{ "properties": { "additionalUserDataFiles": { "description": "AdditionalUserDataFiles specifies extra files to be passed to all Machines' user_data upon creation.", "items": { "properties": { "content": { "description": "Content is the actual content of the file.", "type": "string" }, "owner": { "description": "Owner specifies the ownership of the file, e.g. \"root:root\".", "type": "string" }, "path": { "description": "Path specifies the full path on disk where to store the file.", "type": "string" }, "permissions": { "description": "Permissions specifies the permissions to assign to the file, e.g. \"0640\".", "type": "string" } }, "required": [ "path", "owner", "permissions", "content" ], "type": "object", "additionalProperties": false }, "type": "array" }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "caKeyPair": { "description": "CAKeyPair is the key pair for ca certs.", "properties": { "cert": { "description": "base64 encoded cert and key", "format": "byte", "type": "string" }, "key": { "format": "byte", "type": "string" } }, "required": [ "cert", "key" ], "type": "object", "additionalProperties": false }, "clusterConfiguration": { "description": "ClusterConfiguration holds the cluster-wide information used during a kubeadm init call.", "properties": { "apiServer": { "description": "APIServer contains extra settings for the API server control plane component", "properties": { "certSANs": { "description": "CertSANs sets extra Subject Alternative Names for the API Server signing cert.", "items": { "type": "string" }, "type": "array" }, "extraArgs": { "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object" }, "extraVolumes": { "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "properties": { "hostPath": { "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, "required": [ "name", "hostPath", "mountPath" ], "type": "object", "additionalProperties": false }, "type": "array" }, "timeoutForControlPlane": { "description": "TimeoutForControlPlane controls the timeout that we use for API server to appear", "type": "string" } }, "type": "object", "additionalProperties": false }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "certificatesDir": { "description": "CertificatesDir specifies where to store or look for all required certificates.", "type": "string" }, "clusterName": { "description": "The cluster name", "type": "string" }, "controlPlaneEndpoint": { "description": "ControlPlaneEndpoint sets a stable IP address or DNS name for the control plane; it can be a valid IP address or a RFC-1123 DNS subdomain, both with optional TCP port. In case the ControlPlaneEndpoint is not specified, the AdvertiseAddress + BindPort are used; in case the ControlPlaneEndpoint is specified but without a TCP port, the BindPort is used. Possible usages are: e.g. In a cluster with more than one control plane instances, this field should be assigned the address of the external load balancer in front of the control plane instances. e.g. in environments with enforced node recycling, the ControlPlaneEndpoint could be used for assigning a stable DNS to the control plane.", "type": "string" }, "controllerManager": { "description": "ControllerManager contains extra settings for the controller manager control plane component", "properties": { "extraArgs": { "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object" }, "extraVolumes": { "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "properties": { "hostPath": { "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, "required": [ "name", "hostPath", "mountPath" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "dns": { "description": "DNS defines the options for the DNS add-on installed in the cluster.", "properties": { "imageRepository": { "description": "ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "type": "string" }, "imageTag": { "description": "ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "type": "string" }, "type": { "description": "Type defines the DNS add-on to be used", "type": "string" } }, "required": [ "type" ], "type": "object", "additionalProperties": false }, "etcd": { "description": "Etcd holds configuration for etcd.", "properties": { "external": { "description": "External describes how to connect to an external etcd cluster Local and External are mutually exclusive", "properties": { "caFile": { "description": "CAFile is an SSL Certificate Authority file used to secure etcd communication. Required if using a TLS connection.", "type": "string" }, "certFile": { "description": "CertFile is an SSL certification file used to secure etcd communication. Required if using a TLS connection.", "type": "string" }, "endpoints": { "description": "Endpoints of etcd members. Required for ExternalEtcd.", "items": { "type": "string" }, "type": "array" }, "keyFile": { "description": "KeyFile is an SSL key file used to secure etcd communication. Required if using a TLS connection.", "type": "string" } }, "required": [ "endpoints", "caFile", "certFile", "keyFile" ], "type": "object", "additionalProperties": false }, "local": { "description": "Local provides configuration knobs for configuring the local etcd instance Local and External are mutually exclusive", "properties": { "dataDir": { "description": "DataDir is the directory etcd will place its data. Defaults to \"/var/lib/etcd\".", "type": "string" }, "extraArgs": { "description": "ExtraArgs are extra arguments provided to the etcd binary when run inside a static pod.", "type": "object" }, "imageRepository": { "description": "ImageRepository sets the container registry to pull images from. if not set, the ImageRepository defined in ClusterConfiguration will be used instead.", "type": "string" }, "imageTag": { "description": "ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.", "type": "string" }, "peerCertSANs": { "description": "PeerCertSANs sets extra Subject Alternative Names for the etcd peer signing cert.", "items": { "type": "string" }, "type": "array" }, "serverCertSANs": { "description": "ServerCertSANs sets extra Subject Alternative Names for the etcd server signing cert.", "items": { "type": "string" }, "type": "array" } }, "required": [ "dataDir" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "featureGates": { "description": "FeatureGates enabled by the user.", "type": "object" }, "imageRepository": { "description": "ImageRepository sets the container registry to pull images from. If empty, `k8s.gcr.io` will be used by default; in case of kubernetes version is a CI build (kubernetes version starts with `ci/` or `ci-cross/`) `gcr.io/kubernetes-ci-images` will be used as a default for control plane components and for kube-proxy, while `k8s.gcr.io` will be used for all the other images.", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "kubernetesVersion": { "description": "KubernetesVersion is the target version of the control plane.", "type": "string" }, "networking": { "description": "Networking holds configuration for the networking topology of the cluster.", "properties": { "dnsDomain": { "description": "DNSDomain is the dns domain used by k8s services. Defaults to \"cluster.local\".", "type": "string" }, "podSubnet": { "description": "PodSubnet is the subnet used by pods.", "type": "string" }, "serviceSubnet": { "description": "ServiceSubnet is the subnet used by k8s services. Defaults to \"10.96.0.0/12\".", "type": "string" } }, "required": [ "serviceSubnet", "podSubnet", "dnsDomain" ], "type": "object", "additionalProperties": false }, "scheduler": { "description": "Scheduler contains extra settings for the scheduler control plane component", "properties": { "extraArgs": { "description": "ExtraArgs is an extra set of flags to pass to the control plane component. TODO: This is temporary and ideally we would like to switch all components to use ComponentConfig + ConfigMaps.", "type": "object" }, "extraVolumes": { "description": "ExtraVolumes is an extra set of host volumes, mounted to the control plane component.", "items": { "properties": { "hostPath": { "description": "HostPath is the path in the host that will be mounted inside the pod.", "type": "string" }, "mountPath": { "description": "MountPath is the path inside the pod where hostPath will be mounted.", "type": "string" }, "name": { "description": "Name of the volume inside the pod template.", "type": "string" }, "pathType": { "description": "PathType is the type of the HostPath.", "type": "string" }, "readOnly": { "description": "ReadOnly controls write access to the volume", "type": "boolean" } }, "required": [ "name", "hostPath", "mountPath" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "useHyperKubeImage": { "description": "UseHyperKubeImage controls if hyperkube should be used for Kubernetes components instead of their respective separate images", "type": "boolean" } }, "required": [ "etcd", "networking", "kubernetesVersion", "controlPlaneEndpoint", "dns", "certificatesDir", "imageRepository" ], "type": "object", "additionalProperties": false }, "etcdCAKeyPair": { "description": "EtcdCAKeyPair is the key pair for etcd.", "properties": { "cert": { "description": "base64 encoded cert and key", "format": "byte", "type": "string" }, "key": { "format": "byte", "type": "string" } }, "required": [ "cert", "key" ], "type": "object", "additionalProperties": false }, "frontProxyCAKeyPair": { "description": "FrontProxyCAKeyPair is the key pair for FrontProxyKeyPair.", "properties": { "cert": { "description": "base64 encoded cert and key", "format": "byte", "type": "string" }, "key": { "format": "byte", "type": "string" } }, "required": [ "cert", "key" ], "type": "object", "additionalProperties": false }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "networkSpec": { "description": "NetworkSpec encapsulates all things related to AWS network.", "properties": { "subnets": { "description": "Subnets configuration.", "items": { "properties": { "availabilityZone": { "description": "AvailabilityZone defines the availability zone to use for this subnet in the cluster's region.", "type": "string" }, "cidrBlock": { "description": "CidrBlock is the CIDR block to be used when the provider creates a managed VPC.", "type": "string" }, "id": { "description": "ID defines a unique identifier to reference this resource.", "type": "string" }, "isPublic": { "description": "IsPublic defines the subnet as a public subnet. A subnet is public when it is associated with a route table that has a route to an internet gateway.", "type": "boolean" }, "natGatewayId": { "description": "NatGatewayID is the NAT gateway id associated with the subnet. Ignored unless the subnet is managed by the provider, in which case this is set on the public subnet where the NAT gateway resides. It is then used to determine routes for private subnets in the same AZ as the public subnet.", "type": "string" }, "routeTableId": { "description": "RouteTableID is the routing table id associated with the subnet.", "type": "string" }, "tags": { "description": "Tags is a collection of tags describing the resource.", "type": "object" } }, "required": [ "isPublic", "routeTableId" ], "type": "object", "additionalProperties": false }, "type": "array" }, "vpc": { "description": "VPC configuration.", "properties": { "cidrBlock": { "description": "CidrBlock is the CIDR block to be used when the provider creates a managed VPC. Defaults to 10.0.0.0/16.", "type": "string" }, "id": { "description": "ID is the vpc-id of the VPC this provider should use to create resources.", "type": "string" }, "internetGatewayId": { "description": "InternetGatewayID is the id of the internet gateway associated with the VPC.", "type": "string" }, "tags": { "description": "Tags is a collection of tags describing the resource.", "type": "object" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" }, "saKeyPair": { "description": "SAKeyPair is the service account key pair.", "properties": { "cert": { "description": "base64 encoded cert and key", "format": "byte", "type": "string" }, "key": { "format": "byte", "type": "string" } }, "required": [ "cert", "key" ], "type": "object", "additionalProperties": false }, "sshKeyName": { "description": "SSHKeyName is the name of the ssh key to attach to the bastion host.", "type": "string" } } }