod lifecycle
type: string
nodeLabels:
additionalProperties:
type: string
description: NodeLabels to add when registering the node in the
cluster.
type: object
nodeStatusUpdateFrequency:
description: NodeStatusUpdateFrequency Specifies how often kubelet
posts node status to master (default 10s) must work with nodeMonitorGracePeriod
in KubeControllerManagerConfig.
type: string
nonMasqueradeCIDR:
description: 'NonMasqueradeCIDR configures masquerading: traffic
to IPs outside this range will use IP masquerade.'
type: string
nvidiaGPUs:
description: NvidiaGPUs is the number of NVIDIA GPU devices on this
node.
format: int32
type: integer
podCIDR:
description: PodCIDR is the CIDR to use for pod IP addresses, only
used in standalone mode. In cluster mode, this is obtained from
the master.
type: string
podInfraContainerImage:
description: PodInfraContainerImage is the image whose network/ipc
containers in each pod will use.
type: string
podManifestPath:
description: config is the path to the config file or directory
of files
type: string
readOnlyPort:
description: ReadOnlyPort is the port used by the kubelet api for
read-only access (default 10255)
format: int32
type: integer
reconcileCIDR:
description: ReconcileCIDR is Reconcile node CIDR with the CIDR
specified by the API server. No-op if register-node or configure-cbr0
is false.
type: boolean
registerNode:
description: RegisterNode enables automatic registration with the
apiserver.
type: boolean
registerSchedulable:
description: registerSchedulable tells the kubelet to register the
node as schedulable. No-op if register-node is false.
type: boolean
registryBurst:
description: RegistryBurst Maximum size of a bursty pulls, temporarily
allows pulls to burst to this number, while still not exceeding
registry-qps. Only used if --registry-qps > 0 (default 10)
format: int32
type: integer
registryPullQPS:
description: RegistryPullQPS if > 0, limit registry pull QPS to
this value. If 0, unlimited. (default 5)
format: int32
type: integer
requireKubeconfig:
description: RequireKubeconfig indicates a kubeconfig is required
type: boolean
resolvConf:
description: ResolverConfig is the resolver configuration file used
as the basis for the container DNS resolution configuration."),
[]
type: string
rootDir:
description: RootDir is the directory path for managing kubelet
files (volume mounts,etc)
type: string
runtimeCgroups:
description: Cgroups that container runtime is expected to be isolated
in.
type: string
runtimeRequestTimeout:
description: RuntimeRequestTimeout is timeout for runtime requests
on - pull, logs, exec and attach
type: string
seccompProfileRoot:
description: SeccompProfileRoot is the directory path for seccomp
profiles.
type: string
serializeImagePulls:
description: '// SerializeImagePulls when enabled, tells the Kubelet
to pull images one // at a time. We recommend *not* changing the
default value on nodes that // run docker daemon with version <
1.9 or an Aufs storage backend. // Issue #10959 has more details.'
type: boolean
streamingConnectionIdleTimeout:
description: StreamingConnectionIdleTimeout is the maximum time
a streaming connection can be idle before the connection is automatically
closed
type: string
systemCgroups:
description: SystemCgroups is absolute name of cgroups in which
to place all non-kernel processes that are not already in a container.
Empty for no container. Rolling back the flag requires a reboot.
type: string
systemReserved:
additionalProperties:
type: string
description: Capture resource reservation for OS system daemons
like sshd, udev, etc.
type: object
systemReservedCgroup:
description: Parent control group for OS system daemons.
type: string
taints:
description: Taints to add when registering a node in the cluster
items:
type: string
type: array
tlsCertFile:
description: 'TODO: Remove unused TLSCertFile'
type: string
tlsCipherSuites:
description: TLSCipherSuites indicates the allowed TLS cipher suite
items:
type: string
type: array
tlsMinVersion:
description: TLSMinVersion indicates the minimum TLS version allowed
type: string
tlsPrivateKeyFile:
description: 'TODO: Remove unused TLSPrivateKeyFile'
type: string
volumePluginDirectory:
description: The full path of the directory in which to search for
additional third party volume plugins (this path must be writeable,
dependent on your choice of OS)
type: string
volumeStatsAggPeriod:
description: VolumeStatsAggPeriod is the interval for kubelet to
calculate and cache the volume disk usage for all pods and volumes
type: string
type: object
kubernetesApiAccess:
description: KubernetesAPIAccess determines the permitted access to
the API endpoints (master HTTPS) Currently only a single CIDR is supported
(though a richer grammar could be added in future)
items:
type: string
type: array
kubernetesVersion:
description: The version of kubernetes to install (optional, and can
be a "spec" like stable)
type: string
masterInternalName:
description: MasterInternalName is the internal DNS name for the master
nodes
type: string
masterKubelet:
description: KubeletConfigSpec defines the kubelet configuration
properties:
allowPrivileged:
description: AllowPrivileged enables containers to request privileged
mode (defaults to false)
type: boolean
allowedUnsafeSysctls:
description: AllowedUnsafeSysctls are passed to the kubelet config
to whitelist allowable sysctls
items:
type: string
type: array
anonymousAuth:
description: AnonymousAuth permits you to control auth to the kubelet
api
type: boolean
apiServers:
description: APIServers is not used for clusters version 1.6 and
later - flag removed
type: string
authenticationTokenWebhook:
description: AuthenticationTokenWebhook uses the TokenReview API
to determine authentication for bearer tokens.
type: boolean
authenticationTokenWebhookCacheTtl:
description: AuthenticationTokenWebhook sets the duration to cache
responses from the webhook token authenticator. Default is 2m.
(default 2m0s)
type: string
authorizationMode:
description: AuthorizationMode is the authorization mode the kubelet
is running in
type: string
babysitDaemons:
description: The node has babysitter process monitoring docker and
kubelet. Removed as of 1.7
type: boolean
bootstrapKubeconfig:
description: BootstrapKubeconfig is the path to a kubeconfig file
that will be used to get client certificate for kubelet
type: string
cgroupRoot:
description: cgroupRoot is the root cgroup to use for pods. This
is handled by the container runtime on a best effort basis.
type: string
clientCaFile:
description: ClientCAFile is the path to a CA certificate
type: string
cloudProvider:
description: CloudProvider is the provider for cloud services.
type: string
clusterDNS:
description: ClusterDNS is the IP address for a cluster DNS server
type: string
clusterDomain:
description: ClusterDomain is the DNS domain for this cluster
type: string
configureCbr0:
description: configureCBR0 enables the kubelet to configure cbr0
based on Node.Spec.PodCIDR.
type: boolean
cpuCFSQuota:
description: CPUCFSQuota enables CPU CFS quota enforcement for containers
that specify CPU limits
type: boolean
cpuCFSQuotaPeriod:
description: CPUCFSQuotaPeriod sets CPU CFS quota period value,
cpu.cfs_period_us, defaults to Linux Kernel default
type: string
cpuManagerPolicy:
description: CpuManagerPolicy allows for changing the default policy
of None to static
type: string
dockerDisableSharedPID:
description: DockerDisableSharedPID uses a shared PID namespace
for containers in a pod.
type: boolean
enableCustomMetrics:
description: Enable gathering custom metrics.
type: boolean
enableDebuggingHandlers:
description: EnableDebuggingHandlers enables server endpoints for
log collection and local running of containers and commands
type: boolean
enforceNodeAllocatable:
description: Enforce Allocatable across pods whenever the overall
usage across all pods exceeds Allocatable.
type: string
evictionHard:
description: Comma-delimited list of hard eviction expressions. For
example, 'memory.available<300Mi'.
type: string
evictionMaxPodGracePeriod:
description: Maximum allowed grace period (in seconds) to use when
terminating pods in response to a soft eviction threshold being
met.
format: int32
type: integer
evictionMinimumReclaim:
description: Comma-delimited list of minimum reclaims (e.g. imagefs.available=2Gi)
that describes the minimum amount of resource the kubelet will
reclaim when performing a pod eviction if that resource is under
pressure.
type: string
evictionPressureTransitionPeriod:
description: Duration for which the kubelet has to wait before transitioning
out of an eviction pressure condition.
type: string
evictionSoft:
description: Comma-delimited list of soft eviction expressions. For
example, 'memory.available<300Mi'.
type: string
evictionSoftGracePeriod:
description: Comma-delimited list of grace periods for each soft
eviction signal. For example, 'memory.available=30s'.
type: string
experimentalAllowedUnsafeSysctls:
description: ExperimentalAllowedUnsafeSysctls are passed to the
kubelet config to whitelist allowable sysctls Was promoted to
beta and renamed. https://github.com/kubernetes/kubernetes/pull/63717
items:
type: string
type: array
failSwapOn:
description: Tells the Kubelet to fail to start if swap is enabled
on the node.
type: boolean
featureGates:
additionalProperties:
type: string
description: FeatureGates is set of key=value pairs that describe
feature gates for alpha/experimental features.
type: object
hairpinMode:
description: 'How should the kubelet configure the container bridge
for hairpin packets. Setting this flag allows endpoints in a Service
to loadbalance back to themselves if they should try to access
their own Service. Values: "promiscuous-bridge": make the container
bridge promiscuous. "hairpin-veth": set the hairpin flag
on container veth interfaces. "none": do nothing.
Setting --configure-cbr0 to false implies that to achieve hairpin
NAT one must set --hairpin-mode=veth-flag, because bridge assumes
the existence of a container bridge named cbr0.'
type: string
hostnameOverride:
description: HostnameOverride is the hostname used to identify the
kubelet instead of the actual hostname.
type: string
imageGCHighThresholdPercent:
description: ImageGCHighThresholdPercent is the percent of disk
usage after which image garbage collection is always run.
format: int32
type: integer
imageGCLowThresholdPercent:
description: ImageGCLowThresholdPercent is the percent of disk usage
before which image garbage collection is never run. Lowest disk
usage to garbage collect to.
format: int32
type: integer
imagePullProgressDeadline:
description: ImagePullProgressDeadline is the timeout for image
pulls If no pulling progress is made before this deadline, the
image pulling will be cancelled. (default 1m0s)
type: string
kubeReserved:
additionalProperties:
type: string
description: Resource reservation for kubernetes system daemons
like the kubelet, container runtime, node problem detector, etc.
type: object
kubeReservedCgroup:
description: Control group for kube daemons.
type: string
kubeconfigPath:
description: KubeconfigPath is the path of kubeconfig for the kubelet
type: string
kubeletCgroups:
description: KubeletCgroups is the absolute name of cgroups to isolate
the kubelet in.
type: string
logLevel:
description: LogLevel is the logging level of the kubelet
format: int32
type: integer
maxPods:
description: MaxPods is the number of pods that can run on this
Kubelet.
format: int32
type: integer
networkPluginMTU:
description: NetworkPluginMTU is the MTU to be passed to the network
plugin, and overrides the default MTU for cases where it cannot
be automatically computed (such as IPSEC).
format: int32
type: integer
networkPluginName:
description: NetworkPluginName is the name of the network plugin
to be invoked for various events in kubelet/pod lifecycle
type: string
nodeLabels:
additionalProperties:
type: string
description: NodeLabels to add when registering the node in the
cluster.
type: object
nodeStatusUpdateFrequency:
description: NodeStatusUpdateFrequency Specifies how often kubelet
posts node status to master (default 10s) must work with nodeMonitorGracePeriod
in KubeControllerManagerConfig.
type: string
nonMasqueradeCIDR:
description: 'NonMasqueradeCIDR configures masquerading: traffic
to IPs outside this range will use IP masquerade.'
type: string
nvidiaGPUs:
description: NvidiaGPUs is the number of NVIDIA GPU devices on this
node.
format: int32
type: integer
podCIDR:
description: PodCIDR is the CIDR to use for pod IP addresses, only
used in standalone mode. In cluster mode, this is obtained from
the master.
type: string
podInfraContainerImage:
description: PodInfraContainerImage is the image whose network/ipc
containers in each pod will use.
type: string
podManifestPath:
description: config is the path to the config file or directory
of files
type: string
readOnlyPort:
description: ReadOnlyPort is the port used by the kubelet api for
read-only access (default 10255)
format: int32
type: integer
reconcileCIDR:
description: ReconcileCIDR is Reconcile node CIDR with the CIDR
specified by the API server. No-op if register-node or configure-cbr0
is false.
type: boolean
registerNode:
description: RegisterNode enables automatic registration with the
apiserver.
type: boolean
registerSchedulable:
description: registerSchedulable tells the kubelet to register the
node as schedulable. No-op if register-node is false.
type: boolean
registryBurst:
description: RegistryBurst Maximum size of a bursty pulls, temporarily
allows pulls to burst to this number, while still not exceeding
registry-qps. Only used if --registry-qps > 0 (default 10)
format: int32
type: integer
registryPullQPS:
description: RegistryPullQPS if > 0, limit registry pull QPS to
this value. If 0, unlimited. (default 5)
format: int32
type: integer
requireKubeconfig:
description: RequireKubeconfig indicates a kubeconfig is required
type: boolean
resolvConf:
description: ResolverConfig is the resolver configuration file used
as the basis for the container DNS resolution configuration."),
[]
type: string
rootDir:
description: RootDir is the directory path for managing kubelet
files (volume mounts,etc)
type: string
runtimeCgroups:
description: Cgroups that container runtime is expected to be isolated
in.
type: string
runtimeRequestTimeout:
description: RuntimeRequestTimeout is timeout for runtime requests
on - pull, logs, exec and attach
type: string
seccompProfileRoot:
description: SeccompProfileRoot is the directory path for seccomp
profiles.
type: string
serializeImagePulls:
description: '// SerializeImagePulls when enabled, tells the Kubelet
to pull images one // at a time. We recommend *not* changing the
default value on nodes that // run docker daemon with version <
1.9 or an Aufs storage backend. // Issue #10959 has more details.'
type: boolean
streamingConnectionIdleTimeout:
description: StreamingConnectionIdleTimeout is the maximum time
a streaming connection can be idle before the connection is automatically
closed
type: string
systemCgroups:
description: SystemCgroups is absolute name of cgroups in which
to place all non-kernel processes that are not already in a container.
Empty for no container. Rolling back the flag requires a reboot.
type: string
systemReserved:
additionalProperties:
type: string
description: Capture resource reservation for OS system daemons
like sshd, udev, etc.
type: object
systemReservedCgroup:
description: Parent control group for OS system daemons.
type: string
taints:
description: Taints to add when registering a node in the cluster
items:
type: string
type: array
tlsCertFile:
description: 'TODO: Remove unused TLSCertFile'
type: string
tlsCipherSuites:
description: TLSCipherSuites indicates the allowed TLS cipher suite
items:
type: string
type: array
tlsMinVersion:
description: TLSMinVersion indicates the minimum TLS version allowed
type: string
tlsPrivateKeyFile:
description: 'TODO: Remove unused TLSPrivateKeyFile'
type: string
volumePluginDirectory:
description: The full path of the directory in which to search for
additional third party volume plugins (this path must be writeable,
dependent on your choice of OS)
type: string
volumeStatsAggPeriod:
description: VolumeStatsAggPeriod is the interval for kubelet to
calculate and cache the volume disk usage for all pods and volumes
type: string
type: object
masterPublicName:
description: MasterPublicName is the external DNS name for the master
nodes
type: string
networkCIDR:
description: NetworkCIDR is the CIDR used for the AWS VPC / GCE Network,
or otherwise allocated to k8s This is a real CIDR, not the internal
k8s network On AWS, it maps to the VPC CIDR. It is not required on
GCE.
type: string
networkID:
description: NetworkID is an identifier of a network, if we want to
reuse/share an existing network (e.g. an AWS VPC)
type: string
networking:
description: Networking configuration
properties:
amazonvpc:
description: AmazonVPCNetworkingSpec declares that we want Amazon
VPC CNI networking
properties:
imageName:
description: 'The container image name to use, which by default
is: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.5'
type: string
type: object
calico:
description: CalicoNetworkingSpec declares that we want Calico networking
properties:
crossSubnet:
type: boolean
ipipMode:
description: IPIPMode is mode for CALICO_IPV4POOL_IPIP
type: string
iptablesBackend:
description: 'IptablesBackend controls which variant of iptables
binary Felix uses Default: Legacy (other options: NFT)'
type: string
logSeverityScreen:
description: 'LogSeverityScreen lets us set the desired log
level. (Default: info)'
type: string
majorVersion:
description: MajorVersion is the version of Calico to use
type: string
mtu:
description: MTU to be set in the cni-network-config for calico.
format: int32
type: integer
prometheusGoMetricsEnabled:
description: PrometheusGoMetricsEnabled enables Prometheus Go
runtime metrics collection
type: boolean
prometheusMetricsEnabled:
description: 'PrometheusMetricsEnabled can be set to enable
the experimental Prometheus metrics server (default: false)'
type: boolean
prometheusMetricsPort:
description: 'PrometheusMetricsPort is the TCP port that the
experimental Prometheus metrics server should bind to (default:
9091)'
format: int32
type: integer
prometheusProcessMetricsEnabled:
description: PrometheusProcessMetricsEnabled enables Prometheus
process metrics collection
type: boolean
typhaPrometheusMetricsEnabled:
description: 'TyphaPrometheusMetricsEnabled enables Prometheus
metrics collection from Typha (default: false)'
type: boolean
typhaPrometheusMetricsPort:
description: 'TyphaPrometheusMetricsPort is the TCP port the
typha Prometheus metrics server should bind to (default: 9093)'
format: int32
type: integer
typhaReplicas:
description: TyphaReplicas is the number of replicas of Typha
to deploy
format: int32
type: integer
type: object
canal:
description: CanalNetworkingSpec declares that we want Canal networking
properties:
chainInsertMode:
description: 'ChainInsertMode controls whether Felix inserts
rules to the top of iptables chains, or appends to the bottom.
Leaving the default option is safest to prevent accidentally
breaking connectivity. Default: ''insert'' (other options:
''append'')'
type: string
defaultEndpointToHostAction:
description: 'DefaultEndpointToHostAction allows users to configure
the default behaviour for traffic between pod to host after
calico rules have been processed. Default: ACCEPT (other options:
DROP, RETURN)'
type: string
disableFlannelForwardRules:
description: DisableFlannelForwardRules configures Flannel to
NOT add the default ACCEPT traffic rules to the iptables FORWARD
chain
type: boolean
iptablesBackend:
description: 'IptablesBackend controls which variant of iptables
binary Felix uses Default: Legacy (other options: NFT)'
type: string
logSeveritySys:
description: 'LogSeveritySys the severity to set for logs which
are sent to syslog Default: INFO (other options: DEBUG, WARNING,
ERROR, CRITICAL, NONE)'
type: string
mtu:
description: 'MTU to be set in the cni-network-config (default:
1500)'
format: int32
type: integer
prometheusGoMetricsEnabled:
description: PrometheusGoMetricsEnabled enables Prometheus Go
runtime metrics collection
type: boolean
prometheusMetricsEnabled:
description: 'PrometheusMetricsEnabled can be set to enable
the experimental Prometheus metrics server (default: false)'
type: boolean
prometheusMetricsPort:
description: 'PrometheusMetricsPort is the TCP port that the
experimental Prometheus metrics server should bind to (default:
9091)'
format: int32
type: integer
prometheusProcessMetricsEnabled:
description: PrometheusProcessMetricsEnabled enables Prometheus
process metrics collection
type: boolean
typhaPrometheusMetricsEnabled:
description: 'TyphaPrometheusMetricsEnabled enables Prometheus
metrics collection from Typha (default: false)'
type: boolean
typhaPrometheusMetricsPort:
description: 'TyphaPrometheusMetricsPort is the TCP port the
typha Prometheus metrics server should bind to (default: 9093)'
format: int32
type: integer
typhaReplicas:
description: TyphaReplicas is the number of replicas of Typha
to deploy
format: int32
type: integer
type: object
cilium:
description: CiliumNetworkingSpec declares that we want Cilium networking
properties:
IPTablesRulesNoinstall:
type: boolean
accessLog:
type: string
agentLabels:
items:
type: string
type: array
allowLocalhost:
type: string
autoDirectNodeRoutes:
type: boolean
autoIpv6NodeRoutes:
type: boolean
bpfCTGlobalAnyMax:
type: integer
bpfCTGlobalTCPMax:
type: integer
bpfRoot:
type: string
clusterName:
type: string
cniBinPath:
type: string
containerRuntime:
items:
type: string
type: array
containerRuntimeEndpoint:
additionalProperties:
type: string
type: object
containerRuntimeLabels:
type: string
debug:
type: boolean
debugVerbose:
items:
type: string
type: array
device:
type: string
disableConntrack:
type: boolean
disableIpv4:
type: boolean
disableK8sServices:
type: boolean
disableMasquerade:
type: boolean
enableNodePort:
type: boolean
enablePolicy:
type: string
enableTracing:
type: boolean
enableipv4:
type: boolean
enableipv6:
type: boolean
envoyLog:
type: string
ipv4ClusterCidrMaskSize:
type: integer
ipv4Node:
type: string
ipv4Range:
type: string
ipv4ServiceRange:
type: string
ipv6ClusterAllocCidr:
type: string
ipv6Node:
type: string
ipv6Range:
type: string
ipv6ServiceRange:
type: string
k8sApiServer:
type: string
k8sKubeconfigPath:
type: string
keepBpfTemplates:
type: boolean
keepConfig:
type: boolean
labelPrefixFile:
type: string
labels:
items:
type: string
type: array
lb:
type: string
libDir:
type: string
logDriver:
items:
type: string
type: array
logOpt:
additionalProperties:
type: string
type: object
logstash:
type: boolean
logstashAgent:
type: string
logstashProbeTimer:
format: int32
type: integer
monitorAggregation:
type: string
nat46Range:
type: string
nodeInitBootstrapFile:
type: string
pprof:
type: boolean
preallocateBPFMaps:
type: boolean
prefilterDevice:
type: string
prometheusServeAddr:
type: string
reconfigureKubelet:
type: boolean
removeCbrBridge:
description: node init options
type: boolean
restartPods:
type: boolean
restore:
type: boolean
sidecarIstioProxyImage:
type: string
singleClusterRoute:
type: boolean
socketPath:
type: string
stateDir:
type: string
toFqdnsEnablePoller:
type: boolean
tracePayloadlen:
type: integer
tunnel:
type: string
version:
type: string
required:
- IPTablesRulesNoinstall
- autoDirectNodeRoutes
- bpfCTGlobalAnyMax
- bpfCTGlobalTCPMax
- clusterName
- cniBinPath
- enableNodePort
- enableipv4
- enableipv6
- monitorAggregation
- nodeInitBootstrapFile
- preallocateBPFMaps
- reconfigureKubelet
- removeCbrBridge
- restartPods
- sidecarIstioProxyImage
- toFqdnsEnablePoller
type: object
classic:
description: ClassicNetworkingSpec is the specification of classic
networking mode, integrated into kubernetes
type: object
cni:
description: CNINetworkingSpec is the specification for networking
that is implemented by a Daemonset Networking is not managed by
kops - we can create options here that directly configure e.g.
weave but this is useful for arbitrary network modes or for modes
that don't need additional configuration.
properties:
usesSecondaryIP:
type: boolean
type: object
external:
description: ExternalNetworkingSpec is the specification for networking
that is implemented by a Daemonset It also uses kubenet
type: object
flannel:
description: FlannelNetworkingSpec declares that we want Flannel
networking
properties:
backend:
description: Backend is the backend overlay type we want to
use (vxlan or udp)
type: string
iptablesResyncSeconds:
description: IptablesResyncSeconds sets resync period for iptables
rules, in seconds
format: int32
type: integer
type: object
gce:
description: GCENetworkingSpec is the specification of GCE's native
networking mode, using IP aliases
type: object
kopeio:
description: KopeioNetworkingSpec declares that we want Kopeio networking
type: object
kubenet:
description: KubenetNetworkingSpec is the specification for kubenet
networking, largely integrated but intended to replace classic
type: object
kuberouter:
description: KuberouterNetworkingSpec declares that we want Kube-router
networking
type: object
lyftvpc:
description: LyftIpVlanNetworkingSpec declares that we want to use
the cni-ipvlan-vpc-k8s CNI networking
properties:
subnetTags:
additionalProperties:
type: string
type: object
type: object
romana:
description: RomanaNetworkingSpec declares that we want Romana networking
properties:
daemonServiceIP:
description: DaemonServiceIP is the Kubernetes Service IP for
the romana-daemon pod
type: string
etcdServiceIP:
description: EtcdServiceIP is the Kubernetes Service IP for
the etcd backend used by Romana
type: string
type: object
weave:
description: WeaveNetworkingSpec declares that we want Weave networking
properties:
connLimit:
format: int32
type: integer
mtu:
format: int32
type: integer
netExtraArgs:
type: string
noMasqLocal:
format: int32
type: integer
type: object
type: object
nodeAuthorization:
description: NodeAuthorization defined the custom node authorization
configuration
properties:
nodeAuthorizer:
description: NodeAuthorizer defined the configuration for the node
authorizer
properties:
authorizer:
description: Authorizer is the authorizer to use
type: string
features:
description: Features is a series of authorizer features to
enable or disable
items:
type: string
type: array
image:
description: Image is the location of container
type: string
interval:
description: Interval the time between retires for authorization
request
type: string
nodeURL:
description: NodeURL is the node authorization service url
type: string
port:
description: Port is the port the service is running on the
master
type: integer
timeout:
description: Timeout the max time for authorization request
type: string
tokenTTL:
description: TokenTTL is the max ttl for an issued token
type: string
type: object
type: object
nodePortAccess:
description: NodePortAccess is a list of the CIDRs that can access the
node ports range (30000-32767).
items:
type: string
type: array
nonMasqueradeCIDR:
description: MasterIPRange string `json:",omitempty"`
NonMasqueradeCIDR is the CIDR for the internal k8s network (on which
pods & services live) It cannot overlap ServiceClusterIPRange
type: string
podCIDR:
description: PodCIDR is the CIDR from which we allocate IPs for pods
type: string
project:
description: Project is the cloud project we should use, required on
GCE
type: string
secretStore:
description: SecretStore is the VFS path to where secrets are stored
type: string
serviceClusterIPRange:
description: ServiceClusterIPRange is the CIDR, from the internal network,
where we allocate IPs for services
type: string
sshAccess:
description: SSHAccess determines the permitted access to SSH Currently
only a single CIDR is supported (though a richer grammar could be
added in future)
items:
type: string
type: array
sshKeyName:
description: SSHKeyName specifies a preexisting SSH key to use
type: string
subnets:
description: Configuration of subnets we are targeting
items:
properties:
cidr:
type: string
egress:
description: Egress defines the method of traffic egress for this
subnet
type: string
id:
description: ProviderID is the cloud provider id for the objects
associated with the zone (the subnet on AWS)
type: string
name:
type: string
publicIP:
description: PublicIP to attach to NatGateway
type: string
region:
description: Region is the region the subnet is in, set for subnets
that are regionally scoped
type: string
type:
description: SubnetType string describes subnet types (public,
private, utility)
type: string
zone:
description: Zone is the zone the subnet is in, set for subnets
that are zonally scoped
type: string
type: object
type: array
target:
description: Target allows for us to nest extra config for targets such
as terraform
properties:
terraform:
description: TerraformSpec allows us to specify terraform config
in an extensible way
properties:
providerExtraConfig:
additionalProperties:
type: string
description: ProviderExtraConfig contains key/value pairs to
add to the rendered terraform "provider" block
type: object
type: object
type: object
topology:
description: Topology defines the type of network topology to use on
the cluster - default public This is heavily weighted towards AWS
for the time being, but should also be agnostic enough to port out
to GCE later if needed
properties:
bastion:
description: Bastion provide an external facing point of entry into
a network containing private network instances. This host can
provide a single point of fortification or audit and can be started
and stopped to enable or disable inbound SSH communication from
the Internet, some call bastion as the "jump server".
properties:
bastionPublicName:
type: string
idleTimeoutSeconds:
description: IdleTimeoutSeconds is the bastion's Loadbalancer
idle timeout
format: int64
type: integer
type: object
dns:
description: DNS configures options relating to DNS, in particular
whether we use a public or a private hosted zone
properties:
type:
type: string
type: object
masters:
description: The environment to launch the Kubernetes masters in
public|private
type: string
nodes:
description: The environment to launch the Kubernetes nodes in public|private
type: string
type: object
updatePolicy:
description: 'UpdatePolicy determines the policy for applying upgrades
automatically. Valid values: ''external'' do not apply updates automatically
- they are applied manually or by an external system missing: default
policy (currently OS security upgrades that do not require a reboot)'
type: string
useHostCertificates:
description: UseHostCertificates will mount /etc/ssl/certs to inside
needed containers. This is needed if some APIs do have self-signed
certs
type: boolean
type: object
type: object
version: v1alpha2
versions:
- name: v1alpha2
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
Reference in New Issue View Git Blame Copy Permalink