diff --git a/assets/logos/rancher-turtles.svg b/assets/logos/rancher-turtles.svg
new file mode 100644
index 00000000000..2133449fe18
--- /dev/null
+++ b/assets/logos/rancher-turtles.svg
@@ -0,0 +1 @@
+
\ No newline at end of file
diff --git a/assets/rancher-turtles/rancher-turtles-106.0.0+up0.0.0.tgz b/assets/rancher-turtles/rancher-turtles-106.0.0+up0.0.0.tgz
new file mode 100644
index 00000000000..165d20cca0d
Binary files /dev/null and b/assets/rancher-turtles/rancher-turtles-106.0.0+up0.0.0.tgz differ
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/.helmignore b/charts/rancher-turtles/106.0.0+up0.0.0/.helmignore
new file mode 100644
index 00000000000..898df48862b
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/.helmignore
@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/Chart.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/Chart.yaml
new file mode 100644
index 00000000000..004f9ddf633
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/Chart.yaml
@@ -0,0 +1,25 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
+ catalog.cattle.io/kube-version: '>= 1.23.0-0'
+ catalog.cattle.io/namespace: rancher-turtles-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux
+ catalog.cattle.io/rancher-version: '>= 2.11.0-1'
+ catalog.cattle.io/release-name: rancher-turtles
+ catalog.cattle.io/scope: management
+ catalog.cattle.io/type: cluster-tool
+apiVersion: v2
+appVersion: 0.0.0
+description: Rancher Turtles is an extension to Rancher that brings full Cluster API
+ integration to Rancher.
+home: https://github.com/rancher/turtles/
+icon: file://assets/logos/rancher-turtles.svg
+keywords:
+- rancher
+- cluster-api
+- capi
+- provisioning
+name: rancher-turtles
+type: application
+version: 106.0.0+up0.0.0
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/README.md b/charts/rancher-turtles/106.0.0+up0.0.0/README.md
new file mode 100644
index 00000000000..9b89a4160ce
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/README.md
@@ -0,0 +1,5 @@
+# Rancher Turtles Chart
+
+This chart installs Rancher Turtles using Helm.
+
+Checkout the [documentation](https://turtles.docs.rancher.com) for further information.
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/app-readme.md b/charts/rancher-turtles/106.0.0+up0.0.0/app-readme.md
new file mode 100644
index 00000000000..cfb4b629470
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/app-readme.md
@@ -0,0 +1,5 @@
+# Rancher Turtles - The Cluster API Extension for Rancher
+
+Rancher Turtles brings enhanced integration of Cluster API with Rancher.
+
+For more information, including a getting started guide, see the [official documentation](https://turtles.docs.rancher.com).
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/questions.yml b/charts/rancher-turtles/106.0.0+up0.0.0/questions.yml
new file mode 100644
index 00000000000..9ea290d3dec
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/questions.yml
@@ -0,0 +1,49 @@
+namespace: rancher-turtles-system
+questions:
+ - variable: rancherTurtles.features.default
+ default: "false"
+ description: "Customize install settings"
+ label: Customize install settings
+ type: boolean
+ show_subquestion_if: true
+ group: "Rancher Turtles Extra Settings"
+ subquestions:
+ - variable: turtlesUI.enabled
+ default: false
+ type: boolean
+ description: "Flag to enable or disable installation of CAPI UI extension. If set to false then you will need to install CAPI UI extension manually."
+ label: "Install CAPI UI (Experimental)"
+ - variable: rancherTurtles.cluster-api-operator.cleanup
+ default: true
+ description: "Specify that the CAPI Operator post-delete cleanup job will be performed."
+ type: boolean
+ label: Cleanup CAPI Operator installation
+ group: "CAPI Operator cleanup settings"
+ - variable: cluster-api-operator.cluster-api.rke2.enabled
+ default: "true"
+ description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
+ label: "Enable RKE2 Provider"
+ type: boolean
+ - variable: rancherTurtles.features.agent-tls-mode.enabled
+ default: false
+ description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters."
+ type: boolean
+ label: Enable Agent TLS Mode
+ group: "Rancher Turtles Features Settings"
+ - variable: rancherTurtles.kubectlImage
+ default: "registry.k8s.io/kubernetes/kubectl:v1.30.0"
+ description: "Specify the image to use when running kubectl in jobs."
+ type: string
+ label: Kubectl Image
+ group: "Rancher Turtles Features Settings"
+ - variable: rancherTurtles.features.day2operations.enabled
+ label: "Enable Day 2 Operations functionality in Rancher Turtles"
+ description: "Use this setting to configure Day 2 Operations functionality in Rancher Turtles, such as enabling ETCD Backup and Restore."
+ type: boolean
+ group: "Rancher Turtles Features Settings"
+ - variable: rancherTurtles.features.day2operations.etcdBackupRestore.enabled
+ label: "Enable ETCD Backup and Restore"
+ description: "[ALPHA] Enable ETCD Backup and Restore functionality in Rancher Turtles."
+ type: boolean
+ group: "ETCD Backup and Restore Settings"
+ show_if: "rancherTurtles.features.day2operations.enabled"
\ No newline at end of file
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/addon-provider-fleet.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/addon-provider-fleet.yaml
new file mode 100644
index 00000000000..346453cc6ac
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/addon-provider-fleet.yaml
@@ -0,0 +1,76 @@
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+ name: fleet
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+spec:
+ enableAutomaticUpdate: true
+ type: addon
+ additionalManifests:
+ name: fleet-addon-config
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: fleet-addon-config
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+data:
+ manifests: |-
+ apiVersion: addons.cluster.x-k8s.io/v1alpha1
+ kind: FleetAddonConfig
+ metadata:
+ name: fleet-addon-config
+ spec:
+ config:
+ featureGates:
+ {{- if index .Values "rancherTurtles" "rancherInstalled" }}
+ configMap:
+ ref:
+ kind: ConfigMap
+ apiVersion: v1
+ name: rancher-config
+ namespace: cattle-system
+ {{- end }}
+ experimentalOciStorage: true
+ experimentalHelmOps: true
+ clusterClass:
+ patchResource: true
+ setOwnerReferences: true
+ cluster:
+ agentNamespace: cattle-fleet-system
+ applyClassGroup: true
+ patchResource: true
+ setOwnerReferences: true
+ hostNetwork: true
+ selector:
+ matchLabels:
+ cluster-api.cattle.io/rancher-auto-import: "true"
+ matchExpressions:
+ - key: cluster-api.cattle.io/disable-fleet-auto-import
+ operator: DoesNotExist
+ namespaceSelector:
+ matchLabels:
+ cluster-api.cattle.io/rancher-auto-import: "true"
+ matchExpressions:
+ - key: cluster-api.cattle.io/disable-fleet-auto-import
+ operator: DoesNotExist
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRoleBinding
+ metadata:
+ name: cappf-controller-psa
+ roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: fleet-controller-psa
+ subjects:
+ - kind: ServiceAccount
+ name: caapf-controller-manager
+ namespace: {{ .Values.rancherTurtles.namespace }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/azure-rbac.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/azure-rbac.yaml
new file mode 100644
index 00000000000..4cd993c7682
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/azure-rbac.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: caprke2-azure-aggregated-role
+ labels:
+ cluster.x-k8s.io/aggregate-to-capz-manager: "true"
+rules:
+- apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ resources:
+ - rke2configs
+ verbs:
+ - create
+ - update
+ - delete
+ - get
+ - list
+ - patch
+ - watch
\ No newline at end of file
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-cm-cleanup-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-cm-cleanup-job.yaml
new file mode 100644
index 00000000000..2617ffa87d8
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-cm-cleanup-job.yaml
@@ -0,0 +1,66 @@
+{{- if index .Values "rancherTurtles" "rancherInstalled" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: pre-upgrade-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": "post-delete, pre-upgrade"
+ "helm.sh/hook-weight": "-2"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: pre-upgrade-job-delete-clusterctl-configmap
+ annotations:
+ "helm.sh/hook": "post-delete, pre-upgrade"
+ "helm.sh/hook-weight": "-2"
+rules:
+- apiGroups: [""]
+ resources:
+ - configmaps
+ verbs:
+ - list
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: pre-upgrade-job-clusterctl-configmap-cleanup
+ annotations:
+ "helm.sh/hook": "post-delete, pre-upgrade"
+ "helm.sh/hook-weight": "-2"
+subjects:
+ - kind: ServiceAccount
+ name: pre-upgrade-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+roleRef:
+ kind: ClusterRole
+ name: pre-upgrade-job-delete-clusterctl-configmap
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: rancher-clusterctl-configmap-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": "post-delete, pre-upgrade"
+ "helm.sh/hook-weight": "-1"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: pre-upgrade-job
+ containers:
+ - name: rancher-clusterctl-configmap-cleanup
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ args:
+ - delete
+ - configmap
+ - --namespace={{ .Values.rancherTurtles.namespace }}
+ - clusterctl-config
+ - --ignore-not-found=true
+ restartPolicy: Never
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-config.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-config.yaml
new file mode 100644
index 00000000000..225f24db0fa
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/clusterctl-config.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: clusterctl-config
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
\ No newline at end of file
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/core-provider.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/core-provider.yaml
new file mode 100644
index 00000000000..a946d19193a
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/core-provider.yaml
@@ -0,0 +1,85 @@
+{{- if index .Values "cluster-api-operator" "cluster-api" "enabled" }}
+{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+{{- if not (lookup "v1" "Namespace" "" $namespace) }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "1"
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+{{- end }}
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+ name: cluster-api
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+spec:
+ name: cluster-api
+ type: core
+ enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "core" "enableAutomaticUpdate" }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "core" "version" }}
+ version: {{ index .Values "cluster-api-operator" "cluster-api" "core" "version" }}
+{{- end }}
+ additionalManifests:
+ name: capi-additional-rbac-roles
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+ configSecret:
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{ else }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector") }}
+ fetchConfig:
+ {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }}
+ url: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }}
+ {{- end }}
+ {{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }}
+ selector: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }}
+ {{- end }}
+{{- end }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }}
+ deployment:
+ containers:
+ - name: manager
+ imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }}
+{{- end }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: capi-additional-rbac-roles
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+data:
+ manifests: |-
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ name: provisioning-rke-cattle-io
+ labels:
+ cluster.x-k8s.io/aggregate-to-manager: "true"
+ rules:
+ - apiGroups: ["rke.cattle.io"]
+ resources: ["*"]
+ verbs: ["*"]
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+ kind: ClusterRole
+ metadata:
+ name: provisioning-rke-machine-cattle-io
+ labels:
+ cluster.x-k8s.io/aggregate-to-manager: "true"
+ rules:
+ - apiGroups: ["rke-machine.cattle.io"]
+ resources: ["*"]
+ verbs: ["*"]
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/deployment.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/deployment.yaml
new file mode 100644
index 00000000000..67e30bc9dfe
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/deployment.yaml
@@ -0,0 +1,88 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ control-plane: controller-manager
+ name: rancher-turtles-controller-manager
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ spec:
+ {{- if .Values.rancherTurtles.imagePullSecrets }}
+ imagePullSecrets:
+ {{- range .Values.rancherTurtles.imagePullSecrets }}
+ - name: {{ . }}
+ {{- end }}
+ {{- end }}
+ containers:
+ - args:
+ - --leader-elect
+ - --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
+ {{- range .Values.rancherTurtles.managerArguments }}
+ - {{ . }}
+ {{- end }}
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ {{- if (contains "sha256:" .Values.rancherTurtles.imageVersion) }}
+ image: '{{ .Values.rancherTurtles.image }}@{{ .Values.rancherTurtles.imageVersion }}'
+ {{- else }}
+ image: '{{ .Values.rancherTurtles.image }}:{{ .Values.rancherTurtles.imageVersion }}'
+ {{- end}}
+ imagePullPolicy: '{{ .Values.rancherTurtles.imagePullPolicy }}'
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 9440
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 9440
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 300Mi
+ requests:
+ cpu: 10m
+ memory: 128Mi
+ {{- with .Values.rancherTurtles.volumeMounts.manager }}
+ volumeMounts:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ serviceAccountName: rancher-turtles-manager
+ terminationGracePeriodSeconds: 10
+ {{- with .Values.rancherTurtles.volumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/operator-crds.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/operator-crds.yaml
new file mode 100644
index 00000000000..e3f7abd63ea
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/operator-crds.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ rancher-turtles/aggregate-to-manager: "true"
+ name: rancher-turtles-operator-admin
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - '*'
+ verbs:
+ - '*'
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/post-delete-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/post-delete-job.yaml
new file mode 100644
index 00000000000..19f036725c2
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/post-delete-job.yaml
@@ -0,0 +1,166 @@
+{{- if index .Values "cluster-api-operator" "cleanup" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: post-delete-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "1"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: post-delete-job-delete-webhooks
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "1"
+rules:
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - delete
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ verbs:
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: post-delete-job-webhook-cleanup
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "1"
+subjects:
+ - kind: ServiceAccount
+ name: post-delete-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+roleRef:
+ kind: ClusterRole
+ name: post-delete-job-delete-webhooks
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: cluster-api-operator-mutatingwebhook-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: post-delete-job
+ containers:
+ - name: cluster-api-operator-mutatingwebhook-cleanup
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - mutatingwebhookconfigurations.admissionregistration.k8s.io
+ - capi-mutating-webhook-configuration
+ - capi-kubeadm-bootstrap-mutating-webhook-configuration
+ - capi-kubeadm-control-plane-mutating-webhook-configuration
+ - rke2-bootstrap-mutating-webhook-configuration
+ - rke2-control-plane-mutating-webhook-configuration
+ - --ignore-not-found=true
+ restartPolicy: Never
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: cluster-api-operator-validatingwebhook-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: post-delete-job
+ containers:
+ - name: cluster-api-operator-validatingwebhook-cleanup
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - validatingwebhookconfigurations.admissionregistration.k8s.io
+ - capi-validating-webhook-configuration
+ - capi-kubeadm-bootstrap-validating-webhook-configuration
+ - capi-kubeadm-control-plane-validating-webhook-configuration
+ - rke2-bootstrap-validating-webhook-configuration
+ - rke2-control-plane-validating-webhook-configuration
+ - --ignore-not-found=true
+ restartPolicy: Never
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: cluster-api-operator-deployment-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-delete
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: post-delete-job
+ restartPolicy: Never
+ containers:
+ - name: delete-capi-controller-manager
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - deployments.apps/capi-controller-manager
+ - -n
+ - {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
+ - --ignore-not-found=true
+ - name: delete-capi-kubeadm-bootstrap-controller-manager
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - deployments.apps/capi-kubeadm-bootstrap-controller-manager
+ - -n
+ - capi-kubeadm-bootstrap-system
+ - --ignore-not-found=true
+ - name: delete-capi-kubeadm-control-plane-controller-manager
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - deployments.apps/capi-kubeadm-control-plane-controller-manager
+ - -n
+ - capi-kubeadm-control-plane-system
+ - --ignore-not-found=true
+ - name: delete-rke2-kubeadm-bootstrap-controller-manager
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - deployments.apps/rke2-bootstrap-controller-manager
+ - -n
+ - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
+ - --ignore-not-found=true
+ - name: delete-rke2-control-plane-controller-manager
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ command: ["kubectl"]
+ args:
+ - delete
+ - deployments.apps/rke2-control-plane-controller-manager
+ - -n
+ - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
+ - --ignore-not-found=true
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/post-upgrade-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/post-upgrade-job.yaml
new file mode 100644
index 00000000000..1982e3e15bb
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/post-upgrade-job.yaml
@@ -0,0 +1,124 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: post-upgrade-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-weight": "1"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: post-upgrade-job-delete-capi-operator-resources
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-weight": "1"
+rules:
+- apiGroups:
+ - operator.cluster.x-k8s.io
+ resources:
+ - addonproviders
+ - bootstrapproviders
+ - controlplaneproviders
+ - coreproviders
+ - infrastructureproviders
+ - ipamproviders
+ - runtimeextensionproviders
+ verbs:
+ - get
+ - watch
+ - list
+ - delete
+ - patch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: post-upgrade-job-capi-operator-resources-cleanup
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-weight": "1"
+subjects:
+ - kind: ServiceAccount
+ name: post-upgrade-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+roleRef:
+ kind: ClusterRole
+ name: post-upgrade-job-delete-capi-operator-resources
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: cluster-api-operator-resources-cleanup-script
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-weight": "1"
+data:
+ cleanup.sh: |
+ #!/usr/bin/env bash
+
+ set -euo pipefail
+
+ remove_finalizers_and_delete() {
+ local resource_type="$1"
+ if kubectl get crd $resource_type > /dev/null 2>&1; then
+ kubectl get $resource_type --all-namespaces --no-headers --ignore-not-found | awk '{print $1 " " $2}' | xargs -r -n2 bash -c 'kubectl patch '"${resource_type}"' "$1" -n "$0" --type merge -p "{\"metadata\":{\"finalizers\":null}}"'
+ kubectl delete $resource_type --all --all-namespaces
+ else
+ echo "Resource type $resource_type does not exist, skipping cleanup."
+ fi
+ }
+
+ resource_types=(
+ "addonproviders.operator.cluster.x-k8s.io"
+ "bootstrapproviders.operator.cluster.x-k8s.io"
+ "controlplaneproviders.operator.cluster.x-k8s.io"
+ "coreproviders.operator.cluster.x-k8s.io"
+ "infrastructureproviders.operator.cluster.x-k8s.io"
+ "ipamproviders.operator.cluster.x-k8s.io"
+ "runtimeextensionproviders.operator.cluster.x-k8s.io"
+ )
+
+ for resource_type in "${resource_types[@]}"; do
+ remove_finalizers_and_delete "$resource_type"
+ done
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: cluster-api-operator-resources-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: post-upgrade-job
+ containers:
+ - name: cluster-api-operator-resources-cleanup
+ image: {{ index .Values "rancherTurtles" "shellImage" }}
+ command: ["/bin/bash"]
+ args:
+ - "-c"
+ - "/scripts/cleanup.sh"
+ volumeMounts:
+ - name: script
+ mountPath: /scripts
+ volumes:
+ - name: script
+ configMap:
+ name: cluster-api-operator-resources-cleanup-script
+ defaultMode: 0777
+ restartPolicy: Never
+---
\ No newline at end of file
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/pre-delete-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/pre-delete-job.yaml
new file mode 100644
index 00000000000..6567dafd0d9
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/pre-delete-job.yaml
@@ -0,0 +1,67 @@
+{{- if index .Values "rancherTurtles" "rancherInstalled" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: pre-delete-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-weight": "-2"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: pre-delete-job-delete-capiproviders
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-weight": "-2"
+rules:
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - capiproviders
+ verbs:
+ - list
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: pre-delete-job-capiprovider-cleanup
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-weight": "-2"
+subjects:
+ - kind: ServiceAccount
+ name: pre-delete-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+roleRef:
+ kind: ClusterRole
+ name: pre-delete-job-delete-capiproviders
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: rancher-capiprovider-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-weight": "-1"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: pre-delete-job
+ containers:
+ - name: rancher-capiprovider-cleanup
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ args:
+ - delete
+ - capiproviders
+ - -A
+ - --all
+ - --cascade=foreground
+ restartPolicy: Never
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/pre-install-job.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/pre-install-job.yaml
new file mode 100644
index 00000000000..e0e7cfdd7c6
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/pre-install-job.yaml
@@ -0,0 +1,101 @@
+{{- if index .Values "rancherTurtles" "rancherInstalled"}}
+---
+apiVersion: management.cattle.io/v3
+kind: Feature
+metadata:
+ name: embedded-cluster-api
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+spec:
+ value: false
+{{- end }}
+{{- if index .Values "rancherTurtles" "rancherInstalled" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: pre-install-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: pre-install-job-delete-webhooks
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+rules:
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - validatingwebhookconfigurations
+ - mutatingwebhookconfigurations
+ verbs:
+ - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: pre-install-job-webhook-cleanup
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "1"
+subjects:
+ - kind: ServiceAccount
+ name: pre-install-job
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+roleRef:
+ kind: ClusterRole
+ name: pre-install-job-delete-webhooks
+ apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: rancher-mutatingwebhook-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: pre-install-job
+ containers:
+ - name: rancher-mutatingwebhook-cleanup
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ args:
+ - delete
+ - mutatingwebhookconfigurations.admissionregistration.k8s.io
+ - mutating-webhook-configuration
+ - --ignore-not-found=true
+ restartPolicy: Never
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: rancher-validatingwebhook-cleanup
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+ annotations:
+ "helm.sh/hook": pre-install
+ "helm.sh/hook-weight": "2"
+spec:
+ ttlSecondsAfterFinished: 300
+ template:
+ spec:
+ serviceAccountName: pre-install-job
+ containers:
+ - name: rancher-validatingwebhook-cleanup
+ image: {{ index .Values "rancherTurtles" "kubectlImage" }}
+ args:
+ - delete
+ - validatingwebhookconfigurations.admissionregistration.k8s.io
+ - validating-webhook-configuration
+ - --ignore-not-found=true
+ restartPolicy: Never
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-components.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-components.yaml
new file mode 100644
index 00000000000..5ade06fed7d
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-components.yaml
@@ -0,0 +1,3583 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.1
+ helm.sh/resource-policy: keep
+ name: capiproviders.turtles-capi.cattle.io
+spec:
+ group: turtles-capi.cattle.io
+ names:
+ kind: CAPIProvider
+ listKind: CAPIProviderList
+ plural: capiproviders
+ singular: capiprovider
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.type
+ name: Type
+ type: string
+ - jsonPath: .status.name
+ name: ProviderName
+ type: string
+ - jsonPath: .status.installedVersion
+ name: InstalledVersion
+ type: string
+ - jsonPath: .status.phase
+ name: Phase
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: CAPIProvider is the Schema for the CAPI Providers API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: CAPIProviderSpec defines the desired state of CAPIProvider.
+ example:
+ credentials:
+ rancherCloudCredential: user-credential
+ name: aws
+ type: infrastructure
+ version: v2.3.0
+ properties:
+ additionalDeployments:
+ additionalProperties:
+ description: |-
+ AdditionalDeployments defines the properties that can be enabled on the controller
+ manager and deployment for the provider if the provider is managing additional deployments.
+ properties:
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the additional provider deployment.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules
+ for the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated
+ with the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching
+ the corresponding nodeSelectorTerm, in the
+ range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector
+ terms. The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules
+ (e.g. co-locate this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling
+ rules (e.g. avoid putting this pod in the same node,
+ zone, etc. as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched
+ WeightedPodAffinityTerm fields are added per-node
+ to find the most preferred node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term,
+ associated with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a
+ list of label selector requirements.
+ The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label
+ key that the selector applies
+ to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The
+ requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set
+ in the container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable.
+ Must be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the
+ FieldPath is written in terms of,
+ defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select
+ in the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required
+ for volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format
+ of the exposed resources, defaults
+ to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to
+ select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in
+ the pod's namespace
+ properties:
+ key:
+ description: The key of the secret to
+ select from. Must be a valid secret
+ key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry
+ in PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the
+ Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to
+ distinguish between explicit zero and not specified. Defaults
+ to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ manager:
+ description: Manager defines the properties that can be enabled
+ on the controller manager for the additional provider deployment.
+ properties:
+ additionalArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ AdditionalArgs is a map of additional options that will be passed
+ in as container args to the provider's controller manager.
+ type: object
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should
+ be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains the controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ type: object
+ description: |-
+ AdditionalDeployments is a map of additional deployments that the provider
+ should manage. The key is the name of the deployment and the value is the
+ DeploymentSpec.
+ type: object
+ additionalManifests:
+ description: |-
+ AdditionalManifests is reference to configmap that contains additional manifests that will be applied
+ together with the provider components. The key for storing these manifests has to be `manifests`.
+ The manifests are applied only once when a certain release is installed/upgraded. If namespace is not specified, the
+ namespace of the provider will be used. There is no validation of the yaml content inside the configmap.
+ properties:
+ name:
+ description: Name defines the name of the configmap.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the configmap.
+ type: string
+ required:
+ - name
+ type: object
+ configSecret:
+ description: |-
+ ConfigSecret is the object with name and namespace of the Secret providing
+ the configuration variables for the current provider instance, like e.g. credentials.
+ Such configurations will be used when creating or upgrading provider components.
+ The contents of the secret will be treated as immutable. If changes need
+ to be made, a new object can be created and the name should be updated.
+ The contents should be in the form of key:value. This secret must be in
+ the same namespace as the provider.
+ properties:
+ name:
+ description: Name defines the name of the secret.
+ type: string
+ namespace:
+ description: Namespace defines the namespace of the secret.
+ type: string
+ required:
+ - name
+ type: object
+ credentials:
+ description: Credentials is the structure holding the credentials
+ to use for the provider. Only one credential type could be set at
+ a time.
+ example:
+ rancherCloudCredential: user-credential
+ maxProperties: 1
+ minProperties: 1
+ properties:
+ rancherCloudCredential:
+ description: RancherCloudCredential is the Rancher Cloud Credential
+ name
+ type: string
+ rancherCloudCredentialNamespaceName:
+ description: RancherCloudCredentialNamespaceName is the Rancher
+ Cloud Credential namespace:name reference
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ x-kubernetes-validations:
+ - message: rancherCloudCredentialNamespaceName should be in the namespace:name
+ format.
+ rule: '!has(self.rancherCloudCredentialNamespaceName) || self.rancherCloudCredentialNamespaceName.matches(''^.+:.+$'')'
+ deployment:
+ description: Deployment defines the properties that can be enabled
+ on the deployment for the provider.
+ properties:
+ affinity:
+ description: If specified, the pod's scheduling constraints
+ properties:
+ nodeAffinity:
+ description: Describes node affinity scheduling rules for
+ the pod.
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node matches the corresponding matchExpressions; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: |-
+ An empty preferred scheduling term matches all objects with implicit weight 0
+ (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op).
+ properties:
+ preference:
+ description: A node selector term, associated with
+ the corresponding weight.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ weight:
+ description: Weight associated with matching the
+ corresponding nodeSelectorTerm, in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - preference
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to an update), the system
+ may or may not try to eventually evict the pod from its node.
+ properties:
+ nodeSelectorTerms:
+ description: Required. A list of node selector terms.
+ The terms are ORed.
+ items:
+ description: |-
+ A null or empty node selector term matches no objects. The requirements of
+ them are ANDed.
+ The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.
+ properties:
+ matchExpressions:
+ description: A list of node selector requirements
+ by node's labels.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchFields:
+ description: A list of node selector requirements
+ by node's fields.
+ items:
+ description: |-
+ A node selector requirement is a selector that contains values, a key, and an operator
+ that relates the key and values.
+ properties:
+ key:
+ description: The label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ Represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
+ type: string
+ values:
+ description: |-
+ An array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. If the operator is Gt or Lt, the values
+ array must have a single element, which will be interpreted as an integer.
+ This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - nodeSelectorTerms
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ podAffinity:
+ description: Describes pod affinity scheduling rules (e.g.
+ co-locate this pod in the same node, zone, etc. as some
+ other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ podAntiAffinity:
+ description: Describes pod anti-affinity scheduling rules
+ (e.g. avoid putting this pod in the same node, zone, etc.
+ as some other pod(s)).
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ The scheduler will prefer to schedule pods to nodes that satisfy
+ the anti-affinity expressions specified by this field, but it may choose
+ a node that violates one or more of the expressions. The node that is
+ most preferred is the one with the greatest sum of weights, i.e.
+ for each node that meets all of the scheduling requirements (resource
+ request, requiredDuringScheduling anti-affinity expressions, etc.),
+ compute a sum by iterating through the elements of this field and adding
+ "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the
+ node(s) with the highest sum are the most preferred.
+ items:
+ description: The weights of all of the matched WeightedPodAffinityTerm
+ fields are added per-node to find the most preferred
+ node(s)
+ properties:
+ podAffinityTerm:
+ description: Required. A pod affinity term, associated
+ with the corresponding weight.
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list
+ of label selector requirements. The requirements
+ are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key
+ that the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ weight:
+ description: |-
+ weight associated with matching the corresponding podAffinityTerm,
+ in the range 1-100.
+ format: int32
+ type: integer
+ required:
+ - podAffinityTerm
+ - weight
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ requiredDuringSchedulingIgnoredDuringExecution:
+ description: |-
+ If the anti-affinity requirements specified by this field are not met at
+ scheduling time, the pod will not be scheduled onto the node.
+ If the anti-affinity requirements specified by this field cease to be met
+ at some point during pod execution (e.g. due to a pod label update), the
+ system may or may not try to eventually evict the pod from its node.
+ When there are multiple elements, the lists of nodes corresponding to each
+ podAffinityTerm are intersected, i.e. all terms must be satisfied.
+ items:
+ description: |-
+ Defines a set of pods (namely those matching the labelSelector
+ relative to the given namespace(s)) that this pod should be
+ co-located (affinity) or not co-located (anti-affinity) with,
+ where co-located is defined as running on a node whose value of
+ the label with key matches that of any node on which
+ a pod of the set of pods is running
+ properties:
+ labelSelector:
+ description: |-
+ A label query over a set of resources, in this case pods.
+ If it's null, this PodAffinityTerm matches with no Pods.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ matchLabelKeys:
+ description: |-
+ MatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both matchLabelKeys and labelSelector.
+ Also, matchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ mismatchLabelKeys:
+ description: |-
+ MismatchLabelKeys is a set of pod label keys to select which pods will
+ be taken into consideration. The keys are used to lookup values from the
+ incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)`
+ to select the group of existing pods which pods will be taken into consideration
+ for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming
+ pod labels will be ignored. The default value is empty.
+ The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
+ Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
+ This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ namespaceSelector:
+ description: |-
+ A label query over the set of namespaces that the term applies to.
+ The term is applied to the union of the namespaces selected by this field
+ and the ones listed in the namespaces field.
+ null selector and null or empty namespaces list means "this pod's namespace".
+ An empty selector ({}) matches all namespaces.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are
+ ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that
+ the selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ namespaces:
+ description: |-
+ namespaces specifies a static list of namespace names that the term applies to.
+ The term is applied to the union of the namespaces listed in this field
+ and the ones selected by namespaceSelector.
+ null or empty namespaces list and null namespaceSelector means "this pod's namespace".
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ topologyKey:
+ description: |-
+ This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching
+ the labelSelector in the specified namespaces, where co-located is defined as running on a node
+ whose value of the label with key topologyKey matches that of any node on which any of the
+ selected pods is running.
+ Empty topologyKey is not allowed.
+ type: string
+ required:
+ - topologyKey
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ containers:
+ description: List of containers specified in the Deployment
+ items:
+ description: |-
+ ContainerSpec defines the properties available to override for each
+ container in a provider deployment such as Image and Args to the container’s
+ entrypoint.
+ properties:
+ args:
+ additionalProperties:
+ type: string
+ description: |-
+ Args represents extra provider specific flags that are not encoded as fields in this API.
+ Explicit controller manager properties defined in the `Provider.ManagerSpec`
+ will have higher precedence than those defined in `ContainerSpec.Args`.
+ For example, `ManagerSpec.SyncPeriod` will be used instead of the
+ container arg `--sync-period` if both are defined.
+ The same holds for `ManagerSpec.FeatureGates` and `--feature-gates`.
+ type: object
+ command:
+ description: Command allows override container's entrypoint
+ array.
+ items:
+ type: string
+ type: array
+ env:
+ description: List of environment variables to set in the
+ container.
+ items:
+ description: EnvVar represents an environment variable
+ present in a Container.
+ properties:
+ name:
+ description: Name of the environment variable. Must
+ be a C_IDENTIFIER.
+ type: string
+ value:
+ description: |-
+ Variable references $(VAR_NAME) are expanded
+ using the previously defined environment variables in the container and
+ any service environment variables. If a variable cannot be resolved,
+ the reference in the input string will be unchanged. Double $$ are reduced
+ to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ Escaped references will never be expanded, regardless of whether the variable
+ exists or not.
+ Defaults to "".
+ type: string
+ valueFrom:
+ description: Source for the environment variable's
+ value. Cannot be used if value is not empty.
+ properties:
+ configMapKeyRef:
+ description: Selects a key of a ConfigMap.
+ properties:
+ key:
+ description: The key to select.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the ConfigMap
+ or its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ fieldRef:
+ description: |-
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`,
+ spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ properties:
+ apiVersion:
+ description: Version of the schema the FieldPath
+ is written in terms of, defaults to "v1".
+ type: string
+ fieldPath:
+ description: Path of the field to select in
+ the specified API version.
+ type: string
+ required:
+ - fieldPath
+ type: object
+ x-kubernetes-map-type: atomic
+ resourceFieldRef:
+ description: |-
+ Selects a resource of the container: only resources limits and requests
+ (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ properties:
+ containerName:
+ description: 'Container name: required for
+ volumes, optional for env vars'
+ type: string
+ divisor:
+ anyOf:
+ - type: integer
+ - type: string
+ description: Specifies the output format of
+ the exposed resources, defaults to "1"
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ resource:
+ description: 'Required: resource to select'
+ type: string
+ required:
+ - resource
+ type: object
+ x-kubernetes-map-type: atomic
+ secretKeyRef:
+ description: Selects a key of a secret in the
+ pod's namespace
+ properties:
+ key:
+ description: The key of the secret to select
+ from. Must be a valid secret key.
+ type: string
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ optional:
+ description: Specify whether the Secret or
+ its key must be defined
+ type: boolean
+ required:
+ - key
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imageUrl:
+ description: Container Image URL
+ type: string
+ name:
+ description: Name of the container. Cannot be updated.
+ type: string
+ resources:
+ description: Compute resources required by this container.
+ properties:
+ claims:
+ description: |-
+ Claims lists the names of resources, defined in spec.resourceClaims,
+ that are used by this container.
+
+ This is an alpha field and requires enabling the
+ DynamicResourceAllocation feature gate.
+
+ This field is immutable. It can only be set for containers.
+ items:
+ description: ResourceClaim references one entry in
+ PodSpec.ResourceClaims.
+ properties:
+ name:
+ description: |-
+ Name must match the name of one entry in pod.spec.resourceClaims of
+ the Pod where this field is used. It makes that resource available
+ inside a container.
+ type: string
+ request:
+ description: |-
+ Request is the name chosen for a request in the referenced claim.
+ If empty, everything from the claim is made available, otherwise
+ only the result of this request.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ limits:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Limits describes the maximum amount of compute resources allowed.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ requests:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Requests describes the minimum amount of compute resources required.
+ If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+ otherwise to an implementation-defined value. Requests cannot exceed Limits.
+ More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ type: object
+ type: object
+ required:
+ - name
+ type: object
+ type: array
+ imagePullSecrets:
+ description: List of image pull secrets specified in the Deployment
+ items:
+ description: |-
+ LocalObjectReference contains enough information to let you locate the
+ referenced object inside the same namespace.
+ properties:
+ name:
+ default: ""
+ description: |-
+ Name of the referent.
+ This field is effectively required, but due to backwards compatibility is
+ allowed to be empty. Instances of this type with an empty value here are
+ almost certainly wrong.
+ More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+ type: string
+ type: object
+ x-kubernetes-map-type: atomic
+ type: array
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: |-
+ NodeSelector is a selector which must be true for the pod to fit on a node.
+ Selector which must match a node's labels for the pod to be scheduled on that node.
+ More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ type: object
+ replicas:
+ description: Number of desired pods. This is a pointer to distinguish
+ between explicit zero and not specified. Defaults to 1.
+ minimum: 0
+ type: integer
+ serviceAccountName:
+ description: If specified, the pod's service account
+ type: string
+ tolerations:
+ description: If specified, the pod's tolerations.
+ items:
+ description: |-
+ The pod this Toleration is attached to tolerates any taint that matches
+ the triple using the matching operator .
+ properties:
+ effect:
+ description: |-
+ Effect indicates the taint effect to match. Empty means match all taint effects.
+ When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ type: string
+ key:
+ description: |-
+ Key is the taint key that the toleration applies to. Empty means match all taint keys.
+ If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ type: string
+ operator:
+ description: |-
+ Operator represents a key's relationship to the value.
+ Valid operators are Exists and Equal. Defaults to Equal.
+ Exists is equivalent to wildcard for value, so that a pod can
+ tolerate all taints of a particular category.
+ type: string
+ tolerationSeconds:
+ description: |-
+ TolerationSeconds represents the period of time the toleration (which must be
+ of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
+ it is not set, which means tolerate the taint forever (do not evict). Zero and
+ negative values will be treated as 0 (evict immediately) by the system.
+ format: int64
+ type: integer
+ value:
+ description: |-
+ Value is the taint value the toleration matches to.
+ If the operator is Exists, the value should be empty, otherwise just a regular string.
+ type: string
+ type: object
+ type: array
+ type: object
+ enableAutomaticUpdate:
+ description: EnableAutomaticUpdate can be used to automatically update
+ the CAPIProvider to a newest version.
+ type: boolean
+ features:
+ description: Features is a collection of features to enable.
+ example:
+ clusterResourceSet: true
+ clusterTopology: true
+ machinePool: true
+ properties:
+ clusterResourceSet:
+ description: ClusterResourceSet if set to true will enable the
+ cluster resource set feature.
+ type: boolean
+ clusterTopology:
+ description: ClusterTopology if set to true will enable the clusterclass
+ feature.
+ type: boolean
+ machinePool:
+ description: MachinePool if set to true will enable the machine
+ pool feature.
+ type: boolean
+ type: object
+ fetchConfig:
+ description: |-
+ FetchConfig determines how the operator will fetch the components and metadata for the provider.
+ If nil, the operator will try to fetch components according to default
+ embedded fetch configuration for the given kind and `ObjectMeta.Name`.
+ For example, the infrastructure name `aws` will fetch artifacts from
+ https://github.com/kubernetes-sigs/cluster-api-provider-aws/releases.
+ properties:
+ oci:
+ description: |-
+ OCI to be used for fetching the provider’s components and metadata from an OCI artifact.
+ You must set `providerSpec.Version` field for operator to pick up desired version of the release from GitHub.
+ If the providerSpec.Version is missing, latest provider version from clusterctl defaults is used.
+ type: string
+ selector:
+ description: |-
+ Selector to be used for fetching provider’s components and metadata from
+ ConfigMaps stored inside the cluster. Each ConfigMap is expected to contain
+ components and metadata for a specific version only.
+ Note: the name of the ConfigMap should be set to the version or to override this
+ add a label like the following: provider.cluster.x-k8s.io/version=v1.4.3
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ url:
+ description: |-
+ URL to be used for fetching the provider’s components and metadata from a remote Github repository.
+ For example, https://github.com/{owner}/{repository}/releases
+ You must set `providerSpec.Version` field for operator to pick up
+ desired version of the release from GitHub.
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: Must specify one and only one of {oci, url, selector}
+ rule: '[has(self.oci), has(self.url), has(self.selector)].exists_one(x,x)'
+ manager:
+ description: Manager defines the properties that can be enabled on
+ the controller manager for the provider.
+ properties:
+ additionalArgs:
+ additionalProperties:
+ type: string
+ description: |-
+ AdditionalArgs is a map of additional options that will be passed
+ in as container args to the provider's controller manager.
+ type: object
+ cacheNamespace:
+ description: |-
+ CacheNamespace if specified restricts the manager's cache to watch objects in
+ the desired namespace Defaults to all namespaces
+
+ Note: If a namespace is specified, controllers can still Watch for a
+ cluster-scoped resource (e.g Node). For namespaced resources the cache
+ will only hold objects from the desired namespace.
+ type: string
+ controller:
+ description: |-
+ Controller contains global configuration options for controllers
+ registered within this manager.
+ properties:
+ cacheSyncTimeout:
+ description: |-
+ CacheSyncTimeout refers to the time limit set to wait for syncing caches.
+ Defaults to 2 minutes if not set.
+ format: int64
+ type: integer
+ groupKindConcurrency:
+ additionalProperties:
+ type: integer
+ description: |-
+ GroupKindConcurrency is a map from a Kind to the number of concurrent reconciliation
+ allowed for that controller.
+
+ When a controller is registered within this manager using the builder utilities,
+ users have to specify the type the controller reconciles in the For(...) call.
+ If the object's kind passed matches one of the keys in this map, the concurrency
+ for that controller is set to the number specified.
+
+ The key is expected to be consistent in form with GroupKind.String(),
+ e.g. ReplicaSet in apps group (regardless of version) would be `ReplicaSet.apps`.
+ type: object
+ recoverPanic:
+ description: RecoverPanic indicates if panics should be recovered.
+ type: boolean
+ type: object
+ featureGates:
+ additionalProperties:
+ type: boolean
+ description: |-
+ FeatureGates define provider specific feature flags that will be passed
+ in as container args to the provider's controller manager.
+ Controller Manager flag is --feature-gates.
+ type: object
+ gracefulShutDown:
+ description: |-
+ GracefulShutdownTimeout is the duration given to runnable to stop before the manager actually returns on stop.
+ To disable graceful shutdown, set to time.Duration(0)
+ To use graceful shutdown without timeout, set to a negative duration, e.G. time.Duration(-1)
+ The graceful shutdown is skipped for safety reasons in case the leader election lease is lost.
+ type: string
+ health:
+ description: Health contains the controller health configuration
+ properties:
+ healthProbeBindAddress:
+ description: |-
+ HealthProbeBindAddress is the TCP address that the controller should bind to
+ for serving health probes
+ It can be set to "0" or "" to disable serving the health probe.
+ type: string
+ livenessEndpointName:
+ description: LivenessEndpointName, defaults to "healthz"
+ type: string
+ readinessEndpointName:
+ description: ReadinessEndpointName, defaults to "readyz"
+ type: string
+ type: object
+ leaderElection:
+ description: |-
+ LeaderElection is the LeaderElection config to be used when configuring
+ the manager.Manager leader election
+ properties:
+ leaderElect:
+ description: |-
+ leaderElect enables a leader election client to gain leadership
+ before executing the main loop. Enable this when running replicated
+ components for high availability.
+ type: boolean
+ leaseDuration:
+ description: |-
+ leaseDuration is the duration that non-leader candidates will wait
+ after observing a leadership renewal until attempting to acquire
+ leadership of a led but unrenewed leader slot. This is effectively the
+ maximum duration that a leader can be stopped before it is replaced
+ by another candidate. This is only applicable if leader election is
+ enabled.
+ type: string
+ renewDeadline:
+ description: |-
+ renewDeadline is the interval between attempts by the acting master to
+ renew a leadership slot before it stops leading. This must be less
+ than or equal to the lease duration. This is only applicable if leader
+ election is enabled.
+ type: string
+ resourceLock:
+ description: |-
+ resourceLock indicates the resource object type that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceName:
+ description: |-
+ resourceName indicates the name of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ resourceNamespace:
+ description: |-
+ resourceName indicates the namespace of resource object that will be used to lock
+ during leader election cycles.
+ type: string
+ retryPeriod:
+ description: |-
+ retryPeriod is the duration the clients should wait between attempting
+ acquisition and renewal of a leadership. This is only applicable if
+ leader election is enabled.
+ type: string
+ required:
+ - leaderElect
+ - leaseDuration
+ - renewDeadline
+ - resourceLock
+ - resourceName
+ - resourceNamespace
+ - retryPeriod
+ type: object
+ maxConcurrentReconciles:
+ description: |-
+ MaxConcurrentReconciles is the maximum number of concurrent Reconciles
+ which can be run.
+ minimum: 1
+ type: integer
+ metrics:
+ description: Metrics contains the controller metrics configuration
+ properties:
+ bindAddress:
+ description: |-
+ BindAddress is the TCP address that the controller should bind to
+ for serving prometheus metrics.
+ It can be set to "0" to disable the metrics serving.
+ type: string
+ type: object
+ profilerAddress:
+ description: |-
+ ProfilerAddress defines the bind address to expose the pprof profiler (e.g. localhost:6060).
+ Default empty, meaning the profiler is disabled.
+ Controller Manager flag is --profiler-address.
+ type: string
+ syncPeriod:
+ description: |-
+ SyncPeriod determines the minimum frequency at which watched resources are
+ reconciled. A lower period will correct entropy more quickly, but reduce
+ responsiveness to change if there are many watched resources. Change this
+ value only if you know what you are doing. Defaults to 10 hours if unset.
+ there will a 10 percent jitter between the SyncPeriod of all controllers
+ so that all controllers will not send list requests simultaneously.
+ type: string
+ verbosity:
+ default: 1
+ description: |-
+ Verbosity set the logs verbosity. Defaults to 1.
+ Controller Manager flag is --verbosity.
+ minimum: 0
+ type: integer
+ webhook:
+ description: Webhook contains the controllers webhook configuration
+ properties:
+ certDir:
+ description: |-
+ CertDir is the directory that contains the server key and certificate.
+ if not set, webhook server would look up the server key and certificate in
+ {TempDir}/k8s-webhook-server/serving-certs. The server key and certificate
+ must be named tls.key and tls.crt, respectively.
+ type: string
+ host:
+ description: |-
+ Host is the hostname that the webhook server binds to.
+ It is used to set webhook.Server.Host.
+ type: string
+ port:
+ description: |-
+ Port is the port that the webhook server serves at.
+ It is used to set webhook.Server.Port.
+ type: integer
+ type: object
+ type: object
+ manifestPatches:
+ description: |-
+ ManifestPatches are applied to rendered provider manifests to customize the
+ provider manifests. Patches are applied in the order they are specified.
+ The `kind` field must match the target object, and
+ if `apiVersion` is specified it will only be applied to matching objects.
+ This should be an inline yaml blob-string https://datatracker.ietf.org/doc/html/rfc7396
+ items:
+ type: string
+ type: array
+ name:
+ description: Name is the name of the provider to enable
+ example: aws
+ type: string
+ type:
+ description: Type is the type of the provider to enable
+ example: InfrastructureProvider
+ type: string
+ variables:
+ additionalProperties:
+ type: string
+ description: Variables is a map of environment variables to add to
+ the content of the ConfigSecret
+ example:
+ CLUSTER_TOPOLOGY: "true"
+ EXP_CLUSTER_RESOURCE_SET: "true"
+ EXP_MACHINE_POOL: "true"
+ type: object
+ version:
+ description: Version indicates the provider version.
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: 'CAPI Provider version should be in the semver format prefixed
+ with ''v''. Example: v1.9.3'
+ rule: '!has(self.version) || self.version.matches(r"""^v([0-9]+)\.([0-9]+)\.([0-9]+)(?:-([0-9A-Za-z-]+(?:\.[0-9A-Za-z-]+)*))?(?:\+[0-9A-Za-z-]+)?$""")'
+ - message: Config secret namespace is always equal to the resource namespace
+ and should not be set.
+ rule: '!has(self.configSecret) || !has(self.configSecret.__namespace__)'
+ - message: One of fetchConfig oci, url or selector should be set.
+ rule: '!has(self.fetchConfig) || [has(self.fetchConfig.oci), has(self.fetchConfig.url),
+ has(self.fetchConfig.selector)].exists_one(e, e)'
+ status:
+ default: {}
+ description: CAPIProviderStatus defines the observed state of CAPIProvider.
+ properties:
+ conditions:
+ description: Conditions define the current service state of the provider.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This field may be empty.
+ maxLength: 10240
+ minLength: 1
+ type: string
+ reason:
+ description: |-
+ reason is the reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ maxLength: 256
+ minLength: 1
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ maxLength: 32
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ maxLength: 256
+ minLength: 1
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ contract:
+ description: |-
+ Contract will contain the core provider contract that the provider is
+ abiding by, like e.g. v1alpha4.
+ type: string
+ installedVersion:
+ description: InstalledVersion is the version of the provider that
+ is installed.
+ type: string
+ name:
+ description: Name reflects actual provider name, which will be visible
+ to users in 'kubectl get capiproviders -A -o wide'
+ type: string
+ observedGeneration:
+ description: ObservedGeneration is the latest generation observed
+ by the controller.
+ format: int64
+ type: integer
+ phase:
+ default: Pending
+ description: Indicates the provider status
+ type: string
+ variables:
+ additionalProperties:
+ type: string
+ default:
+ CLUSTER_TOPOLOGY: "true"
+ EXP_CLUSTER_RESOURCE_SET: "true"
+ EXP_MACHINE_POOL: "true"
+ description: Variables is a map of environment variables added to
+ the content of the ConfigSecret
+ type: object
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: CAPI Provider type should always be set.
+ rule: has(self.spec.type)
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.1
+ helm.sh/resource-policy: keep
+ name: clusterctlconfigs.turtles-capi.cattle.io
+spec:
+ group: turtles-capi.cattle.io
+ names:
+ kind: ClusterctlConfig
+ listKind: ClusterctlConfigList
+ plural: clusterctlconfigs
+ singular: clusterctlconfig
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ClusterctlConfig is the Schema for the CAPI Clusterctl config
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterctlConfigSpec defines the user overrides for images
+ and known providers with sources
+ properties:
+ images:
+ description: Images is a list of image overrided for specified providers
+ items:
+ description: Image allows to define transformations to apply to
+ the image contained in the YAML manifests.
+ properties:
+ name:
+ description: Name of the provider image override
+ example: all
+ type: string
+ repository:
+ description: Repository sets the container registry override
+ to pull images from.
+ example: my-registry/my-org
+ type: string
+ tag:
+ description: Tag allows to specify a tag for the images.
+ type: string
+ required:
+ - name
+ type: object
+ type: array
+ providers:
+ description: Provider overrides
+ items:
+ description: Provider allows to define providers with known URLs
+ to pull the components.
+ properties:
+ name:
+ description: Name of the provider
+ type: string
+ type:
+ description: Type is the type of the provider
+ example: InfrastructureProvider
+ type: string
+ url:
+ description: URL of the provider components. Will be used unless
+ and override is specified
+ type: string
+ required:
+ - name
+ - type
+ - url
+ type: object
+ type: array
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: Clusterctl Config should be named clusterctl-config.
+ rule: self.metadata.name == 'clusterctl-config'
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: controller-manager-sa
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: serviceaccount
+ app.kubernetes.io/part-of: rancher-turtles
+ name: rancher-turtles-manager
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: leader-election-role
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: role
+ app.kubernetes.io/part-of: rancher-turtles
+ name: rancher-turtles-leader-election-role
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rancher-turtles/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: rancher-turtles-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ rancher-turtles/aggregate-to-manager: "true"
+ name: rancher-turtles-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - events
+ - namespaces
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - catalog.cattle.io
+ resources:
+ - uiplugins
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - create
+ - get
+ - update
+- apiGroups:
+ - infrastructure.cluster.x-k8s.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - management.cattle.io
+ resources:
+ - clusterregistrationtokens
+ - clusters
+ - clusters/status
+ verbs:
+ - create
+ - delete
+ - deletecollection
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - management.cattle.io
+ resources:
+ - clusterregistrationtokens/status
+ - settings
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - provisioning.cattle.io
+ resources:
+ - clusters
+ - clusters/status
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resourceNames:
+ - rancher-turtles-manager-role
+ resources:
+ - clusterroles
+ verbs:
+ - get
+ - list
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - capiproviders
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - capiproviders/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - capiproviders/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - clusterctlconfigs
+ - clusterctlconfigs/status
+ verbs:
+ - get
+ - list
+ - patch
+ - watch
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - clusterctlconfigs/finalizers
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: leader-election-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: rolebinding
+ app.kubernetes.io/part-of: rancher-turtles
+ name: rancher-turtles-leader-election-rolebinding
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: rancher-turtles-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: rancher-turtles-manager
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: manager-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/part-of: rancher-turtles
+ name: rancher-turtles-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: rancher-turtles-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+ name: rancher-turtles-manager
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-clusterclass-components.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-clusterclass-components.yaml
new file mode 100644
index 00000000000..2e58ebdabdd
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-clusterclass-components.yaml
@@ -0,0 +1,793 @@
+{{- if index .Values "rancherTurtles" "features" "clusterclass-operations" "enabled" }}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.1
+ labels:
+ turtles-capi.cattle.io: clusterclass
+ name: clusterupgradegroups.rollout.turtles-capi.cattle.io
+spec:
+ group: rollout.turtles-capi.cattle.io
+ names:
+ kind: ClusterUpgradeGroup
+ listKind: ClusterUpgradeGroupList
+ plural: clusterupgradegroups
+ singular: clusterupgradegroup
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ClusterUpgradeGroup is the Schema for the clusterupgrades API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterUpgradeGroupSpec defines the desired state of ClusterUpgradeGroup
+ properties:
+ className:
+ type: string
+ rolloutStrategy:
+ description: |-
+ RolloutStrategy controls the rollout of bundles, by defining
+ partitions, canaries and percentages for cluster availability.
+ properties:
+ rollingUpdate:
+ description: |-
+ Rolling update config params. Present only if
+ RolloutStrategyType = RollingUpdate.
+ properties:
+ maxFailures:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of failed attempts before skipping the update for a given
+ cluster.
+ x-kubernetes-int-or-string: true
+ maxRollouts:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ The maximum number of clusters that can be in update state (non-active) during a
+ rolling update.
+ x-kubernetes-int-or-string: true
+ rolloutDelay:
+ anyOf:
+ - type: integer
+ - type: string
+ description: The delay between subsequent cluster rollouts.
+ x-kubernetes-int-or-string: true
+ type: object
+ type:
+ description: |-
+ Type of rollout.
+ Default is RollingUpdate.
+ type: string
+ type: object
+ targets:
+ description: Targets refer to the clusters that should be upgraded.
+ items:
+ properties:
+ clusterGroup:
+ description: ClusterGroup to match a specific cluster group
+ by name.
+ nullable: true
+ type: string
+ clusterGroupSelector:
+ description: ClusterGroupSelector is a selector to match cluster
+ groups.
+ nullable: true
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ clusterName:
+ description: |-
+ ClusterName to match a specific cluster by name that will be
+ selected
+ nullable: true
+ type: string
+ clusterSelector:
+ description: |-
+ ClusterSelector is a selector to match clusters. The structure is
+ the standard metav1.LabelSelector format. If clusterGroupSelector or
+ clusterGroup is specified, clusterSelector will be used only to
+ further refine the selection after clusterGroupSelector and
+ clusterGroup is evaluated.
+ nullable: true
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ doNotDeploy:
+ description: DoNotDeploy if set to true, will not deploy to
+ this target.
+ type: boolean
+ name:
+ description: |-
+ Name of target. This value is largely for display and logging. If
+ not specified a default name of the format "target000" will be used
+ type: string
+ type: object
+ type: array
+ required:
+ - className
+ type: object
+ status:
+ description: ClusterUpgradeGroupStatus defines the observed state of ClusterUpgradeGroup
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.14.0
+ labels:
+ turtles-capi.cattle.io: clusterclass
+ name: clusterupgrades.rollout.turtles-capi.cattle.io
+spec:
+ group: rollout.turtles-capi.cattle.io
+ names:
+ kind: ClusterUpgrade
+ listKind: ClusterUpgradeList
+ plural: clusterupgrades
+ singular: clusterupgrade
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ClusterUpgrade is the Schema for the clusterupgrades API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ClusterUpgradeSpec defines the desired state of ClusterUpgrade
+ properties:
+ className:
+ type: string
+ rolloutStrategy:
+ description: |-
+ RolloutStrategy controls the rollout of bundles, by defining
+ partitions, canaries and percentages for cluster availability.
+ properties:
+ autoPartitionSize:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ A number or percentage of how to automatically partition clusters if no
+ specific partitioning strategy is configured.
+ default: 25%
+ x-kubernetes-int-or-string: true
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ A number or percentage of clusters that can be unavailable during an update
+ of a bundle. This follows the same basic approach as a deployment rollout
+ strategy. Once the number of clusters meets unavailable state update will be
+ paused. Default value is 100% which doesn't take effect on update.
+ default: 100%
+ x-kubernetes-int-or-string: true
+ maxUnavailablePartitions:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ A number or percentage of cluster partitions that can be unavailable during
+ an update of a bundle.
+ default: 0
+ x-kubernetes-int-or-string: true
+ partitions:
+ description: |-
+ A list of definitions of partitions. If any target clusters do not match
+ the configuration they are added to partitions at the end following the
+ autoPartitionSize.
+ items:
+ description: Partition defines a separate rollout strategy for
+ a set of clusters.
+ properties:
+ clusterGroup:
+ description: A cluster group name to include in this partition
+ type: string
+ clusterGroupSelector:
+ description: Selector matching cluster group labels to include
+ in this partition
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ clusterName:
+ description: ClusterName is the name of a cluster to include
+ in this partition
+ type: string
+ clusterSelector:
+ description: Selector matching cluster labels to include
+ in this partition
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ maxUnavailable:
+ anyOf:
+ - type: integer
+ - type: string
+ description: |-
+ A number or percentage of clusters that can be unavailable in this
+ partition before this partition is treated as done.
+ default: 10%
+ x-kubernetes-int-or-string: true
+ name:
+ description: A user-friendly name given to the partition
+ used for Display (optional).
+ type: string
+ type: object
+ type: array
+ type: object
+ targets:
+ description: Targets refer to the clusters that should be upgraded.
+ items:
+ properties:
+ clusterGroup:
+ description: ClusterGroup to match a specific cluster group
+ by name.
+ nullable: true
+ type: string
+ clusterGroupSelector:
+ description: ClusterGroupSelector is a selector to match cluster
+ groups.
+ nullable: true
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ clusterName:
+ description: |-
+ ClusterName to match a specific cluster by name that will be
+ selected
+ nullable: true
+ type: string
+ clusterSelector:
+ description: |-
+ ClusterSelector is a selector to match clusters. The structure is
+ the standard metav1.LabelSelector format. If clusterGroupSelector or
+ clusterGroup is specified, clusterSelector will be used only to
+ further refine the selection after clusterGroupSelector and
+ clusterGroup is evaluated.
+ nullable: true
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector
+ requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector
+ applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ doNotDeploy:
+ description: DoNotDeploy if set to true, will not deploy to
+ this target.
+ type: boolean
+ name:
+ description: |-
+ Name of target. This value is largely for display and logging. If
+ not specified a default name of the format "target000" will be used
+ type: string
+ type: object
+ type: array
+ required:
+ - className
+ type: object
+ status:
+ description: ClusterUpgradeStatus defines the observed state of ClusterUpgrade
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: turtles-rollout-poc
+ app.kubernetes.io/instance: controller-manager-sa
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: serviceaccount
+ app.kubernetes.io/part-of: turtles-rollout-poc
+ turtles-capi.cattle.io: clusterclass
+ name: rancher-turtles-clusterclass-manager
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: turtles-rollout-poc
+ app.kubernetes.io/instance: leader-election-role
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: role
+ app.kubernetes.io/part-of: turtles-rollout-poc
+ turtles-capi.cattle.io: clusterclass
+ name: rancher-turtles-clusterclass-leader-election-role
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rancher-turtles/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ turtles-capi.cattle.io: clusterclass
+ name: rancher-turtles-clusterclass-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ rancher-turtles/aggregate-to-manager: "true"
+ turtles-capi.cattle.io: clusterclass
+ name: rancher-turtles-clusterclass-manager-role
+rules:
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusterclasses
+ - clusters
+ - clusters/status
+ verbs:
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - rollout.turtles-capi.cattle.io
+ resources:
+ - clusterupgradegroups
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - rollout.turtles-capi.cattle.io
+ resources:
+ - clusterupgradegroups/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - rollout.turtles-capi.cattle.io
+ resources:
+ - clusterupgradegroupss/finalizers
+ verbs:
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: turtles-rollout-poc
+ app.kubernetes.io/instance: leader-election-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: rolebinding
+ app.kubernetes.io/part-of: turtles-rollout-poc
+ turtles-capi.cattle.io: clusterclass
+ name: rancher-turtles-clusterclass-leader-election-rolebinding
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: rancher-turtles-clusterclass-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: rancher-turtles-clusterclass-manager
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: turtles-rollout-poc
+ app.kubernetes.io/instance: manager-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/part-of: turtles-rollout-poc
+ turtles-capi.cattle.io: clusterclass
+ name: rancher-turtles-clusterclass-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: rancher-turtles-clusterclass-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+ name: rancher-turtles-clusterclass-manager
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ control-plane: controller-manager
+ turtles-capi.cattle.io: clusterclass
+ name: rancher-turtles-clusterclass-controller-manager
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ turtles-capi.cattle.io: clusterclass
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ turtles-capi.cattle.io: clusterclass
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ command:
+ - ./turtles-clusterclass-operations
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ {{- $imageVersion := index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" -}}
+ {{- if contains "sha256:" $imageVersion }}
+ image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}@{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }}
+ {{- else }}
+ image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}:{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }}
+ {{- end }}
+ imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imagePullPolicy" }}'
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8081
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 8081
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ serviceAccountName: rancher-turtles-clusterclass-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-day2-components.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-day2-components.yaml
new file mode 100644
index 00000000000..836a09a571e
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-day2-components.yaml
@@ -0,0 +1,666 @@
+{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ labels:
+ turtles-capi.cattle.io: day2-operations
+ name: etcdmachinesnapshots.turtles-capi.cattle.io
+spec:
+ group: turtles-capi.cattle.io
+ names:
+ kind: ETCDMachineSnapshot
+ listKind: ETCDMachineSnapshotList
+ plural: etcdmachinesnapshots
+ singular: etcdmachinesnapshot
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot
+ properties:
+ clusterName:
+ type: string
+ location:
+ type: string
+ machineName:
+ type: string
+ required:
+ - clusterName
+ type: object
+ x-kubernetes-validations:
+ - message: ETCD snapshot location can't be empty.
+ rule: size(self.clusterName)>0
+ status:
+ default: {}
+ description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore
+ properties:
+ error:
+ type: string
+ phase:
+ description: ETCDSnapshotPhase is a string representation of the phase
+ of the etcd snapshot
+ type: string
+ s3Snapshots:
+ items:
+ properties:
+ creationTime:
+ description: CreationTime is the timestamp when the snapshot
+ was taken by etcd.
+ format: date-time
+ type: string
+ location:
+ type: string
+ name:
+ type: string
+ required:
+ - location
+ - name
+ type: object
+ type: array
+ snapshotFileName:
+ type: string
+ snapshots:
+ items:
+ properties:
+ creationTime:
+ description: CreationTime is the timestamp when the snapshot
+ was taken by etcd.
+ format: date-time
+ type: string
+ location:
+ type: string
+ machineName:
+ type: string
+ name:
+ type: string
+ required:
+ - location
+ - machineName
+ - name
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ labels:
+ turtles-capi.cattle.io: day2-operations
+ name: etcdsnapshotrestores.turtles-capi.cattle.io
+spec:
+ group: turtles-capi.cattle.io
+ names:
+ kind: ETCDSnapshotRestore
+ listKind: ETCDSnapshotRestoreList
+ plural: etcdsnapshotrestores
+ singular: etcdsnapshotrestore
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore
+ API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore.
+ properties:
+ clusterName:
+ type: string
+ etcdMachineSnapshotName:
+ type: string
+ required:
+ - clusterName
+ - etcdMachineSnapshotName
+ type: object
+ x-kubernetes-validations:
+ - message: Cluster Name can't be empty.
+ rule: size(self.clusterName)>0
+ - message: ETCD machine snapshot name can't be empty.
+ rule: size(self.etcdMachineSnapshotName)>0
+ status:
+ default: {}
+ description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore.
+ properties:
+ conditions:
+ description: Conditions provide observations of the operational state
+ of a Cluster API resource.
+ items:
+ description: Condition defines an observation of a Cluster API resource
+ operational state.
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when
+ the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This field may be empty.
+ maxLength: 10240
+ minLength: 1
+ type: string
+ reason:
+ description: |-
+ reason is the reason for the condition's last transition in CamelCase.
+ The specific API may choose whether or not this field is considered a guaranteed API.
+ This field may be empty.
+ maxLength: 256
+ minLength: 1
+ type: string
+ severity:
+ description: |-
+ severity provides an explicit classification of Reason code, so the users or machines can immediately
+ understand the current situation and act accordingly.
+ The Severity field MUST be set only when Status=False.
+ maxLength: 32
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
+ can be useful (see .node.status.conditions), the ability to deconflict is important.
+ maxLength: 256
+ minLength: 1
+ type: string
+ required:
+ - lastTransitionTime
+ - status
+ - type
+ type: object
+ type: array
+ phase:
+ default: Pending
+ description: ETCDSnapshotPhase is a string representation of the phase
+ of the etcd snapshot
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
+ controller-gen.kubebuilder.io/version: v0.16.1
+ labels:
+ turtles-capi.cattle.io: day2-operations
+ name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
+spec:
+ group: turtles-capi.cattle.io
+ names:
+ kind: RKE2EtcdMachineSnapshotConfig
+ listKind: RKE2EtcdMachineSnapshotConfigList
+ plural: rke2etcdmachinesnapshotconfigs
+ singular: rke2etcdmachinesnapshotconfig
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig
+ API
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state
+ of RKE2EtcdMachineSnapshotConfig
+ properties:
+ local:
+ properties:
+ dataDir:
+ type: string
+ required:
+ - dataDir
+ type: object
+ s3:
+ properties:
+ bucket:
+ type: string
+ endpoint:
+ type: string
+ endpointCAsecret:
+ type: string
+ folder:
+ type: string
+ insecure:
+ type: boolean
+ region:
+ type: string
+ s3CredentialSecret:
+ type: string
+ skipSSLVerify:
+ type: boolean
+ type: object
+ required:
+ - local
+ - s3
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: leader-election-role
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: role
+ app.kubernetes.io/part-of: rancher-turtles
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-leader-election-role
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - coordination.k8s.io
+ resources:
+ - leases
+ verbs:
+ - get
+ - list
+ - watch
+ - create
+ - update
+ - patch
+ - delete
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+---
+aggregationRule:
+ clusterRoleSelectors:
+ - matchLabels:
+ rancher-turtles-exp/aggregate-to-manager: "true"
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-aggregated-manager-role
+rules: []
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ rancher-turtles-exp/aggregate-to-manager: "true"
+ rancher-turtles/aggregate-to-manager: "true"
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-manager-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ - events
+ - secrets
+ - serviceaccounts
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - serviceaccounts/token
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+ - get
+- apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ resources:
+ - rke2configs
+ - rke2configs/finalizers
+ - rke2configs/status
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - cluster.x-k8s.io
+ resources:
+ - clusters
+ - clusters/status
+ - machines
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - management.cattle.io
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - rolebindings
+ - roles
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - etcdmachinesnapshots
+ - etcdsnapshotrestores
+ - rke2etcdmachinesnapshotconfigs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - etcdmachinesnapshots/finalizers
+ - etcdsnapshotrestores/finalizers
+ - rke2etcdmachinesnapshotconfigs/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - turtles-capi.cattle.io
+ resources:
+ - etcdmachinesnapshots/status
+ - etcdsnapshotrestores/status
+ - rke2etcdmachinesnapshotconfigs/status
+ verbs:
+ - get
+ - patch
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: leader-election-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: rolebinding
+ app.kubernetes.io/part-of: rancher-turtles
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-leader-election-rolebinding
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: rancher-turtles-day2-operations-leader-election-role
+subjects:
+- kind: ServiceAccount
+ name: rancher-turtles-day2-operations-manager
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: manager-rolebinding
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: clusterrolebinding
+ app.kubernetes.io/part-of: rancher-turtles
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: rancher-turtles-day2-operations-aggregated-manager-role
+subjects:
+- kind: ServiceAccount
+ name: rancher-turtles-day2-operations-manager
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-webhook-service
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+spec:
+ ports:
+ - port: 443
+ targetPort: webhook-server
+ selector:
+ turtles-capi.cattle.io: day2-operations
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ labels:
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-serving-cert
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+spec:
+ dnsNames:
+ - rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc
+ - rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: rancher-turtles-day2-operations-selfsigned-issuer
+ secretName: rancher-turtles-day2-operations-webhook-service-cert
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ labels:
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-selfsigned-issuer
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+spec:
+ selfSigned: {}
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
+ labels:
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rancher-turtles-day2-operations-webhook-service
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+ path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
+ failurePolicy: Fail
+ name: systemagentrke2config.kb.io
+ rules:
+ - apiGroups:
+ - bootstrap.cluster.x-k8s.io
+ apiVersions:
+ - v1beta1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - rke2configs
+ sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ annotations:
+ cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
+ labels:
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rancher-turtles-day2-operations-webhook-service
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+ path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: etcdmachinesnapshot.kb.io
+ rules:
+ - apiGroups:
+ - turtles-capi.cattle.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - etcdmachinesnapshots
+ sideEffects: None
+- admissionReviewVersions:
+ - v1
+ clientConfig:
+ service:
+ name: rancher-turtles-day2-operations-webhook-service
+ namespace: {{ index .Values "rancherTurtles" "namespace" }}
+ path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore
+ failurePolicy: Fail
+ matchPolicy: Equivalent
+ name: etcdsnapshotrestore.kb.io
+ rules:
+ - apiGroups:
+ - turtles-capi.cattle.io
+ apiVersions:
+ - v1alpha1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - etcdsnapshotrestores
+ sideEffects: None
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-day2-deployment.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-day2-deployment.yaml
new file mode 100644
index 00000000000..20e13fbc7f5
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rancher-turtles-exp-day2-deployment.yaml
@@ -0,0 +1,106 @@
+{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ control-plane: controller-manager
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-controller-manager
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ control-plane: controller-manager
+ turtles-capi.cattle.io: day2-operations
+ template:
+ metadata:
+ annotations:
+ kubectl.kubernetes.io/default-container: manager
+ labels:
+ control-plane: controller-manager
+ turtles-capi.cattle.io: day2-operations
+ spec:
+ containers:
+ - args:
+ - --leader-elect
+ - --feature-gates=etcd-backup-restore={{ .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
+ command:
+ - ./turtles-day2-operations
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_UID
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.uid
+ {{- if (contains "sha256:" .Values.rancherTurtles.features.day2operations.imageVersion) }}
+ image: '{{ .Values.rancherTurtles.features.day2operations.image }}@{{ .Values.rancherTurtles.features.day2operations.imageVersion }}'
+ {{- else }}
+ image: '{{ .Values.rancherTurtles.features.day2operations.image }}:{{ .Values.rancherTurtles.features.day2operations.imageVersion }}'
+ {{- end }}
+ imagePullPolicy: '{{ .Values.rancherTurtles.features.day2operations.imagePullPolicy }}'
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 9440
+ initialDelaySeconds: 15
+ periodSeconds: 20
+ name: manager
+ ports:
+ - containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 9440
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+ volumeMounts:
+ {{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
+ - mountPath: /tmp/k8s-webhook-server/serving-certs
+ name: cert
+ readOnly: true
+ {{- end }}
+ serviceAccountName: rancher-turtles-day2-operations-manager
+ terminationGracePeriodSeconds: 10
+ tolerations:
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ - effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+ volumes:
+ {{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
+ - name: cert
+ secret:
+ secretName: rancher-turtles-day2-operations-webhook-service-cert
+ {{- end }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app.kubernetes.io/component: rbac
+ app.kubernetes.io/created-by: rancher-turtles
+ app.kubernetes.io/instance: controller-manager-sa
+ app.kubernetes.io/managed-by: kustomize
+ app.kubernetes.io/name: serviceaccount
+ app.kubernetes.io/part-of: rancher-turtles
+ turtles-capi.cattle.io: day2-operations
+ name: rancher-turtles-day2-operations-manager
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/rke2-bootstrap.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rke2-bootstrap.yaml
new file mode 100644
index 00000000000..1210228e5da
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rke2-bootstrap.yaml
@@ -0,0 +1,50 @@
+{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "rke2" "enabled") }}
+{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
+{{- if not (lookup "v1" "Namespace" "" $namespace) }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "1"
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
+{{- end }}
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+ name: rke2-bootstrap
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+spec:
+ name: rke2
+ type: bootstrap
+ enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "enableAutomaticUpdate" }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+ version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+{{- end }}
+ configSecret:
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{ else }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector") }}
+ fetchConfig:
+ {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url" }}
+ url: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url" }}
+ {{- end }}
+ {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector" }}
+ selector: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector" }}
+ {{- end }}
+{{- end }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "imageUrl" }}
+ deployment:
+ containers:
+ - name: manager
+ imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "imageUrl" }}
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/rke2-controlplane.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rke2-controlplane.yaml
new file mode 100644
index 00000000000..8b5e90fd3d8
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/rke2-controlplane.yaml
@@ -0,0 +1,50 @@
+{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "rke2" "enabled") }}
+{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
+{{- if not (lookup "v1" "Namespace" "" $namespace) }}
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "1"
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
+{{- end }}
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: CAPIProvider
+metadata:
+ name: rke2-control-plane
+ namespace: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
+ annotations:
+ "helm.sh/hook": "post-install, post-upgrade"
+ "helm.sh/hook-weight": "2"
+spec:
+ name: rke2
+ type: controlPlane
+ enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "enableAutomaticUpdate" }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+ version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+{{- end }}
+ configSecret:
+{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
+{{ else }}
+ name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
+{{- end }}
+{{- if or (index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector") }}
+ fetchConfig:
+ {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url" }}
+ url: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url" }}
+ {{- end }}
+ {{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector" }}
+ selector: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector" }}
+ {{- end }}
+{{- end }}
+{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "imageUrl" }}
+ deployment:
+ containers:
+ - name: manager
+ imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "imageUrl" }}
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/templates/ui-plugin.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/templates/ui-plugin.yaml
new file mode 100644
index 00000000000..6880c4d58f0
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/templates/ui-plugin.yaml
@@ -0,0 +1,16 @@
+{{- if and (index .Values "turtlesUI" "enabled") (index .Values "rancherTurtles" "rancherInstalled") }}
+apiVersion: catalog.cattle.io/v1
+kind: UIPlugin
+metadata:
+ name: capi
+ namespace: '{{ .Values.rancherTurtles.namespace }}'
+spec:
+ plugin:
+ endpoint: https://raw.githubusercontent.com/rancher/capi-ui-extension/gh-pages/extensions/capi/{{ index .Values "turtlesUI" "version" | toString }}
+ name: capi
+ version: {{ index .Values "turtlesUI" "version" }}
+ metadata:
+ catalog.cattle.io/display-name: CAPI UI
+ catalog.cattle.io/experimental: "true"
+ catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
+{{- end }}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/values.schema.json b/charts/rancher-turtles/106.0.0+up0.0.0/values.schema.json
new file mode 100644
index 00000000000..a862404897f
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/values.schema.json
@@ -0,0 +1,332 @@
+{
+ "$schema": "http://json-schema.org/draft-07/schema#",
+ "title": "Helm Chart Values Schema",
+ "type": "object",
+ "properties": {
+ "turtlesUI": {
+ "type": "object",
+ "description": "Manages the UI component.",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "default": false,
+ "description": "Turn UI on or off."
+ },
+ "version": {
+ "type": "string",
+ "default": "0.8.2",
+ "description": "UI version to use."
+ }
+ }
+ },
+ "rancherTurtles": {
+ "type": "object",
+ "description": "Sets up the cluster management controller.",
+ "properties": {
+ "image": {
+ "type": "string",
+ "default": "controller",
+ "description": "Controller container image."
+ },
+ "imageVersion": {
+ "type": "string",
+ "default": "v0.0.0",
+ "description": "Image tag."
+ },
+ "imagePullPolicy": {
+ "type": "string",
+ "default": "IfNotPresent",
+ "description": "Specify image pull policy."
+ },
+ "namespace": {
+ "type": "string",
+ "default": "rancher-turtles-system",
+ "description": "Namespace for Turtles to run."
+ },
+ "managerArguments": {
+ "type": "array",
+ "default": [],
+ "description": "Extra args for the controller.",
+ "items": { "type": "string" }
+ },
+ "imagePullSecrets": {
+ "type": "array",
+ "default": [],
+ "description": "Secrets for private registries.",
+ "items": { "type": "string" }
+ },
+ "rancherInstalled": {
+ "type": "boolean",
+ "default": true,
+ "description": "True if Rancher is already installed in the cluster."
+ },
+ "kubectlImage": {
+ "type": "string",
+ "default": "registry.k8s.io/kubernetes/kubectl:v1.30.0",
+ "description": "Image for kubectl tasks."
+ },
+ "features": {
+ "type": "object",
+ "description": "Optional and experimental features.",
+ "properties": {
+ "day2operations": {
+ "type": "object",
+ "description": "Alpha feature.",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "default": false,
+ "description": "Turn on or off."
+ },
+ "image": {
+ "type": "string",
+ "default": "controller",
+ "description": "Image for day-2 ops."
+ },
+ "imageVersion": {
+ "type": "string",
+ "default": "v0.0.0",
+ "description": "Image tag."
+ },
+ "imagePullPolicy": {
+ "type": "string",
+ "default": "IfNotPresent",
+ "description": "Specify image pull policy."
+ },
+ "etcdBackupRestore": {
+ "type": "object",
+ "description": "Manages etcd backup/restore.",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "default": false,
+ "description": "Turn on (true) or off (false)."
+ }
+ }
+ }
+ }
+ },
+ "addon-provider-fleet": {
+ "type": "object",
+ "description": "Beta feature for fleet addons.",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "default": true,
+ "description": "Turn on or off."
+ }
+ }
+ },
+ "agent-tls-mode": {
+ "type": "object",
+ "description": "Alpha feature for agent TLS.",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "default": false,
+ "description": "Turn on or off."
+ }
+ }
+ },
+ "clusterclass-operations": {
+ "type": "object",
+ "description": "Alpha feature. Not ready for testing yet.",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "default": false,
+ "description": "Turn on or off."
+ },
+ "image": {
+ "type": "string",
+ "default": "controller",
+ "description": "Image for cluster class ops."
+ },
+ "imageVersion": {
+ "type": "string",
+ "default": "v0.0.0",
+ "description": "Image tag."
+ },
+ "imagePullPolicy": {
+ "type": "string",
+ "default": "IfNotPresent",
+ "description": "Pull policy."
+ }
+ }
+ }
+ }
+ },
+ "volumes": {
+ "type": "array",
+ "description": "Volumes for controller pods.",
+ "items": {
+ "type": "object",
+ "required": [
+ "name",
+ "configMap"
+ ],
+ "properties": {
+ "name": {
+ "type": "string"
+ },
+ "configMap": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "default": "clusterctl-config",
+ "description": "ConfigMap for clusterctl."
+ }
+ }
+ }
+ }
+ }
+ },
+ "volumeMounts": {
+ "type": "object",
+ "properties": {
+ "manager": {
+ "type": "array",
+ "description": "Mount volumes to pods.",
+ "items": {
+ "type": "object",
+ "properties": {
+ "mountPath": { "type": "string" },
+ "name": { "type": "string" },
+ "readOnly": {
+ "type": "boolean",
+ "default": true,
+ "description": "Mount as read-only."
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ "cluster-api-operator": {
+ "type": "object",
+ "description": "Manages Cluster API components.",
+ "properties": {
+ "cleanup": {
+ "type": "boolean",
+ "default": true,
+ "description": "Enable cleanup tasks."
+ },
+ "cluster-api": {
+ "type": "object",
+ "description": "Cluster API component settings.",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "default": true,
+ "description": "Turn on or off."
+ },
+ "configSecret": {
+ "type": "object",
+ "properties": {
+ "name": {
+ "type": "string",
+ "default": "",
+ "description": "Custom secret name (if overriding)."
+ },
+ "defaultName": {
+ "type": "string",
+ "default": "capi-env-variables",
+ "description": "Default secret name."
+ }
+ }
+ },
+ "core": {
+ "type": "object",
+ "properties": {
+ "namespace": {
+ "type": "string",
+ "default": "capi-system",
+ "description": "Core component namespace."
+ },
+ "imageUrl": {
+ "type": "string",
+ "default": "",
+ "description": "Custom image URL."
+ },
+ "fetchConfig": {
+ "type": "object",
+ "properties": {
+ "url": { "type": "string", "default": "" },
+ "selector": { "type": "string", "default": "" }
+ }
+ },
+ "enableAutomaticUpdates": {
+ "type": "boolean",
+ "default": true,
+ "description": "Allow the provider to update automatically when a new Turtles version is installed."
+ },
+ "version": {
+ "type": "string",
+ "default": "",
+ "description": "CAPI core provider version."
+ }
+ }
+ },
+ "rke2": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "default": true,
+ "description": "Turn on or off."
+ },
+ "version": {
+ "type": "string",
+ "default": "",
+ "description": "RKE2 version."
+ },
+ "enableAutomaticUpdates": {
+ "type": "boolean",
+ "default": true,
+ "description": "Allow the provider to update automatically when a new Turtles version is installed."
+ },
+ "bootstrap": {
+ "type": "object",
+ "properties": {
+ "namespace": {
+ "type": "string",
+ "default": "rke2-bootstrap-system"
+ },
+ "imageUrl": { "type": "string", "default": "" },
+ "fetchConfig": {
+ "type": "object",
+ "properties": {
+ "url": { "type": "string", "default": "" },
+ "selector": { "type": "string", "default": "" }
+ }
+ }
+ }
+ },
+ "controlPlane": {
+ "type": "object",
+ "properties": {
+ "namespace": {
+ "type": "string",
+ "default": "rke2-control-plane-system"
+ },
+ "imageUrl": { "type": "string", "default": "" },
+ "fetchConfig": {
+ "type": "object",
+ "properties": {
+ "url": { "type": "string", "default": "" },
+ "selector": { "type": "string", "default": "" }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+}
diff --git a/charts/rancher-turtles/106.0.0+up0.0.0/values.yaml b/charts/rancher-turtles/106.0.0+up0.0.0/values.yaml
new file mode 100644
index 00000000000..ab8991a0b1b
--- /dev/null
+++ b/charts/rancher-turtles/106.0.0+up0.0.0/values.yaml
@@ -0,0 +1,130 @@
+# turtlesUI: Manages the UI component.
+turtlesUI:
+ # enabled: Turn UI on or off.
+ enabled: false
+ # version: UI version to use.
+ version: 0.8.2
+
+# rancherTurtles: Sets up the cluster management controller.
+rancherTurtles:
+ # image: Controller container image.
+ image: controller
+ # imageVersion: Image tag.
+ imageVersion: v0.0.0
+ # imagePullPolicy: Specify image pull policy.
+ imagePullPolicy: IfNotPresent
+ # namespace: Select namespace for Turtles to run.
+ namespace: rancher-turtles-system
+ # managerArguments: Extra args for the controller.
+ managerArguments: []
+ # imagePullSecrets: Secrets for private registries.
+ imagePullSecrets: []
+ # rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
+ rancherInstalled: true
+ # kubectlImage: Image for kubectl tasks.
+ kubectlImage: registry.k8s.io/kubernetes/kubectl:v1.30.0
+ # shellImage: Image for shell tasks.
+ shellImage: rancher/kuberlr-kubectl:v5.0.0
+ # features: Optional and experimental features.
+ features:
+ # day2operations: Alpha feature.
+ day2operations:
+ # enabled: Turn on or off.
+ enabled: false
+ # image: Image for day-2 ops.
+ image: controller
+ # imageVersion: Image tag.
+ imageVersion: v0.0.0
+ # imagePullPolicy: Specify image pull policy.
+ imagePullPolicy: IfNotPresent
+ # etcdBackupRestore: Alpha feature. Manages etcd backup/restore.
+ etcdBackupRestore:
+ # enabled: Turn on (true) or off (false).
+ enabled: false
+ # agent-tls-mode: Beta feature for agent TLS.
+ agent-tls-mode:
+ # enabled: Turn on or off.
+ enabled: true
+ # clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet.
+ clusterclass-operations:
+ # enabled: Turn on or off.
+ enabled: false
+ # image: Image for cluster class ops.
+ image: controller
+ # imageVersion: Image tag.
+ imageVersion: v0.0.0
+ # imagePullPolicy: Pull policy.
+ imagePullPolicy: IfNotPresent
+ # volumes: Volumes for controller pods.
+ volumes:
+ - name: clusterctl-config
+ configMap:
+ name: clusterctl-config
+ # volumeMounts: Volume mounts for controller pods.
+ volumeMounts:
+ manager:
+ - mountPath: /config
+ name: clusterctl-config
+
+# cluster-api-operator: Manages Cluster API components.
+cluster-api-operator:
+ # cleanup: Enable cleanup tasks.
+ cleanup: true
+ # cluster-api: Cluster API component settings.
+ cluster-api:
+ # enabled: Turn on or off.
+ enabled: true
+ # configSecret: Secret for Cluster API config.
+ configSecret:
+ # name: Custom secret name (if overriding).
+ name: ""
+ # defaultName: Default secret name.
+ defaultName: capi-env-variables
+ # core: Core Cluster API settings.
+ core:
+ # namespace: Core component namespace.
+ namespace: capi-system
+ # version: Core ClusterAPI version.
+ version: ""
+ # enableAutomaticUpdate: Allow the provider to update automatically when a new Turtles version is installed.
+ enableAutomaticUpdate: true
+ # imageUrl: Custom image URL.
+ imageUrl: ""
+ # fetchConfig: Config fetching settings.
+ fetchConfig:
+ # url: Config fetch URL.
+ url: ""
+ # selector: Config selector.
+ selector: ""
+ # rke2: RKE2 provider settings.
+ rke2:
+ # enabled: Turn on or off.
+ enabled: true
+ # version: RKE2 version.
+ version: ""
+ # enableAutomaticUpdate: Allow the provider to update automatically when a new Turtles version is installed.
+ enableAutomaticUpdate: true
+ # bootstrap: RKE2 bootstrap provider.
+ bootstrap:
+ # namespace: Bootstrap namespace.
+ namespace: rke2-bootstrap-system
+ # imageUrl: Custom image URL.
+ imageUrl: ""
+ # fetchConfig: Config fetching settings.
+ fetchConfig:
+ # url: Config fetch URL.
+ url: ""
+ # selector: Config selector.
+ selector: ""
+ # controlPlane: RKE2 control plane provider.
+ controlPlane:
+ # namespace: Control plane namespace.
+ namespace: rke2-control-plane-system
+ # imageUrl: Custom image URL.
+ imageUrl: ""
+ # fetchConfig: Config fetching settings.
+ fetchConfig:
+ # url: Config fetch URL.
+ url: ""
+ # selector: Config selector.
+ selector: ""
diff --git a/config/bump_version.json b/config/bump_version.json
index 99faf400616..e6fed829885 100644
--- a/config/bump_version.json
+++ b/config/bump_version.json
@@ -1,8 +1,6 @@
{
"charts": [
- "fleet",
- "fleet-crd",
- "fleet-agent"
+ "rancher-turtles"
],
- "new_version": "106.1.4+up0.12.6"
+ "new_version": "106.0.0+up0.0.0"
}
\ No newline at end of file
diff --git a/index.yaml b/index.yaml
index 3d15ecbbfd8..6066ec5baa5 100755
--- a/index.yaml
+++ b/index.yaml
@@ -31265,6 +31265,36 @@ entries:
urls:
- assets/rancher-supportability-review-crd/rancher-supportability-review-crd-104.0.0+up0.1.2.tgz
version: 104.0.0+up0.1.2
+ rancher-turtles:
+ - annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
+ catalog.cattle.io/kube-version: '>= 1.23.0-0'
+ catalog.cattle.io/namespace: rancher-turtles-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/permits-os: linux
+ catalog.cattle.io/rancher-version: '>= 2.11.0-1'
+ catalog.cattle.io/release-name: rancher-turtles
+ catalog.cattle.io/scope: management
+ catalog.cattle.io/type: cluster-tool
+ apiVersion: v2
+ appVersion: 0.0.0
+ created: "2025-09-04T03:01:37.796214441Z"
+ description: Rancher Turtles is an extension to Rancher that brings full Cluster
+ API integration to Rancher.
+ digest: 05ff710fe6a05d4dbc687f771de63e42de7b0fa99639219b296dafaeb34aa3c2
+ home: https://github.com/rancher/turtles/
+ icon: file://assets/logos/rancher-turtles.svg
+ keywords:
+ - rancher
+ - cluster-api
+ - capi
+ - provisioning
+ name: rancher-turtles
+ type: application
+ urls:
+ - assets/rancher-turtles/rancher-turtles-106.0.0+up0.0.0.tgz
+ version: 106.0.0+up0.0.0
rancher-vsphere-cpi:
- annotations:
catalog.cattle.io/certified: rancher
diff --git a/packages/rancher-turtles/generated-changes/patch/Chart.yaml.patch b/packages/rancher-turtles/generated-changes/patch/Chart.yaml.patch
new file mode 100644
index 00000000000..db7f7e965d0
--- /dev/null
+++ b/packages/rancher-turtles/generated-changes/patch/Chart.yaml.patch
@@ -0,0 +1,11 @@
+--- charts-original/Chart.yaml
++++ charts/Chart.yaml
+@@ -14,7 +14,7 @@
+ description: Rancher Turtles is an extension to Rancher that brings full Cluster API
+ integration to Rancher.
+ home: https://github.com/rancher/turtles/
+-icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
++icon: file://assets/logos/rancher-turtles.svg
+ keywords:
+ - rancher
+ - cluster-api
diff --git a/release.yaml b/release.yaml
index 2b664f3c6f0..dc1dd795f71 100644
--- a/release.yaml
+++ b/release.yaml
@@ -2,6 +2,8 @@ rancher-supportability-review:
- 106.0.1+up0.1.3
rancher-supportability-review-crd:
- 106.0.1+up0.1.3
+rancher-turtles:
+ - 106.0.0+up0.0.0
rancher-webhook:
- 106.0.5+up0.7.5-rc.3
- 106.0.5+up0.7.5-rc.2