{ "properties": { "additionalSecurityGroups": { "description": "AdditionalSecurityGroups is an array of references to security groups that should be applied to the instance. These security groups would be set in addition to any security groups defined at the cluster level or in the actuator.", "items": { "properties": { "arn": { "description": "ARN of resource", "type": "string" }, "filters": { "description": "Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html", "items": { "properties": { "name": { "description": "Name of the filter. Filter names are case-sensitive.", "type": "string" }, "values": { "description": "Values includes one or more filter values. Filter values are case-sensitive.", "items": { "type": "string" }, "type": "array" } }, "required": [ "name", "values" ], "type": "object", "additionalProperties": false }, "type": "array" }, "id": { "description": "ID of resource", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "additionalTags": { "description": "AdditionalTags is the set of tags to add to an instance, in addition to the ones added by default by the actuator. These tags are additive. The actuator will ensure these tags are present, but will not remove any other tags that may exist on the instance.", "type": "object" }, "additionalUserDataFiles": { "description": "AdditionalUserDataFiles specifies extra files to be passed to user_data upon creation.", "items": { "properties": { "content": { "description": "Content is the actual content of the file.", "type": "string" }, "owner": { "description": "Owner specifies the ownership of the file, e.g. \"root:root\".", "type": "string" }, "path": { "description": "Path specifies the full path on disk where to store the file.", "type": "string" }, "permissions": { "description": "Permissions specifies the permissions to assign to the file, e.g. \"0640\".", "type": "string" } }, "required": [ "path", "owner", "permissions", "content" ], "type": "object", "additionalProperties": false }, "type": "array" }, "ami": { "description": "AMI is the reference to the AMI from which to create the machine instance.", "properties": { "arn": { "description": "ARN of resource", "type": "string" }, "filters": { "description": "Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html", "items": { "properties": { "name": { "description": "Name of the filter. Filter names are case-sensitive.", "type": "string" }, "values": { "description": "Values includes one or more filter values. Filter values are case-sensitive.", "items": { "type": "string" }, "type": "array" } }, "required": [ "name", "values" ], "type": "object", "additionalProperties": false }, "type": "array" }, "id": { "description": "ID of resource", "type": "string" } }, "type": "object", "additionalProperties": false }, "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "availabilityZone": { "description": "AvailabilityZone is references the AWS availability zone to use for this instance. If multiple subnets are matched for the availability zone, the first one return is picked.", "type": "string" }, "iamInstanceProfile": { "description": "IAMInstanceProfile is a name of an IAM instance profile to assign to the instance", "type": "string" }, "imageLookupOrg": { "description": "ImageLookupOrg is the AWS Organization ID to use for image lookup if AMI is not set.", "type": "string" }, "instanceType": { "description": "InstanceType is the type of instance to create. Example: m4.xlarge", "type": "string" }, "keyName": { "description": "KeyName is the name of the SSH key to install on the instance.", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "kubeadmConfiguration": { "description": "KubeadmConfiguration holds the kubeadm configuration options", "properties": { "init": { "description": "InitConfiguration is used to customize any kubeadm init configuration parameters.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "bootstrapTokens": { "description": "BootstrapTokens is respected at `kubeadm init` time and describes a set of Bootstrap Tokens to create. This information IS NOT uploaded to the kubeadm cluster configmap, partly because of its sensitive nature", "items": { "properties": { "description": { "description": "Description sets a human-friendly message why this token exists and what it's used for, so other administrators can know its purpose.", "type": "string" }, "expires": { "description": "Expires specifies the timestamp when this token expires. Defaults to being set dynamically at runtime based on the TTL. Expires and TTL are mutually exclusive.", "format": "date-time", "type": "string" }, "groups": { "description": "Groups specifies the extra groups that this token will authenticate as when/if used for authentication", "items": { "type": "string" }, "type": "array" }, "token": { "description": "Token is used for establishing bidirectional trust between nodes and masters. Used for joining nodes in the cluster.", "type": "object" }, "ttl": { "description": "TTL defines the time to live for this token. Defaults to 24h. Expires and TTL are mutually exclusive.", "type": "string" }, "usages": { "description": "Usages describes the ways in which this token can be used. Can by default be used for establishing bidirectional trust, but that can be changed here.", "items": { "type": "string" }, "type": "array" } }, "required": [ "token" ], "type": "object", "additionalProperties": false }, "type": "array" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "localAPIEndpoint": { "description": "LocalAPIEndpoint represents the endpoint of the API server instance that's deployed on this control plane node In HA setups, this differs from ClusterConfiguration.ControlPlaneEndpoint in the sense that ControlPlaneEndpoint is the global endpoint for the cluster, which then loadbalances the requests to each individual API server. This configuration object lets you customize what IP/DNS name and port the local API server advertises it's accessible on. By default, kubeadm tries to auto-detect the IP of the default interface and use that, but in case that process fails you may set the desired value here.", "properties": { "advertiseAddress": { "description": "AdvertiseAddress sets the IP address for the API server to advertise.", "type": "string" }, "bindPort": { "description": "BindPort sets the secure port for the API Server to bind to. Defaults to 6443.", "format": "int32", "type": "integer" } }, "required": [ "advertiseAddress", "bindPort" ], "type": "object", "additionalProperties": false }, "nodeRegistration": { "description": "NodeRegistration holds fields that relate to registering the new master node to the cluster", "properties": { "criSocket": { "description": "CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use", "type": "string" }, "kubeletExtraArgs": { "description": "KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.", "type": "object" }, "name": { "description": "Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm joi\u0144` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided.", "type": "string" }, "taints": { "description": "Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=\"\"'}. If you don't want to taint your master node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.", "items": { "type": "object" }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "join": { "description": "JoinConfiguration is used to customize any kubeadm join configuration parameters.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", "type": "string" }, "caCertPath": { "description": "CACertPath is the path to the SSL certificate authority used to secure comunications between node and master. Defaults to \"/etc/kubernetes/pki/ca.crt\".", "type": "string" }, "controlPlane": { "description": "ControlPlane defines the additional control plane instance to be deployed on the joining node. If nil, no additional control plane instance will be deployed.", "properties": { "localAPIEndpoint": { "description": "LocalAPIEndpoint represents the endpoint of the API server instance to be deployed on this node.", "properties": { "advertiseAddress": { "description": "AdvertiseAddress sets the IP address for the API server to advertise.", "type": "string" }, "bindPort": { "description": "BindPort sets the secure port for the API Server to bind to. Defaults to 6443.", "format": "int32", "type": "integer" } }, "required": [ "advertiseAddress", "bindPort" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "discovery": { "description": "Discovery specifies the options for the kubelet to use during the TLS Bootstrap process", "properties": { "bootstrapToken": { "description": "BootstrapToken is used to set the options for bootstrap token based discovery BootstrapToken and File are mutually exclusive", "properties": { "apiServerEndpoint": { "description": "APIServerEndpoint is an IP or domain name to the API server from which info will be fetched.", "type": "string" }, "caCertHashes": { "description": "CACertHashes specifies a set of public key pins to verify when token-based discovery is used. The root CA found during discovery must match one of these values. Specifying an empty set disables root CA pinning, which can be unsafe. Each hash is specified as \":\", where the only currently supported type is \"sha256\". This is a hex-encoded SHA-256 hash of the Subject Public Key Info (SPKI) object in DER-encoded ASN.1. These hashes can be calculated using, for example, OpenSSL: openssl x509 -pubkey -in ca.crt openssl rsa -pubin -outform der 2>&/dev/null | openssl dgst -sha256 -hex", "items": { "type": "string" }, "type": "array" }, "token": { "description": "Token is a token used to validate cluster information fetched from the master.", "type": "string" }, "unsafeSkipCAVerification": { "description": "UnsafeSkipCAVerification allows token-based discovery without CA verification via CACertHashes. This can weaken the security of kubeadm since other nodes can impersonate the master.", "type": "boolean" } }, "required": [ "token", "unsafeSkipCAVerification" ], "type": "object", "additionalProperties": false }, "file": { "description": "File is used to specify a file or URL to a kubeconfig file from which to load cluster information BootstrapToken and File are mutually exclusive", "properties": { "kubeConfigPath": { "description": "KubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information", "type": "string" } }, "required": [ "kubeConfigPath" ], "type": "object", "additionalProperties": false }, "timeout": { "description": "Timeout modifies the discovery timeout", "type": "string" }, "tlsBootstrapToken": { "description": "TLSBootstrapToken is a token used for TLS bootstrapping. If .BootstrapToken is set, this field is defaulted to .BootstrapToken.Token, but can be overridden. If .File is set, this field **must be set** in case the KubeConfigFile does not contain any other authentication information", "type": "string" } }, "required": [ "tlsBootstrapToken" ], "type": "object", "additionalProperties": false }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", "type": "string" }, "nodeRegistration": { "description": "NodeRegistration holds fields that relate to registering the new master node to the cluster", "properties": { "criSocket": { "description": "CRISocket is used to retrieve container runtime info. This information will be annotated to the Node API object, for later re-use", "type": "string" }, "kubeletExtraArgs": { "description": "KubeletExtraArgs passes through extra arguments to the kubelet. The arguments here are passed to the kubelet command line via the environment file kubeadm writes at runtime for the kubelet to source. This overrides the generic base-level configuration in the kubelet-config-1.X ConfigMap Flags have higher priority when parsing. These values are local and specific to the node kubeadm is executing on.", "type": "object" }, "name": { "description": "Name is the `.Metadata.Name` field of the Node API object that will be created in this `kubeadm init` or `kubeadm joi\u0144` operation. This field is also used in the CommonName field of the kubelet's client certificate to the API server. Defaults to the hostname of the node if not provided.", "type": "string" }, "taints": { "description": "Taints specifies the taints the Node API object should be registered with. If this field is unset, i.e. nil, in the `kubeadm init` process it will be defaulted to []v1.Taint{'node-role.kubernetes.io/master=\"\"'}. If you don't want to taint your master node, set this field to an empty slice, i.e. `taints: {}` in the YAML file. This field is solely used for Node registration.", "items": { "type": "object" }, "type": "array" } }, "type": "object", "additionalProperties": false } }, "required": [ "nodeRegistration", "caCertPath", "discovery" ], "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "metadata": { "type": "object" }, "publicIP": { "description": "PublicIP specifies whether the instance should get a public IP. Precedence for this setting is as follows: 1. This field if set 2. Cluster/flavor setting 3. Subnet default", "type": "boolean" }, "rootDeviceSize": { "description": "RootDeviceSize is the size of the root volume.", "format": "int64", "type": "integer" }, "subnet": { "description": "Subnet is a reference to the subnet to use for this instance. If not specified, the cluster subnet will be used.", "properties": { "arn": { "description": "ARN of resource", "type": "string" }, "filters": { "description": "Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html", "items": { "properties": { "name": { "description": "Name of the filter. Filter names are case-sensitive.", "type": "string" }, "values": { "description": "Values includes one or more filter values. Filter values are case-sensitive.", "items": { "type": "string" }, "type": "array" } }, "required": [ "name", "values" ], "type": "object", "additionalProperties": false }, "type": "array" }, "id": { "description": "ID of resource", "type": "string" } }, "type": "object", "additionalProperties": false } } }