v1beta1 API Reference

v1beta1

APIEndpoint

APIEndpoint is the endpoint used to communicate with the Kubernetes API

FieldDescriptionSchemeRequired
hostHost is the hostname or IP on which API is running.stringtrue
portPort is the port used to reach to the API. Default value is 6443.intfalse

Back to Group

AWSSpec

AWSSpec defines the AWS cloud provider

FieldDescriptionSchemeRequired

Back to Group

Addons

Addons config

FieldDescriptionSchemeRequired
enableEnableboolfalse
pathPath on the local file system to the directory with addons manifests.stringtrue

Back to Group

AssetConfiguration

AssetConfiguration controls how assets (e.g. CNI, Kubelet, kube-apiserver, and more) are pulled. The AssetConfiguration API is an alpha API currently working only on Amazon Linux 2.

FieldDescriptionSchemeRequired
kubernetesKubernetes configures the image registry and repository for the core Kubernetes images (kube-apiserver, kube-controller-manager, kube-scheduler, and kube-proxy). Kubernetes respects only ImageRepository (ImageTag is ignored). Default image repository and tag: defaulted dynamically by Kubeadm. Defaults to RegistryConfiguration.OverwriteRegistry if left empty and RegistryConfiguration.OverwriteRegistry is specified.ImageAssetfalse
pausePause configures the sandbox (pause) image to be used by Kubelet. Default image repository and tag: defaulted dynamically by Kubeadm. Defaults to RegistryConfiguration.OverwriteRegistry if left empty and RegistryConfiguration.OverwriteRegistry is specified.ImageAssetfalse
coreDNSCoreDNS configures the image registry and tag to be used for deploying the CoreDNS component. Default image repository and tag: defaulted dynamically by Kubeadm. Defaults to RegistryConfiguration.OverwriteRegistry if left empty and RegistryConfiguration.OverwriteRegistry is specified.ImageAssetfalse
etcdEtcd configures the image registry and tag to be used for deploying the Etcd component. Default image repository and tag: defaulted dynamically by Kubeadm. Defaults to RegistryConfiguration.OverwriteRegistry if left empty and RegistryConfiguration.OverwriteRegistry is specified.ImageAssetfalse
metricsServerMetricsServer configures the image registry and tag to be used for deploying the metrics-server component. Default image repository and tag: defaulted dynamically by KubeOne. Defaults to RegistryConfiguration.OverwriteRegistry if left empty and RegistryConfiguration.OverwriteRegistry is specified.ImageAssetfalse
cniCNI configures the source for downloading the CNI binaries. If not specified, kubernetes-cni package will be installed. Default: noneBinaryAssetfalse
nodeBinariesNodeBinaries configures the source for downloading the Kubernetes Node Binaries tarball (e.g. kubernetes-node-linux-amd64.tar.gz). The tarball must have .tar.gz as the extension and must contain the following files: - kubernetes/node/bin/kubelet - kubernetes/node/bin/kubeadm If not specified, kubelet and kubeadm packages will be installed. Default: noneBinaryAssetfalse
kubectlKubectl configures the source for downloading the Kubectl binary. If not specified, kubelet package will be installed. Default: noneBinaryAssetfalse

Back to Group

AzureSpec

AzureSpec defines the Azure cloud provider

FieldDescriptionSchemeRequired

Back to Group

BinaryAsset

BinaryAsset is used to customize the URL of the binary asset

FieldDescriptionSchemeRequired
urlURL from where to download the binarystringfalse

Back to Group

CNI

CNI config. Only one CNI provider must be used at the single time.

FieldDescriptionSchemeRequired
canalCanal*CanalSpecfalse
weaveNetWeaveNet*WeaveNetSpecfalse
externalExternal*ExternalCNISpecfalse

Back to Group

CanalSpec

CanalSpec defines the Canal CNI plugin

FieldDescriptionSchemeRequired
mtuMTU automatically detected based on the cloudProvider default value is 1450intfalse

Back to Group

CloudProviderSpec

CloudProviderSpec describes the cloud provider that is running the machines. Only one cloud provider must be defined at the single time.

FieldDescriptionSchemeRequired
externalExternalboolfalse
csiMigrationCSIMigration enables the CSIMigration and CSIMigration{Provider} feature gates for providers that support the CSI migration. The CSI migration stability depends on the provider. More details about stability can be found in the Feature Gates document: https://kubernetes.io/docs/reference/command-line-tools-reference/feature-gates/\n\nNote: Azure has two type of CSI drivers (AzureFile and AzureDisk) and two different feature gates (CSIMigrationAzureDisk and CSIMigrationAzureFile). Enabling CSI migration enables both feature gates. If one CSI driver is not deployed, the volume operations for volumes with missing CSI driver will fallback to the in-tree volume plugin.boolfalse
csiMigrationCompleteCSIMigrationComplete enables the CSIMigration{Provider}Complete feature gate for providers that support the CSI migration. This feature gate disables fallback to the in-tree volume plugins, therefore, it should be enabled only if the CSI driver is deploy on all nodes, and after ensuring that the CSI driver works properly.\n\nNote: If you’re running on Azure, make sure that you have both AzureFile and AzureDisk CSI drivers deployed, as enabling this feature disables the fallback to the in-tree volume plugins. See description for the CSIMigration field for more details.boolfalse
cloudConfigCloudConfigstringfalse
awsAWS*AWSSpecfalse
azureAzure*AzureSpecfalse
digitaloceanDigitalOcean*DigitalOceanSpecfalse
gceGCE*GCESpecfalse
hetznerHetzner*HetznerSpecfalse
openstackOpenstack*OpenstackSpecfalse
packetPacket*PacketSpecfalse
vsphereVsphere*VsphereSpecfalse
noneNone*NoneSpecfalse

Back to Group

ClusterNetworkConfig

ClusterNetworkConfig describes the cluster network

FieldDescriptionSchemeRequired
podSubnetPodSubnet default value is "10.244.0.0/16"stringfalse
serviceSubnetServiceSubnet default value is "10.96.0.0/12"stringfalse
serviceDomainNameServiceDomainName default value is "cluster.local"stringfalse
nodePortRangeNodePortRange default value is "30000-32767"stringfalse
cniCNI default value is {canal: {mtu: 1450}}*CNIfalse

Back to Group

ContainerRuntimeConfig

ContainerRuntimeConfig

FieldDescriptionSchemeRequired
docker*ContainerRuntimeDockerfalse
containerd*ContainerRuntimeContainerdfalse

Back to Group

ContainerRuntimeContainerd

ContainerRuntimeContainerd defines docker container runtime

FieldDescriptionSchemeRequired

Back to Group

ContainerRuntimeDocker

ContainerRuntimeDocker defines docker container runtime

FieldDescriptionSchemeRequired

Back to Group

ControlPlaneConfig

ControlPlaneConfig defines control plane nodes

FieldDescriptionSchemeRequired
hostsHosts array of all control plane hosts.[]HostConfigtrue

Back to Group

DNSConfig

DNSConfig contains a machine’s DNS configuration

FieldDescriptionSchemeRequired
serversServers[]stringtrue

Back to Group

DigitalOceanSpec

DigitalOceanSpec defines the DigitalOcean cloud provider

FieldDescriptionSchemeRequired

Back to Group

DynamicAuditLog

DynamicAuditLog feature flag

FieldDescriptionSchemeRequired
enableEnable Default value is false.boolfalse

Back to Group

DynamicWorkerConfig

DynamicWorkerConfig describes a set of worker machines

FieldDescriptionSchemeRequired
nameNamestringtrue
replicasReplicas*inttrue
providerSpecConfigProviderSpectrue

Back to Group

ExternalCNISpec

ExternalCNISpec defines the external CNI plugin. It’s up to the user’s responsibility to deploy the external CNI plugin manually or as an addon

FieldDescriptionSchemeRequired

Back to Group

Features

Features controls what features will be enabled on the cluster

FieldDescriptionSchemeRequired
podNodeSelectorPodNodeSelector*PodNodeSelectorfalse
podPresetsPodPresets*PodPresetsfalse
podSecurityPolicyPodSecurityPolicy*PodSecurityPolicyfalse
staticAuditLogStaticAuditLog*StaticAuditLogfalse
dynamicAuditLogDynamicAuditLog*DynamicAuditLogfalse
metricsServerMetricsServer*MetricsServerfalse
openidConnectOpenIDConnect*OpenIDConnectfalse

Back to Group

GCESpec

GCESpec defines the GCE cloud provider

FieldDescriptionSchemeRequired

Back to Group

HetznerSpec

HetznerSpec defines the Hetzner cloud provider

FieldDescriptionSchemeRequired
networkIDNetworkIDstringfalse

Back to Group

HostConfig

HostConfig describes a single control plane node.

FieldDescriptionSchemeRequired
publicAddressPublicAddress is externally accessible IP address from public internet.stringtrue
privateAddressPrivateAddress is internal RFC-1918 IP address.stringtrue
sshPortSSHPort is port to connect ssh to. Default value is 22.intfalse
sshUsernameSSHUsername is system login name. Default value is "root".stringfalse
sshPrivateKeyFileSSHPrivateKeyFile is path to the file with PRIVATE AND CLEANTEXT ssh key. Default value is "".stringfalse
sshAgentSocketSSHAgentSocket path (or reference to the environment) to the SSH agent unix domain socket. Default vaulue is "env:SSH_AUTH_SOCK".stringfalse
bastionBastion is an IP or hostname of the bastion (or jump) host to connect to. Default value is "".stringfalse
bastionPortBastionPort is SSH port to use when connecting to the bastion if it’s configured in .Bastion. Default value is 22.intfalse
bastionUserBastionUser is system login name to use when connecting to bastion host. Default value is "root".stringfalse
hostnameHostname is the hostname(1) of the host. Default value is populated at the runtime via running hostname -f command over ssh.stringfalse
isLeaderIsLeader indicates this host as a session leader. Default value is populated at the runtime.boolfalse
taintsTaints if not provided (i.e. nil) defaults to TaintEffectNoSchedule, with key node-role.kubernetes.io/master for control plane nodes. Explicitly empty (i.e. []corev1.Taint{}) means no taints will be applied (this is default for worker nodes).[]corev1.Taintfalse

Back to Group

ImageAsset

ImageAsset is used to customize the image repository and the image tag

FieldDescriptionSchemeRequired
imageRepositoryImageRepository customizes the registry/repositorystringfalse
imageTagImageTag customizes the image tagstringfalse

Back to Group

KubeOneCluster

KubeOneCluster is KubeOne Cluster API Schema

FieldDescriptionSchemeRequired
nameName is the name of the cluster.stringtrue
controlPlaneControlPlane describes the control plane nodes and how to access them.ControlPlaneConfigtrue
apiEndpointAPIEndpoint are pairs of address and port used to communicate with the Kubernetes API.APIEndpointtrue
cloudProviderCloudProvider configures the cloud provider specific features.CloudProviderSpectrue
versionsVersions defines which Kubernetes version will be installed.VersionConfigtrue
containerRuntimeContainerRuntime defines which container runtime will be installedContainerRuntimeConfigfalse
clusterNetworkClusterNetwork configures the in-cluster networking.ClusterNetworkConfigfalse
proxyProxy configures proxy used while installing Kubernetes and by the Docker daemon.ProxyConfigfalse
staticWorkersStaticWorkers describes the worker nodes that are managed by KubeOne/kubeadm.StaticWorkersConfigfalse
dynamicWorkersDynamicWorkers describes the worker nodes that are managed by Kubermatic machine-controller/Cluster-API.[]DynamicWorkerConfigfalse
machineControllerMachineController configures the Kubermatic machine-controller component.*MachineControllerConfigfalse
featuresFeatures enables and configures additional cluster features.Featuresfalse
addonsAddons are used to deploy additional manifests.*Addonsfalse
systemPackagesSystemPackages configure kubeone behaviour regarding OS packages.*SystemPackagesfalse
assetConfigurationAssetConfiguration configures how are binaries and container images downloadedAssetConfigurationfalse
registryConfigurationRegistryConfiguration configures how Docker images are pulled from an image registry*RegistryConfigurationfalse

Back to Group

MachineControllerConfig

MachineControllerConfig configures kubermatic machine-controller deployment

FieldDescriptionSchemeRequired
deployDeployboolfalse

Back to Group

MetricsServer

MetricsServer feature flag

FieldDescriptionSchemeRequired
enableEnable deployment of metrics-server. Default value is true.boolfalse

Back to Group

NoneSpec

NoneSpec defines a none provider

FieldDescriptionSchemeRequired

Back to Group

OpenIDConnect

OpenIDConnect feature flag

FieldDescriptionSchemeRequired
enableEnableboolfalse
configConfigOpenIDConnectConfigtrue

Back to Group

OpenIDConnectConfig

OpenIDConnectConfig config

FieldDescriptionSchemeRequired
issuerUrlIssuerURLstringtrue
clientIdClientIDstringtrue
usernameClaimUsernameClaimstringtrue
usernamePrefixUsernamePrefixstringtrue
groupsClaimGroupsClaimstringtrue
groupsPrefixGroupsPrefixstringtrue
requiredClaimRequiredClaimstringtrue
signingAlgsSigningAlgsstringtrue
caFileCAFilestringtrue

Back to Group

OpenstackSpec

OpenstackSpec defines the Openstack provider

FieldDescriptionSchemeRequired

Back to Group

PacketSpec

PacketSpec defines the Packet cloud provider

FieldDescriptionSchemeRequired

Back to Group

PodNodeSelector

PodNodeSelector feature flag

FieldDescriptionSchemeRequired
enableEnableboolfalse
configConfigPodNodeSelectorConfigtrue

Back to Group

PodNodeSelectorConfig

PodNodeSelectorConfig config

FieldDescriptionSchemeRequired
configFilePathConfigFilePath is a path on the local file system to the PodNodeSelector configuration file. ConfigFilePath is a required field. More info: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#podnodeselectorstringtrue

Back to Group

PodPresets

PodPresets feature flag

FieldDescriptionSchemeRequired
enableEnableboolfalse

Back to Group

PodSecurityPolicy

PodSecurityPolicy feature flag

FieldDescriptionSchemeRequired
enableEnableboolfalse

Back to Group

ProviderSpec

ProviderSpec describes a worker node

FieldDescriptionSchemeRequired
cloudProviderSpecCloudProviderSpecjson.RawMessagetrue
annotationsAnnotationsmap[string]stringfalse
labelsLabelsmap[string]stringfalse
taintsTaints[]corev1.Taintfalse
sshPublicKeysSSHPublicKeys[]stringfalse
operatingSystemOperatingSystemstringtrue
operatingSystemSpecOperatingSystemSpecjson.RawMessagefalse
networkNetwork*ProviderStaticNetworkConfigfalse
overwriteCloudConfigOverwriteCloudConfig*stringfalse

Back to Group

ProviderStaticNetworkConfig

ProviderStaticNetworkConfig contains a machine’s static network configuration

FieldDescriptionSchemeRequired
cidrCIDRstringtrue
gatewayGatewaystringtrue
dnsDNSDNSConfigtrue

Back to Group

ProxyConfig

ProxyConfig configures proxy for the Docker daemon and is used by KubeOne scripts

FieldDescriptionSchemeRequired
httpHTTPstringfalse
httpsHTTPSstringfalse
noProxyNoProxystringfalse

Back to Group

RegistryConfiguration

RegistryConfiguration controls how images used for components deployed by KubeOne and kubeadm are pulled from an image registry

FieldDescriptionSchemeRequired
overwriteRegistryOverwriteRegistry specifies a custom Docker registry which will be used for all images required for KubeOne and kubeadm. This also applies to addons deployed by KubeOne. This field doesn’t modify the user/organization part of the image. For example, if OverwriteRegistry is set to 127.0.0.1:5000/example, image called calico/cni would translate to 127.0.0.1:5000/example/calico/cni. Default: ""stringfalse
insecureRegistryInsecureRegistry configures Docker to threat the registry specified in OverwriteRegistry as an insecure registry. This is also propagated to the worker nodes managed by machine-controller and/or KubeOne.boolfalse

Back to Group

StaticAuditLog

StaticAuditLog feature flag

FieldDescriptionSchemeRequired
enableEnableboolfalse
configConfigStaticAuditLogConfigtrue

Back to Group

StaticAuditLogConfig

StaticAuditLogConfig config

FieldDescriptionSchemeRequired
policyFilePathPolicyFilePath is a path on local file system to the audit policy manifest which defines what events should be recorded and what data they should include. PolicyFilePath is a required field. More info: https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#audit-policystringtrue
logPathLogPath is path on control plane instances where audit log files are stored. Default value is /var/log/kubernetes/audit.logstringfalse
logMaxAgeLogMaxAge is maximum number of days to retain old audit log files. Default value is 30intfalse
logMaxBackupLogMaxBackup is maximum number of audit log files to retain. Default value is 3.intfalse
logMaxSizeLogMaxSize is maximum size in megabytes of audit log file before it gets rotated. Default value is 100.intfalse

Back to Group

StaticWorkersConfig

StaticWorkersConfig defines static worker nodes provisioned by KubeOne and kubeadm

FieldDescriptionSchemeRequired
hostsHosts[]HostConfigfalse

Back to Group

SystemPackages

SystemPackages controls configurations of APT/YUM

FieldDescriptionSchemeRequired
configureRepositoriesConfigureRepositories (true by default) is a flag to control automatic configuration of kubeadm / docker repositories.boolfalse

Back to Group

VersionConfig

VersionConfig describes the versions of components that are installed on the machines

FieldDescriptionSchemeRequired
kubernetesstringtrue

Back to Group

VsphereSpec

VsphereSpec defines the vSphere provider

FieldDescriptionSchemeRequired

Back to Group

WeaveNetSpec

WeaveNetSpec defines the WeaveNet CNI plugin

FieldDescriptionSchemeRequired
encryptedEncryptedboolfalse

Back to Group