Kubermatic CRDs Reference

Packages

apps.kubermatic.k8c.io/v1
kubermatic.k8c.io/v1

apps.kubermatic.k8c.io/v1

Resource Types

ApplicationDefinition
ApplicationDefinitionList
ApplicationInstallation
ApplicationInstallationList

AppNamespaceSpec

AppNamespaceSpec describe the desired state of the namespace where application will be created.

Appears in:

ApplicationInstallationSpec

Field	Description
`name` string	Name is the namespace to deploy the Application into. Should be a valid lowercase RFC1123 domain name
`create` boolean	Create defines whether the namespace should be created if it does not exist. Defaults to true
`labels` object (keys:string, values:string)	Labels of the namespace More info: http://kubernetes.io/docs/user-guide/labels
`annotations` object (keys:string, values:string)	Annotations of the namespace More info: http://kubernetes.io/docs/user-guide/annotations

ApplicationDefinition

ApplicationDefinition is the Schema for the applicationdefinitions API.

Appears in:

ApplicationDefinitionList

Field	Description
`apiVersion` string	`apps.kubermatic.k8c.io/v1`
`kind` string	`ApplicationDefinition`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` ApplicationDefinitionSpec

ApplicationDefinitionList

ApplicationDefinitionList contains a list of ApplicationDefinition.

Field	Description
`apiVersion` string	`apps.kubermatic.k8c.io/v1`
`kind` string	`ApplicationDefinitionList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` ApplicationDefinition array

ApplicationDefinitionSpec

ApplicationDefinitionSpec defines the desired state of ApplicationDefinition.

Appears in:

ApplicationDefinition

Field	Description
`description` string	Description of the application. what is its purpose
`method` TemplateMethod	Method used to install the application
`defaultValues` RawExtension	DefaultValues describe overrides for manifest-rendering in UI when creating an application.
`defaultDeployOptions` DeployOptions	DefaultDeployOptions holds the settings specific to the templating method used to deploy the application. These settings can be overridden in applicationInstallation.
`versions` ApplicationVersion array	Available version for this application

ApplicationInstallation

ApplicationInstallation describes a single installation of an Application.

Appears in:

ApplicationInstallationList

Field	Description
`apiVersion` string	`apps.kubermatic.k8c.io/v1`
`kind` string	`ApplicationInstallation`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` ApplicationInstallationSpec
`status` ApplicationInstallationStatus

ApplicationInstallationCondition

Appears in:

ApplicationInstallationStatus

Field	Description
`status` ConditionStatus	Status of the condition, one of True, False, Unknown.
`lastHeartbeatTime` Time	Last time we got an update on a given condition.
`lastTransitionTime` Time	Last time the condition transit from one status to another.
`reason` string	(brief) reason for the condition’s last transition.
`message` string	Human readable message indicating details about last transition.
`observedGeneration` integer	observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.

ApplicationInstallationConditionType

Underlying type: string

swagger:enum ApplicationInstallationConditionType All condition types must be registered within the AllApplicationInstallationConditionTypes variable.

Appears in:

ApplicationInstallationStatus

ApplicationInstallationList

ApplicationInstallationList is a list of ApplicationInstallations.

Field	Description
`apiVersion` string	`apps.kubermatic.k8c.io/v1`
`kind` string	`ApplicationInstallationList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` ApplicationInstallation array

ApplicationInstallationSpec

Appears in:

ApplicationInstallation

Field	Description
`namespace` AppNamespaceSpec	Namespace describe the desired state of the namespace where application will be created.
`applicationRef` ApplicationRef	ApplicationRef is a reference to identify which Application should be deployed
`values` RawExtension	Values describe overrides for manifest-rendering. It’s a free yaml field.
`reconciliationInterval` Duration	ReconciliationInterval is the interval at which to force the reconciliation of the application. By default, Applications are only reconciled on changes on spec, annotations, or the parent application definition. Meaning that if the user manually deletes the workload deployed by the application, nothing will happen until the application CR change.
Setting a value greater than zero force reconciliation even if no changes occurred on application CR. Setting a value equal to 0 disables the force reconciliation of the application (default behavior). Setting this too low can cause a heavy load and may disrupt your application workload depending on the template method.
`deployOptions` DeployOptions	DeployOptions holds the settings specific to the templating method used to deploy the application.

ApplicationInstallationStatus

ApplicationInstallationStatus denotes status information about an ApplicationInstallation.

Appears in:

ApplicationInstallation

Field	Description
`conditions` object (keys:ApplicationInstallationConditionType, values:ApplicationInstallationCondition)	Conditions contains conditions an installation is in, its primary use case is status signaling between controllers or between controllers and the API
`applicationVersion` ApplicationVersion	ApplicationVersion contains information installing / removing application
`method` TemplateMethod	Method used to install the application
`helmRelease` HelmRelease	HelmRelease holds the information about the helm release installed by this application. This field is only filled if template method is ‘helm’.
`failures` integer	Failures counts the number of failed installation or updagrade. it is reset on successful reconciliation.

ApplicationRef

ApplicationRef describes a KKP-wide, unique reference to an Application.

Appears in:

ApplicationInstallationSpec

Field	Description
`name` string	Name of the Application. Should be a valid lowercase RFC1123 domain name
`version` string	Version of the Application. Must be a valid SemVer version

ApplicationSource

Appears in:

ApplicationTemplate

Field	Description
`helm` HelmSource	Install Application from a Helm repository
`git` GitSource	Install application from a Git repository

ApplicationTemplate

Appears in:

ApplicationVersion

Field	Description
`source` ApplicationSource	Defined how the source of the application (e.g Helm chart) is retrieved. Exactly one type of source must be defined.
`templateCredentials` DependencyCredentials	DependencyCredentials holds the credentials that may be needed for templating the application.

ApplicationVersion

Appears in:

ApplicationDefinitionSpec
ApplicationInstallationStatus

Field	Description
`version` string	Version of the application (e.g. v1.2.3)
`template` ApplicationTemplate	Template defines how application is installed (source provenance, Method…)

DependencyCredentials

Appears in:

ApplicationTemplate

Field	Description
`helmCredentials` HelmCredentials	HelmCredentials holds the ref to the secret with helm credentials needed to build helm dependencies. It is not required when using helm as a source, as dependencies are already prepackaged in this case. It’s either username / password or a registryConfigFile can be defined.

DeployOptions

DeployOptions holds the settings specific to the templating method used to deploy the application.

Appears in:

ApplicationDefinitionSpec
ApplicationInstallationSpec

Field	Description
`helm` HelmDeployOptions

GitCredentials

Appears in:

GitSource

Field	Description
`method` GitAuthMethod	Authentication method. Either password or token or ssh-key. if method is password then username and password must be defined. if method is token then token must be defined. if method is ssh-key then ssh-key must be defined.
`username` SecretKeySelector	Username holds the ref and key in the secret for the username credential. The Secret must exist in the namespace where KKP is installed (default is “kubermatic”). The Secret must be annotated with `apps.kubermatic.k8c.io/secret-type:` set to helm or git
`password` SecretKeySelector	Password holds the ref and key in the secret for the Password credential. The Secret must exist in the namespace where KKP is installed (default is “kubermatic”). The Secret must be annotated with `apps.kubermatic.k8c.io/secret-type:` set to helm or git
`token` SecretKeySelector	Token holds the ref and key in the secret for the token credential. The Secret must exist in the namespace where KKP is installed (default is “kubermatic”). The Secret must be annotated with `apps.kubermatic.k8c.io/secret-type:` set to helm or git
`sshKey` SecretKeySelector	SSHKey holds the ref and key in the secret for the SshKey credential. The Secret must exist in the namespace where KKP is installed (default is “kubermatic”). The Secret must be annotated with `apps.kubermatic.k8c.io/secret-type:` set to helm or git

GitReference

Appears in:

GitSource

Field	Description
`branch` string	Branch to checkout. Only the last commit of the branch will be checkout in order to reduce the amount of data to download.
`commit` string	Commit SHA in a Branch to checkout.
It must be used in conjunction with branch field.
`tag` string	Tag to check out. It can not be used in conjunction with commit or branch.

GitSource

Appears in:

ApplicationSource

Field	Description
`remote` string	URL to the repository. Can be HTTP(s) (e.g. https://example.com/myrepo) or SSH (e.g. git://example.com[:port]/path/to/repo.git/)
`ref` GitReference	Git reference to checkout. For large repositories, we recommend to either use Tag, Branch or Branch+Commit. This allows a shallow clone, which dramatically speeds up performance
`path` string	Path of the “source” in the repository. default is repository root
`credentials` GitCredentials	Credentials are optional and holds the git credentials

HelmCredentials

Appears in:

DependencyCredentials
HelmSource

Field	Description
`username` SecretKeySelector	Username holds the ref and key in the secret for the username credential. The Secret must exist in the namespace where KKP is installed (default is “kubermatic”). The Secret must be annotated with `apps.kubermatic.k8c.io/secret-type:` set to helm or git
`password` SecretKeySelector	Password holds the ref and key in the secret for the Password credential. The Secret must exist in the namespace where KKP is installed (default is “kubermatic”). The Secret must be annotated with `apps.kubermatic.k8c.io/secret-type:` set to helm or git
`registryConfigFile` SecretKeySelector	RegistryConfigFile holds the ref and key in the secret for the registry credential file. The value is dockercfg file that follows the same format rules as ~/.docker/config.json The The Secret must exist in the namespace where KKP is installed (default is “kubermatic”). The Secret must be annotated with `apps.kubermatic.k8c.io/secret-type:` set to helm or git

HelmDeployOptions

HelmDeployOptions holds the deployment settings when templating method is Helm.

Appears in:

DeployOptions

Field	Description
`wait` boolean	Wait corresponds to the –wait flag on Helm cli. if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. It will wait for as long as timeout
`timeout` Duration	Timeout corresponds to the –timeout flag on Helm cli. time to wait for any individual Kubernetes operation.
`atomic` boolean	Atomic corresponds to the –atomic flag on Helm cli. if set, the installation process deletes the installation on failure; the upgrade process rolls back changes made in case of failed upgrade.
`enableDNS` boolean	EnableDNS corresponds to the –enable-dns flag on Helm cli. enable DNS lookups when rendering templates. if you enable this flag, you have to verify that helm template function ‘getHostByName’ is not being used in a chart to disclose any information you do not want to be passed to DNS servers.(c.f. CVE-2023-25165)

HelmRelease

Appears in:

ApplicationInstallationStatus

Field	Description
`name` string	Name is the name of the release.
`version` integer	Version is an int which represents the revision of the release.
`info` HelmReleaseInfo	Info provides information about a release.

HelmReleaseInfo

HelmReleaseInfo describes release information. tech note: we can not use release.Info from Helm because the underlying type used for time has no json tag.

Appears in:

HelmRelease

Field	Description
`firstDeployed` Time	FirstDeployed is when the release was first deployed.
`lastDeployed` Time	LastDeployed is when the release was last deployed.
`deleted` Time	Deleted tracks when this object was deleted.
`description` string	Description is human-friendly “log entry” about this release.
`status` Status	Status is the current state of the release.
`notes` string	Notes is the rendered templates/NOTES.txt if available.

HelmSource

Appears in:

ApplicationSource

Field	Description
`url` string	URl of the helm repository. It can be an HTTP(s) repository (e.g. https://localhost/myrepo) or on OCI repository (e.g. oci://localhost:5000/myrepo).
`chartName` string	Name of the Chart.
`chartVersion` string	Version of the Chart.
`credentials` HelmCredentials	Credentials are optional and hold the ref to the secret with helm credentials. Either username / Password or registryConfigFile can be defined.

kubermatic.k8c.io/v1

Resource Types

Addon
AddonConfig
AddonConfigList
AddonList
AdmissionPlugin
AdmissionPluginList
Alertmanager
AlertmanagerList
AllowedRegistry
AllowedRegistryList
Cluster
ClusterList
ClusterTemplate
ClusterTemplateInstance
ClusterTemplateInstanceList
ClusterTemplateList
Constraint
ConstraintList
ConstraintTemplate
ConstraintTemplateList
EtcdBackupConfig
EtcdBackupConfigList
EtcdRestore
EtcdRestoreList
ExternalCluster
ExternalClusterList
GroupProjectBinding
GroupProjectBindingList
IPAMAllocation
IPAMAllocationList
IPAMPool
IPAMPoolList
KubermaticConfiguration
KubermaticConfigurationList
KubermaticSetting
KubermaticSettingList
MLAAdminSetting
MLAAdminSettingList
Preset
PresetList
Project
ProjectList
ResourceQuota
ResourceQuotaList
RuleGroup
RuleGroupList
Seed
SeedList
User
UserList
UserProjectBinding
UserProjectBindingList
UserSSHKey
UserSSHKeyList

AKS

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`tenantID` string
`subscriptionID` string
`clientID` string
`clientSecret` string

APIServerSettings

Appears in:

ComponentSettings

Field	Description
`replicas` integer
`resources` ResourceRequirements
`tolerations` Toleration array
`endpointReconcilingDisabled` boolean
`nodePortRange` string

AWS

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`accessKeyID` string	Access Key ID to authenticate against AWS.
`secretAccessKey` string	Secret Access Key to authenticate against AWS.
`assumeRoleARN` string
`assumeRoleExternalID` string
`vpcID` string	AWS VPC to use. Must be configured.
`routeTableID` string	Route table to use. This can be configured, but if left empty will be automatically filled in during reconciliation.
`instanceProfileName` string	Instance profile to use. This can be configured, but if left empty will be automatically filled in during reconciliation.
`securityGroupID` string	Security group to use. This can be configured, but if left empty will be automatically filled in during reconciliation.
`roleARN` string	ARN to use. This can be configured, but if left empty will be automatically filled in during reconciliation.

AWSCloudSpec

AWSCloudSpec specifies access data to Amazon Web Services.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`accessKeyID` string
`secretAccessKey` string
`assumeRoleARN` string
`assumeRoleExternalID` string
`vpcID` string
`roleARN` string	The IAM role, the control plane will use. The control plane will perform an assume-role
`routeTableID` string
`instanceProfileName` string
`securityGroupID` string
`nodePortsAllowedIPRange` string	A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.
`nodePortsAllowedIPRanges` NetworkRanges	Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.
`disableIAMReconciling` boolean	DisableIAMReconciling is used to disable reconciliation for IAM related configuration. This is useful in air-gapped setups where access to IAM service is not possible.

Addon

Addon specifies a cluster addon. Addons can be installed into user clusters to provide additional manifests for CNIs, CSIs or other applications, which makes addons a necessary component to create functioning user clusters. Addon objects must be created inside cluster namespaces.

Appears in:

AddonList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`Addon`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` AddonSpec	Spec describes the desired addon state.
`status` AddonStatus	Status contains information about the reconciliation status.

AddonCondition

Appears in:

AddonStatus

Field	Description
`status` ConditionStatus	Status of the condition, one of True, False, Unknown.
`lastHeartbeatTime` Time	Last time we got an update on a given condition.
`lastTransitionTime` Time	Last time the condition transitioned from one status to another.

AddonConditionType

Underlying type: string

Appears in:

AddonStatus

AddonConfig

AddonConfig specifies addon configuration. Addons can be installed without a matching AddonConfig, but they will be missing a logo, description and the potentially necessary form fields in the KKP dashboard to make the addon comfortable to use.

Appears in:

AddonConfigList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`AddonConfig`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` AddonConfigSpec

AddonConfigList

AddonConfigList is a list of addon configs.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`AddonConfigList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` AddonConfig array

AddonConfigSpec

AddonConfigSpec specifies configuration of addon.

Appears in:

AddonConfig

Field	Description
`shortDescription` string	ShortDescription of the configured addon that contains more detailed information about the addon, it will be displayed in the addon details view in the UI
`description` string	Description of the configured addon, it will be displayed in the addon overview in the UI
`logo` string	Logo of the configured addon, encoded in base64
`logoFormat` string	LogoFormat contains logo format of the configured addon, i.e. svg+xml
`formSpec` AddonFormControl array	Controls that can be set for configured addon

AddonFormControl

AddonFormControl specifies addon form control.

Appears in:

AddonConfigSpec

Field	Description
`displayName` string	DisplayName is visible in the UI
`internalName` string	InternalName is used internally to save in the addon object
`helpText` string	HelpText is visible in the UI next to the control
`required` boolean	Required indicates if the control has to be set
`type` string	Type of displayed control

AddonList

AddonList is a list of addons.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`AddonList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` Addon array

AddonSpec

AddonSpec specifies details of an addon.

Appears in:

Addon

Field	Description
`name` string	Name defines the name of the addon to install
`cluster` ObjectReference	Cluster is the reference to the cluster the addon should be installed in
`variables` RawExtension	Variables is free form data to use for parsing the manifest templates
`requiredResourceTypes` GroupVersionKind array	RequiredResourceTypes allows to indicate that this addon needs some resource type before it can be installed. This can be used to indicate that a specific CRD and/or extension apiserver must be installed before this addon can be installed. The addon will not be installed until that resource is served.
`isDefault` boolean	IsDefault indicates whether the addon is installed because it was configured in the default addon section in the KubermaticConfiguration. User-installed addons must not set this field to true, as extra default Addon objects (that are not in the KubermaticConfiguration) will be garbage-collected.

AddonStatus

AddonStatus contains information about the reconciliation status.

Appears in:

Addon

Field	Description
`conditions` object (keys:AddonConditionType, values:AddonCondition)

AdmissionPlugin

AdmissionPlugin is the type representing a AdmissionPlugin.

Appears in:

AdmissionPluginList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`AdmissionPlugin`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` AdmissionPluginSpec

AdmissionPluginList

AdmissionPluginList is the type representing a AdmissionPluginList.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`AdmissionPluginList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` AdmissionPlugin array	List of Admission Plugins

AdmissionPluginSpec

AdmissionPluginSpec specifies admission plugin name and from which k8s version is supported.

Appears in:

AdmissionPlugin

Field	Description
`pluginName` string
`fromVersion` Semver	FromVersion flag can be empty. It means the plugin fit to all k8s versions

Alertmanager

Appears in:

AlertmanagerList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`Alertmanager`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` AlertmanagerSpec
`status` AlertmanagerStatus

AlertmanagerConfigurationStatus

AlertmanagerConfigurationStatus stores status information about the AlertManager configuration.

Appears in:

AlertmanagerStatus

Field	Description
`lastUpdated` Time	LastUpdated stores the last successful time when the configuration was successfully applied
`status` ConditionStatus	Status of whether the configuration was applied, one of True, False
`errorMessage` string	ErrorMessage contains a default error message in case the configuration could not be applied. Will be reset if the error was resolved and condition becomes True

AlertmanagerList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`AlertmanagerList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` Alertmanager array

AlertmanagerSpec

Appears in:

Alertmanager

Field	Description
`configSecret` LocalObjectReference	ConfigSecret refers to the Secret in the same namespace as the Alertmanager object, which contains configuration for this Alertmanager.

AlertmanagerStatus

AlertmanagerStatus stores status information about the AlertManager.

Appears in:

Alertmanager

Field	Description
`configStatus` AlertmanagerConfigurationStatus

Alibaba

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`accessKeyID` string	Access Key ID to authenticate against Alibaba.
`accessKeySecret` string	Access Key Secret to authenticate against Alibaba.

AlibabaCloudSpec

AlibabaCloudSpec specifies the access data to Alibaba.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`accessKeyID` string
`accessKeySecret` string

AllowedRegistry

AllowedRegistry is the object representing an allowed registry.

Appears in:

AllowedRegistryList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`AllowedRegistry`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` AllowedRegistrySpec

AllowedRegistryList

AllowedRegistryList specifies a list of allowed registries.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`AllowedRegistryList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` AllowedRegistry array

AllowedRegistrySpec

AllowedRegistrySpec specifies the data for allowed registry spec.

Appears in:

AllowedRegistry

Field	Description
`registryPrefix` string	RegistryPrefix contains the prefix of the registry which will be allowed. User clusters will be able to deploy only images which are prefixed with one of the allowed image registry prefixes.

Anexia

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`token` string	Token is used to authenticate with the Anexia API.

AnexiaCloudSpec

AnexiaCloudSpec specifies the access data to Anexia.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`token` string

ApplicationSettings

Appears in:

ClusterSpec

Field	Description
`cacheSize` Quantity	CacheSize is the size of the cache used to download application’s sources.

AuditLoggingSettings

AuditLoggingSettings configures audit logging functionality.

Appears in:

ClusterSpec

Field	Description
`enabled` boolean	Enabled will enable or disable audit logging.
`policyPreset` AuditPolicyPreset	Optional: PolicyPreset can be set to utilize a pre-defined set of audit policy rules.
`sidecar` AuditSidecarSettings	Optional: Configures the fluent-bit sidecar deployed alongside kube-apiserver.

AuditSidecarConfiguration

AuditSidecarConfiguration defines custom configuration for the fluent-bit sidecar deployed with a kube-apiserver. Also see https://docs.fluentbit.io/manual/v/1.8/administration/configuring-fluent-bit/configuration-file.

Appears in:

AuditSidecarSettings

Field	Description
`service` object (keys:string, values:string)
`filters` object array
`outputs` object array

AuditSidecarSettings

Appears in:

AuditLoggingSettings

Field	Description
`resources` ResourceRequirements
`config` AuditSidecarConfiguration

Azure

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`tenantID` string
`subscriptionID` string
`clientID` string
`clientSecret` string
`resourceGroup` string
`vnetResourceGroup` string
`vnet` string
`subnet` string
`routeTable` string
`securityGroup` string
`loadBalancerSKU` LBSKU	LoadBalancerSKU sets the LB type that will be used for the Azure cluster, possible values are “basic” and “standard”, if empty, “basic” will be used

AzureCloudSpec

AzureCloudSpec defines cloud resource references for Microsoft Azure.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector	CredentialsReference allows referencing a `Secret` resource instead of passing secret data in this spec.
`tenantID` string	TenantID is the Azure Active Directory Tenant used for this cluster. Can be read from `credentialsReference` instead.
`subscriptionID` string	SubscriptionID is the Azure Subscription used for this cluster. Can be read from `credentialsReference` instead.
`clientID` string	ClientID is the service principal used to access Azure. Can be read from `credentialsReference` instead.
`clientSecret` string	ClientSecret is the client secret corresponding to the given service principal. Can be read from `credentialsReference` instead.
`resourceGroup` string	The resource group that will be used to look up and create resources for the cluster in. If set to empty string at cluster creation, a new resource group will be created and this field will be updated to the generated resource group’s name.
`vnetResourceGroup` string	Optional: VNetResourceGroup optionally defines a second resource group that will be used for VNet related resources instead. If left empty, NO additional resource group will be created and all VNet related resources use the resource group defined by `resourceGroup`.
`vnet` string	The name of the VNet resource used for setting up networking in. If set to empty string at cluster creation, a new VNet will be created and this field will be updated to the generated VNet’s name.
`subnet` string	The name of a subnet in the VNet referenced by `vnet`. If set to empty string at cluster creation, a new subnet will be created and this field will be updated to the generated subnet’s name. If no VNet is defined at cluster creation, this field should be empty as well.
`routeTable` string	The name of a route table associated with the subnet referenced by `subnet`. If set to empty string at cluster creation, a new route table will be created and this field will be updated to the generated route table’s name. If no subnet is defined at cluster creation, this field should be empty as well.
`securityGroup` string	The name of a security group associated with the subnet referenced by `subnet`. If set to empty string at cluster creation, a new security group will be created and this field will be updated to the generated security group’s name. If no subnet is defined at cluster creation, this field should be empty as well.
`nodePortsAllowedIPRange` string	A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.
`nodePortsAllowedIPRanges` NetworkRanges	Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.
`assignAvailabilitySet` boolean	Optional: AssignAvailabilitySet determines whether KKP creates and assigns an AvailabilitySet to machines. Defaults to `true` internally if not set.
`availabilitySet` string	An availability set that will be associated with nodes created for this cluster. If this field is set to empty string at cluster creation and `AssignAvailabilitySet` is set to `true`, a new availability set will be created and this field will be updated to the generated availability set’s name.
`loadBalancerSKU` LBSKU

BackupDestination

BackupDestination defines the bucket name and endpoint as a backup destination, and holds reference to the credentials secret.

Appears in:

EtcdBackupRestore

Field	Description
`endpoint` string	Endpoint is the API endpoint to use for backup and restore.
`bucketName` string	BucketName is the bucket name to use for backup and restore.
`credentials` SecretReference	Credentials hold the ref to the secret with backup credentials

BackupStatus

Appears in:

EtcdBackupConfigStatus

Field	Description
`scheduledTime` Time	ScheduledTime will always be set when the BackupStatus is created, so it’ll never be nil
`backupName` string
`jobName` string
`backupStartTime` Time
`backupFinishedTime` Time
`backupPhase` BackupStatusPhase
`backupMessage` string
`deleteJobName` string
`deleteStartTime` Time
`deleteFinishedTime` Time
`deletePhase` BackupStatusPhase
`deleteMessage` string

BackupStatusPhase

Underlying type: string

Appears in:

BackupStatus

BringYourOwnCloudSpec

BringYourOwnCloudSpec specifies access data for a bring your own cluster.

Appears in:

CloudSpec

CNIPluginSettings

CNIPluginSettings contains the spec of the CNI plugin used by the Cluster.

Appears in:

ClusterSpec

Field	Description
`type` CNIPluginType	Type is the CNI plugin type to be used.
`version` string	Version defines the CNI plugin version to be used. This varies by chosen CNI plugin type.

CNIPluginType

Underlying type: string

CNIPluginType defines the type of CNI plugin installed. Possible values are canal, cilium or none.

Appears in:

CNIPluginSettings

CleanupOptions

Appears in:

SettingSpec

Field	Description
`enabled` boolean	Enable checkboxes that allow the user to ask for LoadBalancers and PVCs to be deleted in order to not leave potentially expensive resources behind.
`enforced` boolean	If enforced is set to true, the cleanup of LoadBalancers and PVCs is enforced.

CloudSpec

CloudSpec stores configuration options for a given cloud provider. Provider specs are mutually exclusive.

Appears in:

ClusterSpec

Field	Description
`dc` string	DatacenterName states the name of a cloud provider “datacenter” (defined in `Seed` resources) this cluster should be deployed into.
`providerName` string	ProviderName is the name of the cloud provider used for this cluster. This must match the given provider spec (e.g. if the providerName is “aws”, then the `aws` field must be set).
`digitalocean` DigitaloceanCloudSpec
`bringyourown` BringYourOwnCloudSpec
`aws` AWSCloudSpec
`azure` AzureCloudSpec
`openstack` OpenstackCloudSpec
`packet` PacketCloudSpec
`hetzner` HetznerCloudSpec
`vsphere` VSphereCloudSpec
`gcp` GCPCloudSpec
`kubevirt` KubevirtCloudSpec
`alibaba` AlibabaCloudSpec
`anexia` AnexiaCloudSpec
`nutanix` NutanixCloudSpec
`vmwareclouddirector` VMwareCloudDirectorCloudSpec

Cluster

Cluster represents a Kubermatic Kubernetes Platform user cluster. Cluster objects exist on Seed clusters and each user cluster consists of a namespace containing the Kubernetes control plane and additional pods (like Prometheus or the machine-controller).

Appears in:

ClusterList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`Cluster`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` ClusterSpec	Spec describes the desired cluster state.
`status` ClusterStatus	Status contains reconciliation information for the cluster.

ClusterAddress

ClusterAddress stores access and address information of a cluster.

Appears in:

ClusterStatus

Field	Description
`url` string	URL under which the Apiserver is available
`port` integer	Port is the port the API server listens on
`externalName` string	ExternalName is the DNS name for this cluster
`internalURL` string	InternalName is the seed cluster internal absolute DNS name to the API server
`adminToken` string	AdminToken is the token for the kubeconfig, the user can download
`ip` string	IP is the external IP under which the apiserver is available

ClusterCondition

Appears in:

ClusterStatus

Field	Description
`status` ConditionStatus	Status of the condition, one of True, False, Unknown.
`kubermaticVersion` string	KubermaticVersion current kubermatic version.
`lastHeartbeatTime` Time	Last time we got an update on a given condition.
`lastTransitionTime` Time	Last time the condition transit from one status to another.
`reason` string	(brief) reason for the condition’s last transition.
`message` string	Human readable message indicating details about last transition.

ClusterConditionType

Underlying type: string

ClusterConditionType is used to indicate the type of a cluster condition. For all condition types, the true value must indicate success. All condition types must be registered within the AllClusterConditionTypes variable.

Appears in:

ClusterStatus

ClusterEncryptionPhase

Underlying type: string

Appears in:

ClusterEncryptionStatus

ClusterEncryptionStatus

ClusterEncryptionStatus holds status information about the encryption-at-rest feature on the user cluster.

Appears in:

ClusterStatus

Field	Description
`activeKey` string	The current “primary” key used to encrypt data written to etcd. Secondary keys that can be used for decryption (but not encryption) might be configured in the ClusterSpec.
`encryptedResources` string array	List of resources currently encrypted.
`phase` ClusterEncryptionPhase	The current phase of the encryption process. Can be one of `Pending`, `Failed`, `Active` or `EncryptionNeeded`. The `encryption_controller` logic will process the cluster based on the current phase and issue necessary changes to make sure encryption on the cluster is active and updated with what the ClusterSpec defines.

ClusterList

ClusterList specifies a list of user clusters.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ClusterList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` Cluster array

ClusterNetworkingConfig

ClusterNetworkingConfig specifies the different networking parameters for a cluster.

Appears in:

ClusterSpec

Field	Description
`ipFamily` IPFamily	Optional: IP family used for cluster networking. Supported values are “”, “IPv4” or “IPv4+IPv6”. Can be omitted / empty if pods and services network ranges are specified. In that case it defaults according to the IP families of the provided network ranges. If neither ipFamily nor pods & services network ranges are specified, defaults to “IPv4”.
`services` NetworkRanges	The network ranges from which service VIPs are allocated. It can contain one IPv4 and/or one IPv6 CIDR. If both address families are specified, the first one defines the primary address family.
`pods` NetworkRanges	The network ranges from which POD networks are allocated. It can contain one IPv4 and/or one IPv6 CIDR. If both address families are specified, the first one defines the primary address family.
`nodeCidrMaskSizeIPv4` integer	NodeCIDRMaskSizeIPv4 is the mask size used to address the nodes within provided IPv4 Pods CIDR. It has to be larger than the provided IPv4 Pods CIDR. Defaults to 24.
`nodeCidrMaskSizeIPv6` integer	NodeCIDRMaskSizeIPv6 is the mask size used to address the nodes within provided IPv6 Pods CIDR. It has to be larger than the provided IPv6 Pods CIDR. Defaults to 64.
`dnsDomain` string	Domain name for services.
`proxyMode` string	ProxyMode defines the kube-proxy mode (“ipvs” / “iptables” / “ebpf”). Defaults to “ipvs”. “ebpf” disables kube-proxy and requires CNI support.
`ipvs` IPVSConfiguration	IPVS defines kube-proxy ipvs configuration options
`nodeLocalDNSCacheEnabled` boolean	NodeLocalDNSCacheEnabled controls whether the NodeLocal DNS Cache feature is enabled. Defaults to true.
`coreDNSReplicas` integer	CoreDNSReplicas is the number of desired pods of user cluster coredns deployment.
`konnectivityEnabled` boolean	KonnectivityEnabled enables konnectivity for controlplane to node network communication.
`tunnelingAgentIP` string	TunnelingAgentIP is the address used by the tunneling agents

ClusterPhase

Underlying type: string

Appears in:

ClusterStatus

ClusterSpec

ClusterSpec describes the desired state of a user cluster.

Appears in:

Cluster
ClusterTemplate

Field	Description
`humanReadableName` string	HumanReadableName is the cluster name provided by the user.
`version` Semver	Version defines the wanted version of the control plane.
`cloud` CloudSpec	Cloud contains information regarding the cloud provider that is responsible for hosting the cluster’s workload.
`containerRuntime` string	ContainerRuntime to use, i.e. `docker` or `containerd`. By default `containerd` will be used.
`imagePullSecret` SecretReference	Optional: ImagePullSecret references a secret with container registry credentials. This is passed to the machine-controller which sets the registry credentials on node level.
`cniPlugin` CNIPluginSettings
`clusterNetwork` ClusterNetworkingConfig
`machineNetworks` MachineNetworkingConfig array
`exposeStrategy` ExposeStrategy	ExposeStrategy is the strategy used to expose a cluster control plane.
`apiServerAllowedIPRanges` NetworkRanges	Optional: APIServerAllowedIPRanges is a list of IP ranges allowed to access the API server. Applicable only if the expose strategy of the cluster is LoadBalancer. If not configured, access to the API server is unrestricted.
`componentsOverride` ComponentSettings	Optional: Component specific overrides that allow customization of control plane components.
`oidc` OIDCSettings
`features` object (keys:string, values:boolean)	A map of optional or early-stage features that can be enabled for the user cluster. Some feature gates cannot be disabled after being enabled. The available feature gates vary based on KKP version, Kubernetes version and Seed configuration. Please consult the KKP documentation for specific feature gates.
`updateWindow` UpdateWindow	Optional: UpdateWindow configures automatic update systems to respect a maintenance window for applying OS updates to nodes. This is only respected on Flatcar nodes currently.
`usePodSecurityPolicyAdmissionPlugin` boolean	Enables the admission plugin `PodSecurityPolicy`. This plugin is deprecated by Kubernetes.
`usePodNodeSelectorAdmissionPlugin` boolean	Enables the admission plugin `PodNodeSelector`. Needs additional configuration via the `podNodeSelectorAdmissionPluginConfig` field.
`useEventRateLimitAdmissionPlugin` boolean	Enables the admission plugin `EventRateLimit`. Needs additional configuration via the `eventRateLimitConfig` field. This plugin is considered “alpha” by Kubernetes.
`admissionPlugins` string array	A list of arbitrary admission plugin names that are passed to kube-apiserver. Must not include admission plugins that can be enabled via a separate setting.
`podNodeSelectorAdmissionPluginConfig` object (keys:string, values:string)	Optional: Provides configuration for the PodNodeSelector admission plugin (needs plugin enabled via `usePodNodeSelectorAdmissionPlugin`). It’s used by the backend to create a configuration file for this plugin. The key:value from this map is converted to : in the file. Use `clusterDefaultNodeSelector` as key to configure a default node selector.
`eventRateLimitConfig` EventRateLimitConfig	Optional: Configures the EventRateLimit admission plugin (if enabled via `useEventRateLimitAdmissionPlugin`) to create limits on Kubernetes event generation. The EventRateLimit plugin is capable of comparing and rate limiting incoming `Events` based on several configured buckets.
`enableUserSSHKeyAgent` boolean	Optional: Deploys the UserSSHKeyAgent to the user cluster. This field is immutable. If enabled, the agent will be deployed and used to sync user ssh keys attached by users to the cluster. No SSH keys will be synced after node creation if this is disabled.
`enableOperatingSystemManager` boolean	Optional: Enables operating-system-manager (OSM), which is responsible for creating and managing worker node configuration. This field is enabled(true) by default.
`kubernetesDashboard` KubernetesDashboard	KubernetesDashboard holds the configuration for the kubernetes-dashboard component.
`auditLogging` AuditLoggingSettings	Optional: AuditLogging configures Kubernetes API audit logging (https://kubernetes.io/docs/tasks/debug-application-cluster/audit/) for the user cluster.
`opaIntegration` OPAIntegrationSettings	Optional: OPAIntegration is a preview feature that enables OPA integration for the cluster. Enabling it causes OPA Gatekeeper and its resources to be deployed on the user cluster. By default it is disabled.
`serviceAccount` ServiceAccountSettings	Optional: ServiceAccount contains service account related settings for the user cluster’s kube-apiserver.
`mla` MLASettings	Optional: MLA contains monitoring, logging and alerting related settings for the user cluster.
`applicationSettings` ApplicationSettings	Optional: ApplicationSettings contains the settings relative to the application feature.
`encryptionConfiguration` EncryptionConfiguration	Optional: Configures encryption-at-rest for Kubernetes API data. This needs the `encryptionAtRest` feature gate.
`pause` boolean	If this is set to true, the cluster will not be reconciled by KKP. This indicates that the user needs to do some action to resolve the pause.
`pauseReason` string	PauseReason is the reason why the cluster is not being managed. This field is for informational purpose only and can be set by a user or a controller to communicate the reason for pausing the cluster.
`debugLog` boolean	Enables more verbose logging in KKP’s user-cluster-controller-manager.

ClusterStatus

ClusterStatus stores status information about a cluster.

Appears in:

Cluster

Field	Description
`address` ClusterAddress	Address contains the IPs/URLs to access the cluster control plane.
`lastUpdated` Time
`extendedHealth` ExtendedClusterHealth	ExtendedHealth exposes information about the current health state. Extends standard health status for new states.
`lastProviderReconciliation` Time	LastProviderReconciliation is the time when the cloud provider resources were last fully reconciled (during normal cluster reconciliation, KKP does not re-check things like security groups, networks etc.).
`namespaceName` string	NamespaceName defines the namespace the control plane of this cluster is deployed in.
`versions` ClusterVersionsStatus	Versions contains information regarding the current and desired versions of the cluster control plane and worker nodes.
`userName` string	Deprecated: UserName contains the name of the owner of this cluster. This field is not actively used and will be removed in the future.
`userEmail` string	UserEmail contains the email of the owner of this cluster. During cluster creation only, this field will be used to bind the `cluster-admin` `ClusterRole` to a cluster owner.
`errorReason` ClusterStatusError	ErrorReason contains a error reason in case the controller encountered an error. Will be reset if the error was resolved.
`errorMessage` string	ErrorMessage contains a default error message in case the controller encountered an error. Will be reset if the error was resolved.
`conditions` object (keys:ClusterConditionType, values:ClusterCondition)	Conditions contains conditions the cluster is in, its primary use case is status signaling between controllers or between controllers and the API.
`phase` ClusterPhase	Phase is a description of the current cluster status, summarizing the various conditions, possible active updates etc. This field is for informational purpose only and no logic should be tied to the phase.
`inheritedLabels` object (keys:string, values:string)	InheritedLabels are labels the cluster inherited from the project. They are read-only for users.
`encryption` ClusterEncryptionStatus	Encryption describes the status of the encryption-at-rest feature for encrypted data in etcd.
`resourceUsage` ResourceDetails	ResourceUsage shows the current usage of resources for the cluster.

ClusterStatusError

Underlying type: string

Appears in:

ClusterStatus

ClusterTemplate

ClusterTemplate is the object representing a cluster template.

Appears in:

ClusterTemplateList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ClusterTemplate`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`clusterLabels` object (keys:string, values:string)
`inheritedClusterLabels` object (keys:string, values:string)
`credential` string
`userSSHKeys` ClusterTemplateSSHKey array
`spec` ClusterSpec

ClusterTemplateInstance

ClusterTemplateInstance is the object representing a cluster template instance.

Appears in:

ClusterTemplateInstanceList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ClusterTemplateInstance`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` ClusterTemplateInstanceSpec

ClusterTemplateInstanceList

ClusterTemplateInstanceList specifies a list of cluster template instances.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ClusterTemplateInstanceList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` ClusterTemplateInstance array

ClusterTemplateInstanceSpec

ClusterTemplateInstanceSpec specifies the data for cluster instances.

Appears in:

ClusterTemplateInstance

Field	Description
`projectID` string
`clusterTemplateID` string
`clusterTemplateName` string
`replicas` integer

ClusterTemplateList

ClusterTemplateList specifies a list of cluster templates.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ClusterTemplateList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` ClusterTemplate array

ClusterTemplateSSHKey

ClusterTemplateSSHKey is the object for holding SSH key.

Appears in:

ClusterTemplate

Field	Description
`id` string	ID is the name of the UserSSHKey object that is supposed to be assigned to any ClusterTemplateInstance created based on this template.
`name` string	Name is the human readable SSH key name.

ClusterVersionsStatus

ClusterVersionsStatus contains information regarding the current and desired versions of the cluster control plane and worker nodes.

Appears in:

ClusterStatus

Field	Description
`controlPlane` Semver	ControlPlane is the currently active cluster version. This can lag behind the apiserver version if an update is currently rolling out.
`apiserver` Semver	Apiserver is the currently desired version of the kube-apiserver. During upgrades across multiple minor versions (e.g. from 1.20 to 1.23), this will gradually be increased by the update-controller until the desired cluster version (spec.version) is reached.
`controllerManager` Semver	ControllerManager is the currently desired version of the kube-controller-manager. This field behaves the same as the apiserver field.
`scheduler` Semver	Scheduler is the currently desired version of the kube-scheduler. This field behaves the same as the apiserver field.
`oldestNodeVersion` Semver	OldestNodeVersion is the oldest node version currently in use inside the cluster. This can be nil if there are no nodes. This field is primarily for speeding up reconciling, so that the controller doesn’t have to re-fetch to the usercluster and query its node on every reconciliation.

ComponentSettings

Appears in:

ClusterSpec
SeedSpec

Field	Description
`apiserver` APIServerSettings	Apiserver configures kube-apiserver settings.
`controllerManager` ControllerSettings	ControllerManager configures kube-controller-manager settings.
`scheduler` ControllerSettings	Scheduler configures kube-scheduler settings.
`etcd` EtcdStatefulSetSettings	Etcd configures the etcd ring used to store Kubernetes data.
`prometheus` StatefulSetSettings	Prometheus configures the Prometheus instance deployed into the cluster control plane.
`nodePortProxyEnvoy` NodeportProxyComponent	NodePortProxyEnvoy configures the per-cluster nodeport-proxy-envoy that is deployed if the `LoadBalancer` expose strategy is used. This is not effective if a different expose strategy is configured.
`konnectivityProxy` KonnectivityProxySettings	KonnectivityProxy configures konnectivity-server and konnectivity-agent components.

Constraint

Constraint specifies a kubermatic wrapper for the gatekeeper constraints.

Appears in:

ConstraintList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`Constraint`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` ConstraintSpec

ConstraintList

ConstraintList specifies a list of constraints.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ConstraintList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` Constraint array

ConstraintSelector

ConstraintSelector is the object holding the cluster selection filters.

Appears in:

ConstraintSpec

Field	Description
`providers` string array	Providers is a list of cloud providers to which the Constraint applies to. Empty means all providers are selected.
`labelSelector` LabelSelector	LabelSelector selects the Clusters to which the Constraint applies based on their labels

ConstraintSpec

ConstraintSpec specifies the data for the constraint.

Appears in:

Constraint

Field	Description
`constraintType` string	ConstraintType specifies the type of gatekeeper constraint that the constraint applies to
`disabled` boolean	Disabled is the flag for disabling OPA constraints
`match` Match	Match contains the constraint to resource matching data
`parameters` object (keys:string, values:integer array)	Parameters specifies the parameters used by the constraint template REGO. It supports both the legacy rawJSON parameters, in which all the parameters are set in a JSON string, and regular parameters like in Gatekeeper Constraints. If rawJSON is set, during constraint syncing to the user cluster, the other parameters are ignored Example with rawJSON parameters:
parameters: rawJSON: ‘{“labels”:[“gatekeeper”]}’
And with regular parameters:
parameters: labels: [“gatekeeper”]
`selector` ConstraintSelector	Selector specifies the cluster selection filters
`enforcementAction` string	EnforcementAction defines the action to take in response to a constraint being violated. By default, EnforcementAction is set to deny as the default behavior is to deny admission requests with any violation.

ConstraintTemplate

ConstraintTemplate is the object representing a kubermatic wrapper for a gatekeeper constraint template.

Appears in:

ConstraintTemplateList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ConstraintTemplate`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` ConstraintTemplateSpec

ConstraintTemplateList

ConstraintTemplateList specifies a list of constraint templates.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ConstraintTemplateList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` ConstraintTemplate array

ConstraintTemplateSelector

ConstraintTemplateSelector is the object holding the cluster selection filters.

Appears in:

ConstraintTemplateSpec

Field	Description
`providers` string array	Providers is a list of cloud providers to which the Constraint Template applies to. Empty means all providers are selected.
`labelSelector` LabelSelector	LabelSelector selects the Clusters to which the Constraint Template applies based on their labels

ConstraintTemplateSpec

ConstraintTemplateSpec is the object representing the gatekeeper constraint template spec and kubermatic related spec.

Appears in:

ConstraintTemplate

Field	Description
`crd` CRD
`targets` Target array
`selector` ConstraintTemplateSelector

ContainerRuntimeContainerd

ContainerRuntimeContainerd defines containerd container runtime registries configs.

Appears in:

NodeSettings

Field	Description
`registries` object (keys:string, values:ContainerdRegistry)	A map of registries to use to render configs and mirrors for containerd registries

ContainerdRegistry

ContainerdRegistry defines endpoints and security for given container registry.

Appears in:

ContainerRuntimeContainerd

ControllerSettings

Appears in:

ComponentSettings

Field	Description
`replicas` integer
`resources` ResourceRequirements
`tolerations` Toleration array
`leaderElection` LeaderElectionSettings

CustomLink

Appears in:

SettingSpec

Field	Description
`label` string
`url` string
`icon` string
`location` string

CustomNetworkPolicy

CustomNetworkPolicy contains a name and the Spec of a NetworkPolicy.

Appears in:

DatacenterSpecKubevirt

Datacenter

Appears in:

SeedSpec

Field	Description
`country` string	Optional: Country of the seed as ISO-3166 two-letter code, e.g. DE or UK. For informational purposes in the Kubermatic dashboard only.
`location` string	Optional: Detailed location of the cluster, like “Hamburg” or “Datacenter 7”. For informational purposes in the Kubermatic dashboard only.
`node` NodeSettings	Node holds node-specific settings, like e.g. HTTP proxy, Docker registries and the like. Proxy settings are inherited from the seed if not specified here.
`spec` DatacenterSpec	Spec describes the cloud provider settings used to manage resources in this datacenter. Exactly one cloud provider must be defined.

DatacenterSpec

DatacenterSpec configures a KKP datacenter. Provider configuration is mutually exclusive, and as such only a single provider can be configured per datacenter.

Appears in:

Datacenter

Field	Description
`digitalocean` DatacenterSpecDigitalocean
`bringyourown` DatacenterSpecBringYourOwn	BringYourOwn contains settings for clusters using manually created nodes via kubeadm.
`aws` DatacenterSpecAWS	AWS configures an Amazon Web Services (AWS) datacenter.
`azure` DatacenterSpecAzure	Azure configures an Azure datacenter.
`openstack` DatacenterSpecOpenstack	Openstack configures an Openstack datacenter.
`packet` DatacenterSpecPacket	Packet configures an Equinix Metal datacenter.
`hetzner` DatacenterSpecHetzner	Hetzner configures a Hetzner datacenter.
`vsphere` DatacenterSpecVSphere	VSphere configures a VMware vSphere datacenter.
`vmwareclouddirector` DatacenterSpecVMwareCloudDirector	VMwareCloudDirector configures a VMware Cloud Director datacenter.
`gcp` DatacenterSpecGCP	GCP configures a Google Cloud Platform (GCP) datacenter.
`kubevirt` DatacenterSpecKubevirt	Kubevirt configures a KubeVirt datacenter.
`alibaba` DatacenterSpecAlibaba	Alibaba configures an Alibaba Cloud datacenter.
`anexia` DatacenterSpecAnexia	Anexia configures an Anexia datacenter.
`nutanix` DatacenterSpecNutanix	Nutanix configures a Nutanix HCI datacenter.
`requiredEmails` string array	Optional: When defined, only users with an e-mail address on the given domains can make use of this datacenter. You can define multiple domains, e.g. “example.com”, one of which must match the email domain exactly (i.e. “example.com” will not match “user@test.example.com”).
`enforceAuditLogging` boolean	Optional: EnforceAuditLogging enforces audit logging on every cluster within the DC, ignoring cluster-specific settings.
`enforcePodSecurityPolicy` boolean	Optional: EnforcePodSecurityPolicy enforces pod security policy plugin on every clusters within the DC, ignoring cluster-specific settings.
`providerReconciliationInterval` Duration	Optional: ProviderReconciliationInterval is the time that must have passed since a Cluster’s status.lastProviderReconciliation to make the cliuster controller perform an in-depth provider reconciliation, where for example missing security groups will be reconciled. Setting this too low can cause rate limits by the cloud provider, setting this too high means that if a resource at a cloud provider is removed/changed outside of KKP, it will take this long to fix it.
`operatingSystemProfiles` object (keys:OperatingSystem, values:string)	Optional: DefaultOperatingSystemProfiles specifies the OperatingSystemProfiles to use for each supported operating system.
`machineFlavorFilter` MachineFlavorFilter	Optional: MachineFlavorFilter is used to filter out allowed machine flavors based on the specified resource limits like CPU, Memory, and GPU etc.

DatacenterSpecAWS

DatacenterSpecAWS describes an AWS datacenter.

Appears in:

DatacenterSpec

Field	Description
`region` string	The AWS region to use, e.g. “us-east-1”. For a list of available regions, see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
`images` object (keys:OperatingSystem, values:string)	List of AMIs to use for a given operating system. This gets defaulted by querying for the latest AMI for the given distribution when machines are created, so under normal circumstances it is not necessary to define the AMIs statically.

DatacenterSpecAlibaba

DatacenterSpecAlibaba describes a alibaba datacenter.

Appears in:

DatacenterSpec

Field	Description
`region` string	Region to use, for a full list of regions see https://www.alibabacloud.com/help/doc-detail/40654.htm

DatacenterSpecAnexia

DatacenterSpecAnexia describes a anexia datacenter.

Appears in:

DatacenterSpec

Field	Description
`locationID` string	LocationID the location of the region

DatacenterSpecAzure

DatacenterSpecAzure describes an Azure cloud datacenter.

Appears in:

DatacenterSpec

Field	Description
`location` string	Region to use, for example “westeurope”. A list of available regions can be found at https://azure.microsoft.com/en-us/global-infrastructure/locations/

DatacenterSpecBringYourOwn

DatacenterSpecBringYourOwn describes a datacenter our of bring your own nodes.

Appears in:

DatacenterSpec

DatacenterSpecDigitalocean

DatacenterSpecDigitalocean describes a DigitalOcean datacenter.

Appears in:

DatacenterSpec

Field	Description
`region` string	Datacenter location, e.g. “ams3”. A list of existing datacenters can be found at https://www.digitalocean.com/docs/platform/availability-matrix/

DatacenterSpecGCP

DatacenterSpecGCP describes a GCP datacenter.

Appears in:

DatacenterSpec

Field	Description
`region` string	Region to use, for example “europe-west3”, for a full list of regions see https://cloud.google.com/compute/docs/regions-zones/
`zoneSuffixes` string array	List of enabled zones, for example [a, c]. See the link above for the available zones in your chosen region.
`regional` boolean	Optional: Regional clusters spread their resources across multiple availability zones. Refer to the official documentation for more details on this: https://cloud.google.com/kubernetes-engine/docs/concepts/regional-clusters

DatacenterSpecHetzner

DatacenterSpecHetzner describes a Hetzner cloud datacenter.

Appears in:

DatacenterSpec

Field	Description
`datacenter` string	Datacenter location, e.g. “nbg1-dc3”. A list of existing datacenters can be found at https://docs.hetzner.com/general/others/data-centers-and-connection/
`network` string	Network is the pre-existing Hetzner network in which the machines are running. While machines can be in multiple networks, a single one must be chosen for the HCloud CCM to work.
`location` string	Optional: Detailed location of the datacenter, like “Hamburg” or “Datacenter 7”. For informational purposes only.

DatacenterSpecKubevirt

DatacenterSpecKubevirt describes a kubevirt datacenter.

Appears in:

DatacenterSpec

Field	Description
`dnsPolicy` string	DNSPolicy represents the dns policy for the pod. Valid values are ‘ClusterFirstWithHostNet’, ‘ClusterFirst’, ‘Default’ or ‘None’. Defaults to “ClusterFirst”. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.
`dnsConfig` PodDNSConfig	DNSConfig represents the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.
`enableDefaultNetworkPolicies` boolean	Optional: EnableDefaultNetworkPolicies enables deployment of default network policies like cluster isolation. Defaults to true.
`customNetworkPolicies` CustomNetworkPolicy array	Optional: CustomNetworkPolicies allows to add some extra custom NetworkPolicies, that are deployed in the dedicated infra KubeVirt cluster. They are added to the defaults.
`images` KubeVirtImageSources	Images represents standard VM Image sources.
`infraStorageClasses` KubeVirtInfraStorageClass array	Optional: InfraStorageClasses contains a list of KubeVirt infra cluster StorageClasses names that will be used to initialise StorageClasses in the tenant cluster. In the tenant cluster, the created StorageClass name will have as name: kubevirt-

DatacenterSpecNutanix

DatacenterSpecNutanix describes a Nutanix datacenter.

Appears in:

DatacenterSpec

Field	Description
`endpoint` string	Endpoint to use for accessing Nutanix Prism Central. No protocol or port should be passed, for example “nutanix.example.com” or “10.0.0.1”
`port` integer	Optional: Port to use when connecting to the Nutanix Prism Central endpoint (defaults to 9440)
`allowInsecure` boolean	Optional: AllowInsecure allows to disable the TLS certificate check against the endpoint (defaults to false)
`images` object (keys:OperatingSystem, values:string)	Images to use for each supported operating system

DatacenterSpecOpenstack

DatacenterSpecOpenstack describes an OpenStack datacenter.

Appears in:

DatacenterSpec

Field	Description
`authURL` string
`availabilityZone` string
`region` string
`ignoreVolumeAZ` boolean	Optional
`enforceFloatingIP` boolean	Optional
`dnsServers` string array	Used for automatic network creation
`images` object (keys:OperatingSystem, values:string)	Images to use for each supported operating system.
`manageSecurityGroups` boolean	Optional: Gets mapped to the “manage-security-groups” setting in the cloud config. This setting defaults to true.
`useOctavia` boolean	Optional: Gets mapped to the “use-octavia” setting in the cloud config. use-octavia is enabled by default in CCM since v1.17.0, and disabled by default with the in-tree cloud provider.
`trustDevicePath` boolean	Optional: Gets mapped to the “trust-device-path” setting in the cloud config. This setting defaults to false.
`nodeSizeRequirements` OpenstackNodeSizeRequirements	Optional: Restrict the allowed VM configurations that can be chosen in the KKP dashboard. This setting does not affect the validation webhook for MachineDeployments.
`enabledFlavors` string array	Optional: List of enabled flavors for the given datacenter
`ipv6Enabled` boolean	Optional: defines if the IPv6 is enabled for the datacenter

DatacenterSpecPacket

DatacenterSpecPacket describes a Packet datacenter.

Appears in:

DatacenterSpec

Field	Description
`facilities` string array	The list of enabled facilities, for example “ams1”, for a full list of available facilities see https://metal.equinix.com/developers/docs/locations/facilities/
`metro` string	Metros are facilities that are grouped together geographically and share capacity and networking features, see https://metal.equinix.com/developers/docs/locations/metros/

DatacenterSpecVMwareCloudDirector

Appears in:

DatacenterSpec

Field	Description
`url` string	Endpoint URL to use, including protocol, for example “https://vclouddirector.example.com”.
`allowInsecure` boolean	If set to true, disables the TLS certificate check against the endpoint.
`catalog` string	The default catalog which contains the VM templates.
`storageProfile` string	The name of the storage profile to use for disks attached to the VMs.
`templates` object (keys:OperatingSystem, values:string)	A list of VM templates to use for a given operating system. You must define at least one template.

DatacenterSpecVSphere

DatacenterSpecVSphere describes a vSphere datacenter.

Appears in:

DatacenterSpec

Field	Description
`endpoint` string	Endpoint URL to use, including protocol, for example “https://vcenter.example.com”.
`allowInsecure` boolean	If set to true, disables the TLS certificate check against the endpoint.
`datastore` string	The default Datastore to be used for provisioning volumes using storage classes/dynamic provisioning and for storing virtual machine files in case no `Datastore` or `DatastoreCluster` is provided at Cluster level.
`datacenter` string	The name of the datacenter to use.
`cluster` string	The name of the vSphere cluster to use. Used for out-of-tree CSI Driver.
`storagePolicy` string	The name of the storage policy to use for the storage class created in the user cluster.
`rootPath` string	Optional: The root path for cluster specific VM folders. Each cluster gets its own folder below the root folder. Must be the FQDN (for example “/datacenter-1/vm/all-kubermatic-vms-in-here”) and defaults to the root VM folder: “/datacenter-1/vm”
`templates` object (keys:OperatingSystem, values:string)	A list of VM templates to use for a given operating system. You must define at least one template. See: https://github.com/kubermatic/machine-controller/blob/master/docs/vsphere.md#template-vms-preparation
`infraManagementUser` VSphereCredentials	Optional: Infra management user is the user that will be used for everything except the cloud provider functionality, which will still use the credentials passed in via the Kubermatic dashboard/API.
`ipv6Enabled` boolean	Optional: defines if the IPv6 is enabled for the datacenter
`defaultTagCategoryID` string	DefaultTagCategoryID is the tag category id that will be used as default, if users don’t specify it on a cluster level, and they don’t wish KKP to create default generated tag category, upon cluster creation.

DefaultProjectResourceQuota

DefaultProjectResourceQuota contains the default resource quota which will be set for all projects that do not have a custom quota already set.

Appears in:

SettingSpec

Field	Description
`quota` ResourceDetails

DeploymentSettings

Appears in:

APIServerSettings
ControllerSettings

Field	Description
`replicas` integer
`resources` ResourceRequirements
`tolerations` Toleration array

Digitalocean

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`token` string	Token is used to authenticate with the DigitalOcean API.

DigitaloceanCloudSpec

DigitaloceanCloudSpec specifies access data to DigitalOcean.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`token` string

EKS

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`accessKeyID` string
`secretAccessKey` string
`assumeRoleARN` string
`assumeRoleExternalID` string

EncryptionConfiguration

EncryptionConfiguration configures encryption-at-rest for Kubernetes API data.

Appears in:

ClusterSpec

Field	Description
`enabled` boolean	Enables encryption-at-rest on this cluster.
`resources` string array	List of resources that will be stored encrypted in etcd.
`secretbox` SecretboxEncryptionConfiguration	Configuration for the `secretbox` static key encryption scheme as supported by Kubernetes. More info: https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#providers

EnvoyLoadBalancerService

Appears in:

NodePortProxyComponentEnvoy

Field	Description
`annotations` object (keys:string, values:string)	Annotations are used to further tweak the LoadBalancer integration with the cloud provider.
`sourceRanges` CIDR array	SourceRanges will restrict loadbalancer service to IP ranges specified using CIDR notation like 172.25.0.0/16. This field will be ignored if the cloud-provider does not support the feature. More info: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/

EtcdBackupConfig

EtcdBackupConfig specifies a add-on.

Appears in:

EtcdBackupConfigList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`EtcdBackupConfig`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` EtcdBackupConfigSpec
`status` EtcdBackupConfigStatus

EtcdBackupConfigCondition

Appears in:

EtcdBackupConfigStatus

Field	Description
`status` ConditionStatus	Status of the condition, one of True, False, Unknown.
`lastHeartbeatTime` Time	Last time we got an update on a given condition.
`lastTransitionTime` Time	Last time the condition transit from one status to another.
`reason` string	(brief) reason for the condition’s last transition.
`message` string	Human readable message indicating details about last transition.

EtcdBackupConfigConditionType

Underlying type: string

EtcdBackupConfigConditionType is used to indicate the type of a EtcdBackupConfig condition. For all condition types, the true value must indicate success. All condition types must be registered within the AllClusterConditionTypes variable.

Appears in:

EtcdBackupConfigStatus

EtcdBackupConfigList

EtcdBackupConfigList is a list of etcd backup configs.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`EtcdBackupConfigList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` EtcdBackupConfig array

EtcdBackupConfigSpec

EtcdBackupConfigSpec specifies details of an etcd backup.

Appears in:

EtcdBackupConfig

Field	Description
`name` string	Name defines the name of the backup The name of the backup file in S3 will be - If a schedule is set (see below), - will be appended.
`cluster` ObjectReference	Cluster is the reference to the cluster whose etcd will be backed up
`schedule` string	Schedule is a cron expression defining when to perform the backup. If not set, the backup is performed exactly once, immediately.
`keep` integer	Keep is the number of backups to keep around before deleting the oldest one If not set, defaults to DefaultKeptBackupsCount. Only used if Schedule is set.
`destination` string	Destination indicates where the backup will be stored. The destination name must correspond to a destination in the cluster’s Seed.Spec.EtcdBackupRestore.

EtcdBackupConfigStatus

Appears in:

EtcdBackupConfig

Field	Description
`currentBackups` BackupStatus array	CurrentBackups tracks the creation and deletion progress of all backups managed by the EtcdBackupConfig
`conditions` object (keys:EtcdBackupConfigConditionType, values:EtcdBackupConfigCondition)	Conditions contains conditions of the EtcdBackupConfig
`cleanupRunning` boolean	If the controller was configured with a cleanupContainer, CleanupRunning keeps track of the corresponding job

EtcdBackupRestore

EtcdBackupRestore holds the configuration of the automatic backup and restores.

Appears in:

SeedSpec

Field	Description
`destinations` object (keys:string, values:BackupDestination)	Destinations stores all the possible destinations where the backups for the Seed can be stored. If not empty, it enables automatic backup and restore for the seed.
`defaultDestination` string	DefaultDestination marks the default destination that will be used for the default etcd backup config which is created for every user cluster. Has to correspond to a destination in Destinations. If removed, it removes the related default etcd backup configs.

EtcdRestore

EtcdRestore specifies a add-on.

Appears in:

EtcdRestoreList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`EtcdRestore`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` EtcdRestoreSpec
`status` EtcdRestoreStatus

EtcdRestoreList

EtcdRestoreList is a list of etcd restores.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`EtcdRestoreList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` EtcdRestore array

EtcdRestoreSpec

EtcdRestoreSpec specifies details of an etcd restore.

Appears in:

EtcdRestore

Field	Description
`name` string	Name defines the name of the restore The name of the restore file in S3 will be - If a schedule is set (see below), - will be appended.
`cluster` ObjectReference	Cluster is the reference to the cluster whose etcd will be backed up
`backupName` string	BackupName is the name of the backup to restore from
`backupDownloadCredentialsSecret` string	BackupDownloadCredentialsSecret is the name of a secret in the cluster-xxx namespace containing credentials needed to download the backup
`destination` string	Destination indicates where the backup was stored. The destination name should correspond to a destination in the cluster’s Seed.Spec.EtcdBackupRestore. If empty, it will use the legacy destination configured in Seed.Spec.BackupRestore

EtcdRestoreStatus

Appears in:

EtcdRestore

Field	Description
`phase` EtcdRestorePhase
`restoreTime` Time

EtcdStatefulSetSettings

Appears in:

ComponentSettings

Field	Description
`clusterSize` integer
`storageClass` string
`diskSize` Quantity
`resources` ResourceRequirements
`tolerations` Toleration array

EventRateLimitConfig

EventRateLimitConfig configures the EventRateLimit admission plugin. More info: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#eventratelimit

Appears in:

ClusterSpec

Field	Description
`server` EventRateLimitConfigItem
`namespace` EventRateLimitConfigItem
`user` EventRateLimitConfigItem
`sourceAndObject` EventRateLimitConfigItem

EventRateLimitConfigItem

Appears in:

EventRateLimitConfig

Field	Description
`qps` integer
`burst` integer
`cacheSize` integer

ExposeStrategy

Underlying type: string

ExposeStrategy is the strategy used to expose a cluster control plane. Possible values are NodePort, LoadBalancer or Tunneling (requires a feature gate).

Appears in:

ClusterSpec
KubermaticConfigurationSpec
SeedSpec

ExtendedClusterHealth

ExtendedClusterHealth stores health information of a cluster.

Appears in:

ClusterStatus

Field	Description
`apiserver` HealthStatus
`scheduler` HealthStatus
`controller` HealthStatus
`machineController` HealthStatus
`etcd` HealthStatus
`openvpn` HealthStatus
`konnectivity` HealthStatus
`cloudProviderInfrastructure` HealthStatus
`userClusterControllerManager` HealthStatus
`applicationController` HealthStatus
`gatekeeperController` HealthStatus
`gatekeeperAudit` HealthStatus
`monitoring` HealthStatus
`logging` HealthStatus
`alertmanagerConfig` HealthStatus
`mlaGateway` HealthStatus
`operatingSystemManager` HealthStatus
`kubernetesDashboard` HealthStatus

ExternalCluster

ExternalCluster is the object representing an external kubernetes cluster.

Appears in:

ExternalClusterList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ExternalCluster`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` ExternalClusterSpec	Spec describes the desired cluster state.
`status` ExternalClusterStatus	Status contains reconciliation information for the cluster.

ExternalClusterAKSCloudSpec

Appears in:

ExternalClusterCloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector	CredentialsReference allows referencing a `Secret` resource instead of passing secret data in this spec.
`name` string
`tenantID` string	TenantID: The Azure Active Directory Tenant used for this cluster. Can be read from `credentialsReference` instead.
`subscriptionID` string	SubscriptionID: The Azure Subscription used for this cluster. Can be read from `credentialsReference` instead.
`clientID` string	ClientID: The service principal used to access Azure. Can be read from `credentialsReference` instead.
`clientSecret` string	ClientSecret: The client secret corresponding to the given service principal. Can be read from `credentialsReference` instead.
`location` string	Location: The geo-location where the resource lives
`resourceGroup` string	ResourceGroup: The resource group that will be used to look up and create resources for the cluster in. If set to empty string at cluster creation, a new resource group will be created and this field will be updated to the generated resource group’s name.

ExternalClusterBringYourOwnCloudSpec

Appears in:

ExternalClusterCloudSpec

ExternalClusterCloudSpec

ExternalClusterCloudSpec mutually stores access data to a cloud provider.

Appears in:

ExternalClusterSpec

Field	Description
`providerName` ExternalClusterProvider
`gke` ExternalClusterGKECloudSpec
`eks` ExternalClusterEKSCloudSpec
`aks` ExternalClusterAKSCloudSpec
`kubeone` ExternalClusterKubeOneCloudSpec
`bringyourown` ExternalClusterBringYourOwnCloudSpec

ExternalClusterCondition

Appears in:

ExternalClusterStatus

Field	Description
`phase` ExternalClusterPhase
`message` string	Human readable message indicating details about last transition.

ExternalClusterEKSCloudSpec

Appears in:

ExternalClusterCloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`name` string
`accessKeyID` string	AccessKeyID: AWS Access key ID Can be read from `credentialsReference` instead.
`secretAccessKey` string	SecretAccessKey: AWS Secret Access Key Can be read from `credentialsReference` instead.
`region` string
`roleArn` string	ControlPlaneRoleARN: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to Amazon Web Services API operations on your behalf.
`vpcID` string	VPCID: The VPC associated with your cluster.
`subnetIDs` string array	SubnetIDs: The subnets associated with your cluster.
`securityGroupIDs` string array	SecurityGroupIDs: The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your nodes and the Kubernetes control plane.
`assumeRoleARN` string	AssumeRoleARN defines the ARN for an IAM role that should be assumed when handling resources on AWS. It will be used to acquire temporary security credentials using an STS AssumeRole API operation whenever creating an AWS session. required: false
`assumeRoleExternalID` string	AssumeRoleExternalID is an arbitrary string that may be needed when calling the STS AssumeRole API operation. Using an external ID can help to prevent the “confused deputy problem”. required: false

ExternalClusterGKECloudSpec

Appears in:

ExternalClusterCloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`name` string
`serviceAccount` string	ServiceAccount: The Google Cloud Platform Service Account. Can be read from `credentialsReference` instead.
`zone` string	Zone: The name of the Google Compute Engine zone (https://cloud.google.com/compute/docs/zones#available) in which the cluster resides.

ExternalClusterKubeOneCloudSpec

Appears in:

ExternalClusterCloudSpec

Field	Description
`providerName` string	ProviderName is the name of the cloud provider used, one of “aws”, “azure”, “digitalocean”, “gcp”, “hetzner”, “nutanix”, “openstack”, “packet”, “vsphere” KubeOne natively-supported providers
`region` string	Region is the cloud provider region in which the cluster resides. This field is used only to display information.
`credentialsReference` GlobalSecretKeySelector
`sshReference` GlobalSecretKeySelector
`manifestReference` GlobalSecretKeySelector

ExternalClusterList

ExternalClusterList specifies a list of external kubernetes clusters.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ExternalClusterList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` ExternalCluster array

ExternalClusterNetworkRanges

ExternalClusterNetworkRanges represents ranges of network addresses.

Appears in:

ExternalClusterNetworkingConfig

Field	Description
`cidrBlocks` string array

ExternalClusterNetworkingConfig

ExternalClusterNetworkingConfig specifies the different networking parameters for a external cluster.

Appears in:

ExternalClusterSpec

Field	Description
`services` ExternalClusterNetworkRanges	The network ranges from which service VIPs are allocated. It can contain one IPv4 and/or one IPv6 CIDR. If both address families are specified, the first one defines the primary address family.
`pods` ExternalClusterNetworkRanges	The network ranges from which POD networks are allocated. It can contain one IPv4 and/or one IPv6 CIDR. If both address families are specified, the first one defines the primary address family.

ExternalClusterPhase

Underlying type: string

Appears in:

ExternalClusterCondition

ExternalClusterProviderType

Underlying type: string

ExternalClusterProviderType is used to indicate ExternalCluster Provider Types.

Appears in:

KubermaticVersioningConfiguration

ExternalClusterProviderVersioningConfiguration

ExternalClusterProviderVersioningConfiguration configures the available and default Kubernetes versions for ExternalCluster Providers.

Appears in:

KubermaticVersioningConfiguration

Field	Description
`versions` Semver array	Versions lists the available versions.
`default` Semver	Default is the default version to offer users.
`updates` Semver array	Updates is a list of available upgrades.

ExternalClusterSpec

ExternalClusterSpec specifies the data for a new external kubernetes cluster.

Appears in:

ExternalCluster

Field	Description
`humanReadableName` string	HumanReadableName is the cluster name provided by the user
`kubeconfigReference` GlobalSecretKeySelector	KubeconfigReference is reference to cluster Kubeconfig
`version` Semver	Version defines the wanted version of the control plane.
`cloudSpec` ExternalClusterCloudSpec	CloudSpec contains provider specific fields
`clusterNetwork` ExternalClusterNetworkingConfig
`containerRuntime` string	ContainerRuntime to use, i.e. `docker` or `containerd`.
`pause` boolean	If this is set to true, the cluster will not be reconciled by KKP. This indicates that the user needs to do some action to resolve the pause.
`pauseReason` string	PauseReason is the reason why the cluster is not being managed. This field is for informational purpose only and can be set by a user or a controller to communicate the reason for pausing the cluster.

ExternalClusterStatus

ExternalClusterStatus denotes status information about an ExternalCluster.

Appears in:

ExternalCluster

Field	Description
`condition` ExternalClusterCondition	Conditions contains conditions an externalcluster is in, its primary use case is status signaling for controller

GCP

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`serviceAccount` string
`network` string
`subnetwork` string

GCPCloudSpec

GCPCloudSpec specifies access data to GCP.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`serviceAccount` string	The Google Service Account (JSON format), encoded with base64.
`network` string
`subnetwork` string
`nodePortsAllowedIPRange` string	A CIDR range that will be used to allow access to the node port range in the firewall rules to. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.
`nodePortsAllowedIPRanges` NetworkRanges	Optional: CIDR ranges that will be used to allow access to the node port range in the firewall rules to. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.

GKE

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`serviceAccount` string

GroupProjectBinding

GroupProjectBinding specifies a binding between a group and a project This resource is used by the user management to manipulate member groups of the given project.

Appears in:

GroupProjectBindingList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`GroupProjectBinding`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` GroupProjectBindingSpec

GroupProjectBindingList

GroupProjectBindingList is a list of group project bindings.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`GroupProjectBindingList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` GroupProjectBinding array

GroupProjectBindingSpec

GroupProjectBindingSpec specifies an oidc group binding to a project.

Appears in:

GroupProjectBinding

Field	Description
`group` string	Group is the group name that is bound to the given project.
`projectID` string	ProjectID is the ID of the target project. Should be a valid lowercase RFC1123 domain name
`role` string	Role is the user’s role within the project, determining their permissions. Possible roles are: “viewers” - allowed to get/list project resources “editors” - allowed to edit all project resources “owners” - same as editors, but also can manage users in the project

GroupVersionKind

GroupVersionKind unambiguously identifies a kind. It doesn’t anonymously include GroupVersion to avoid automatic coercion. It doesn’t use a GroupVersion to avoid custom marshalling.

Appears in:

AddonSpec

Field	Description
`group` string
`version` string

HealthStatus

Underlying type: string

Appears in:

ExtendedClusterHealth

Hetzner

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`token` string	Token is used to authenticate with the Hetzner API.
`network` string	Network is the pre-existing Hetzner network in which the machines are running. While machines can be in multiple networks, a single one must be chosen for the HCloud CCM to work. If this is empty, the network configured on the datacenter will be used.

HetznerCloudSpec

HetznerCloudSpec specifies access data to hetzner cloud.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`token` string	Token is used to authenticate with the Hetzner cloud API.
`network` string	Network is the pre-existing Hetzner network in which the machines are running. While machines can be in multiple networks, a single one must be chosen for the HCloud CCM to work. If this is empty, the network configured on the datacenter will be used.

IPAMAllocation

IPAMAllocation is the object representing an allocation from an IPAMPool made for a particular KKP user cluster.

Appears in:

IPAMAllocationList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`IPAMAllocation`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` IPAMAllocationSpec

IPAMAllocationList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`IPAMAllocationList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` IPAMAllocation array

IPAMAllocationSpec

IPAMAllocationSpec specifies an allocation from an IPAMPool made for a particular KKP user cluster.

Appears in:

IPAMAllocation

Field	Description
`type` IPAMPoolAllocationType	Type is the allocation type that is being used.
`dc` string	DC is the datacenter of the allocation.
`cidr` SubnetCIDR	CIDR is the CIDR that is being used for the allocation. Set when “type=prefix”.
`addresses` string array	Addresses are the IP address ranges that are being used for the allocation. Set when “type=range”.

IPAMPool

IPAMPool is the object representing Multi-Cluster IP Address Management (IPAM) configuration for KKP user clusters.

Appears in:

IPAMPoolList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`IPAMPool`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` IPAMPoolSpec

IPAMPoolAllocationType

Underlying type: string

IPAMPoolAllocationType defines the type of allocation to be used. Possible values are prefix and range.

Appears in:

IPAMAllocationSpec
IPAMPoolDatacenterSettings

IPAMPoolDatacenterSettings

IPAMPoolDatacenterSettings contains IPAM Pool configuration for a datacenter.

Appears in:

IPAMPoolSpec

Field	Description
`type` IPAMPoolAllocationType	Type is the allocation type to be used.
`poolCidr` SubnetCIDR	PoolCIDR is the pool CIDR to be used for the allocation.
`allocationPrefix` integer	AllocationPrefix is the prefix for the allocation. Used when “type=prefix”.
`excludePrefixes` SubnetCIDR array	Optional: ExcludePrefixes is used to exclude particular subnets for the allocation. NOTE: must be the same length as allocationPrefix. Can be used when “type=prefix”.
`allocationRange` integer	AllocationRange is the range for the allocation. Used when “type=range”.
`excludeRanges` string array	Optional: ExcludeRanges is used to exclude particular IPs or IP ranges for the allocation. Examples: “192.168.1.100-192.168.1.110”, “192.168.1.255”. Can be used when “type=range”.

IPAMPoolList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`IPAMPoolList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` IPAMPool array

IPAMPoolSpec

IPAMPoolSpec specifies the Multi-Cluster IP Address Management (IPAM) configuration for KKP user clusters.

Appears in:

IPAMPool

Field	Description
`datacenters` object (keys:string, values:IPAMPoolDatacenterSettings)	Datacenters contains a map of datacenters (DCs) for the allocation.

IPFamily

Underlying type: string

Appears in:

ClusterNetworkingConfig

IPVSConfiguration

IPVSConfiguration contains ipvs-related configuration details for kube-proxy.

Appears in:

ClusterNetworkingConfig

Field	Description
`strictArp` boolean	StrictArp configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface. defaults to true.

Incompatibility

Incompatibility represents a version incompatibility for a user cluster.

Appears in:

KubermaticVersioningConfiguration

Field	Description
`provider` string	Provider to which to apply the compatibility check. Empty string matches all providers
`version` string	Version is the Kubernetes version that must be checked. Wildcards are allowed, e.g. “1.25.*”.
`condition` ConditionType	Condition is the cluster or datacenter condition that must be met to block a specific version
`operation` OperationType	Operation is the operation triggering the compatibility check (CREATE or UPDATE)

Kind

Kind specifies the resource Kind and APIGroup.

Appears in:

Match

Field	Description
`kinds` string array	Kinds specifies the kinds of the resources
`apiGroups` string array	APIGroups specifies the APIGroups of the resources

KonnectivityProxySettings

Appears in:

ComponentSettings

Field	Description
`resources` ResourceRequirements	Resources configure limits/requests for Konnectivity components.
`keepaliveTime` string	KeepaliveTime represents a duration of time to check if the transport is still alive. The option is propagated to agents and server. Defaults to 1m.

KubeVirtHTTPSource

KubeVirtHTTPSource represents list of images and their versions that can be downloaded over HTTP.

Appears in:

KubeVirtImageSources

KubeVirtImageSources

KubeVirtImageSources represents KubeVirt image sources.

Appears in:

DatacenterSpecKubevirt

Field	Description
`http` KubeVirtHTTPSource	HTTP represents a http source.

KubeVirtInfraStorageClass

Appears in:

DatacenterSpecKubevirt
KubevirtCloudSpec

Field	Description
`name` string
`isDefaultClass` boolean	Optional: IsDefaultClass. If true, the created StorageClass in the tenant cluster will be annotated with: storageclass.kubernetes.io/is-default-class : true If missing or false, annotation will be: storageclass.kubernetes.io/is-default-class : false

KubermaticAPIConfiguration

KubermaticAPIConfiguration configures the dashboard.

Appears in:

KubermaticConfigurationSpec

Field	Description
`dockerRepository` string	DockerRepository is the repository containing the Kubermatic REST API image.
`accessibleAddons` string array	AccessibleAddons is a list of addons that should be enabled in the API.
`pprofEndpoint` string	PProfEndpoint controls the port the API should listen on to provide pprof data. This port is never exposed from the container and only available via port-forwardings.
`resources` ResourceRequirements	Resources describes the requested and maximum allowed CPU/memory usage.
`debugLog` boolean	DebugLog enables more verbose logging.
`replicas` integer	Replicas sets the number of pod replicas for the API deployment.

KubermaticAddonsConfiguration

KubermaticAddonConfiguration describes the addons for a given cluster runtime.

Appears in:

KubermaticUserClusterConfiguration

Field	Description
`default` string array	Default is the list of addons to be installed by default into each cluster. Mutually exclusive with “defaultManifests”.
`defaultManifests` string	DefaultManifests is a list of addon manifests to install into all clusters. Mutually exclusive with “default”.
`dockerRepository` string	DockerRepository is the repository containing the Docker image containing the possible addon manifests.
`dockerTagSuffix` string	DockerTagSuffix is appended to the tag used for referring to the addons image. If left empty, the tag will be the KKP version (e.g. “v2.15.0”), with a suffix it becomes “v2.15.0-SUFFIX”.

KubermaticAuthConfiguration

KubermaticAuthConfiguration defines keys and URLs for Dex.

Appears in:

KubermaticConfigurationSpec

Field	Description
`clientID` string
`tokenIssuer` string
`issuerRedirectURL` string
`issuerClientID` string
`issuerClientSecret` string
`issuerCookieKey` string
`serviceAccountKey` string
`skipTokenIssuerTLSVerify` boolean

KubermaticConfiguration

KubermaticConfiguration is the configuration required for running Kubermatic.

Appears in:

KubermaticConfigurationList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`KubermaticConfiguration`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` KubermaticConfigurationSpec
`status` KubermaticConfigurationStatus

KubermaticConfigurationList

KubermaticConfigurationList is a collection of KubermaticConfigurations.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`KubermaticConfigurationList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` KubermaticConfiguration array

KubermaticConfigurationSpec

KubermaticConfigurationSpec is the spec for a Kubermatic installation.

Appears in:

KubermaticConfiguration

Field	Description
`caBundle` TypedLocalObjectReference	CABundle references a ConfigMap in the same namespace as the KubermaticConfiguration. This ConfigMap must contain a ca-bundle.pem with PEM-encoded certificates. This bundle automatically synchronized into each seed and each usercluster. APIGroup and Kind are currently ignored.
`imagePullSecret` string	ImagePullSecret is used to authenticate against Docker registries.
`auth` KubermaticAuthConfiguration	Auth defines keys and URLs for Dex. These must be defined unless the HeadlessInstallation feature gate is set, which will disable the UI/API and its need for an OIDC provider entirely.
`featureGates` object (keys:string, values:boolean)	FeatureGates are used to optionally enable certain features.
`ui` KubermaticUIConfiguration	UI configures the dashboard.
`api` KubermaticAPIConfiguration	API configures the frontend REST API used by the dashboard.
`seedController` KubermaticSeedControllerConfiguration	SeedController configures the seed-controller-manager.
`masterController` KubermaticMasterControllerConfiguration	MasterController configures the master-controller-manager.
`webhook` KubermaticWebhookConfiguration	Webhook configures the webhook.
`userCluster` KubermaticUserClusterConfiguration	UserCluster configures various aspects of the user-created clusters.
`exposeStrategy` ExposeStrategy	ExposeStrategy is the strategy to expose the cluster with. Note: The `seed_dns_overwrite` setting of a Seed’s datacenter doesn’t have any effect if this is set to LoadBalancerStrategy.
`ingress` KubermaticIngressConfiguration	Ingress contains settings for making the API and UI accessible remotely.
`versions` KubermaticVersioningConfiguration	Versions configures the available and default Kubernetes versions and updates.
`verticalPodAutoscaler` KubermaticVPAConfiguration	VerticalPodAutoscaler configures the Kubernetes VPA integration.
`proxy` KubermaticProxyConfiguration	Proxy allows to configure Kubermatic to use proxies to talk to the world outside of its cluster.

KubermaticConfigurationStatus

KubermaticConfigurationStatus stores status information about a KubermaticConfiguration.

Appears in:

KubermaticConfiguration

Field	Description
`kubermaticVersion` string	KubermaticVersion current Kubermatic Version.
`kubermaticEdition` string	KubermaticEdition current Kubermatic Edition , i.e. Community Edition or Enterprise Edition.

KubermaticIngressConfiguration

Appears in:

KubermaticConfigurationSpec

Field	Description
`domain` string	Domain is the base domain where the dashboard shall be available. Even with a disabled Ingress, this must always be a valid hostname.
`className` string	ClassName is the Ingress resource’s class name, used for selecting the appropriate ingress controller.
`disable` boolean	Disable will prevent an Ingress from being created at all. This is mostly useful during testing. If the Ingress is disabled, the CertificateIssuer setting can also be left empty, as no Certificate resource will be created.
`certificateIssuer` TypedLocalObjectReference	CertificateIssuer is the name of a cert-manager Issuer or ClusterIssuer (default) that will be used to acquire the certificate for the configured domain. To use a namespaced Issuer, set the Kind to “Issuer” and manually create the matching Issuer in Kubermatic’s namespace. Setting an empty name disables the automatic creation of certificates and disables the TLS settings on the Kubermatic Ingress.

KubermaticMasterControllerConfiguration

KubermaticMasterControllerConfiguration configures the Kubermatic master controller-manager.

Appears in:

KubermaticConfigurationSpec

Field	Description
`dockerRepository` string	DockerRepository is the repository containing the Kubermatic master-controller-manager image.
`projectsMigrator` KubermaticProjectsMigratorConfiguration	ProjectsMigrator configures the migrator for user projects.
`pprofEndpoint` string	PProfEndpoint controls the port the master-controller-manager should listen on to provide pprof data. This port is never exposed from the container and only available via port-forwardings.
`resources` ResourceRequirements	Resources describes the requested and maximum allowed CPU/memory usage.
`debugLog` boolean	DebugLog enables more verbose logging.
`replicas` integer	Replicas sets the number of pod replicas for the master-controller-manager.

KubermaticProjectsMigratorConfiguration

KubermaticProjectsMigratorConfiguration configures the Kubermatic master controller-manager.

Appears in:

KubermaticMasterControllerConfiguration

Field	Description
`dryRun` boolean	DryRun makes the migrator only log the actions it would take.

KubermaticProxyConfiguration

KubermaticProxyConfiguration can be used to control how the various Kubermatic components reach external services / the Internet. These settings are reflected as environment variables for the Kubermatic pods.

Appears in:

KubermaticConfigurationSpec

Field	Description
`http` string	HTTP is the full URL to the proxy to use for plaintext HTTP connections, e.g. “http://internalproxy.example.com:8080”.
`https` string	HTTPS is the full URL to the proxy to use for encrypted HTTPS connections, e.g. “http://secureinternalproxy.example.com:8080”.
`noProxy` string	NoProxy is a comma-separated list of hostnames / network masks for which no proxy shall be used. If you make use of proxies, this list should contain all local and cluster-internal domains and networks, e.g. “10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,mydomain”. The operator will always prepend the following elements to this list if proxying is configured (i.e. HTTP/HTTPS are not empty): “127.0.0.1/8”, “localhost”, “.local”, “.local.”, “kubernetes”, “.default”, “.svc”

KubermaticSeedControllerConfiguration

KubermaticSeedControllerConfiguration configures the Kubermatic seed controller-manager.

Appears in:

KubermaticConfigurationSpec

Field	Description
`dockerRepository` string	DockerRepository is the repository containing the Kubermatic seed-controller-manager image.
`backupStoreContainer` string	BackupStoreContainer is the container used for shipping etcd snapshots to a backup location.
`backupDeleteContainer` string	BackupDeleteContainer is the container used for deleting etcd snapshots from a backup location. This container is only relevant when the new backup/restore controllers are enabled.
`backupCleanupContainer` string	BackupCleanupContainer is the container used for removing expired backups from the storage location. This container is only relevant when the old, deprecated backup controllers are enabled.
`maximumParallelReconciles` integer	MaximumParallelReconciles limits the number of cluster reconciliations that are active at any given time.
`pprofEndpoint` string	PProfEndpoint controls the port the seed-controller-manager should listen on to provide pprof data. This port is never exposed from the container and only available via port-forwardings.
`resources` ResourceRequirements	Resources describes the requested and maximum allowed CPU/memory usage.
`debugLog` boolean	DebugLog enables more verbose logging.
`replicas` integer	Replicas sets the number of pod replicas for the seed-controller-manager.

KubermaticSetting

KubermaticSetting is the type representing a KubermaticSetting. These settings affect the KKP dashboard and are not relevant when using the Kube API on the master/seed clusters directly.

Appears in:

KubermaticSettingList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`KubermaticSetting`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` SettingSpec

KubermaticSettingList

KubermaticSettingList is a list of settings.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`KubermaticSettingList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` KubermaticSetting array

KubermaticUIConfiguration

KubermaticUIConfiguration configures the dashboard.

Appears in:

KubermaticConfigurationSpec

Field	Description
`dockerRepository` string	DockerRepository is the repository containing the Kubermatic dashboard image.
`dockerTag` string	DockerTag is used to overwrite the dashboard Docker image tag and is only for development purposes. This field must not be set in production environments. —
`config` string	Config sets flags for various dashboard features.
`resources` ResourceRequirements	Resources describes the requested and maximum allowed CPU/memory usage.
`replicas` integer	Replicas sets the number of pod replicas for the UI deployment.
`extraVolumeMounts` VolumeMount array	ExtraVolumeMounts allows to mount additional volumes into the UI container.
`extraVolumes` Volume array	ExtraVolumes allows to mount additional volumes into the UI container.

KubermaticUserClusterConfiguration

KubermaticUserClusterConfiguration controls various aspects of the user-created clusters.

Appears in:

KubermaticConfigurationSpec

Field	Description
`kubermaticDockerRepository` string	KubermaticDockerRepository is the repository containing the Kubermatic user-cluster-controller-manager image.
`dnatControllerDockerRepository` string	DNATControllerDockerRepository is the repository containing the dnat-controller image.
`etcdLauncherDockerRepository` string	EtcdLauncherDockerRepository is the repository containing the Kubermatic etcd-launcher image.
`overwriteRegistry` string	OverwriteRegistry specifies a custom Docker registry which will be used for all images used for user clusters (user cluster control plane + addons). This also applies to the KubermaticDockerRepository and DNATControllerDockerRepository fields.
`addons` KubermaticAddonsConfiguration	Addons controls the optional additions installed into each user cluster.
`systemApplications` SystemApplicationsConfiguration	SystemApplications contains configuration for system Applications (such as CNI).
`nodePortRange` string	NodePortRange is the port range for user clusters - this must match the NodePort range of the seed cluster.
`monitoring` KubermaticUserClusterMonitoringConfiguration	Monitoring can be used to fine-tune to in-cluster Prometheus.
`disableApiserverEndpointReconciling` boolean	DisableAPIServerEndpointReconciling can be used to toggle the `--endpoint-reconciler-type` flag for the Kubernetes API server.
`etcdVolumeSize` string	EtcdVolumeSize configures the volume size to use for each etcd pod inside user clusters.
`apiserverReplicas` integer	APIServerReplicas configures the replica count for the API-Server deployment inside user clusters.
`machineController` MachineControllerConfiguration	MachineController configures the Machine Controller
`operatingSystemManager` OperatingSystemManager	OperatingSystemManager configures the image repo and the tag version for osm deployment.

KubermaticUserClusterMonitoringConfiguration

KubermaticUserClusterMonitoringConfiguration can be used to fine-tune to in-cluster Prometheus.

Appears in:

KubermaticUserClusterConfiguration

Field	Description
`disableDefaultRules` boolean	DisableDefaultRules disables the recording and alerting rules.
`disableDefaultScrapingConfigs` boolean	DisableDefaultScrapingConfigs disables the default scraping targets.
`customRules` string	CustomRules can be used to inject custom recording and alerting rules. This field must be a YAML-formatted string with a `group` element at its root, as documented on https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/. This value is treated as a Go template, which allows to inject dynamic values like the internal cluster address or the cluster ID. Refer to pkg/resources/prometheus and the documentation for more information on the available fields.
`customScrapingConfigs` string	CustomScrapingConfigs can be used to inject custom scraping rules. This must be a YAML-formatted string containing an array of scrape configurations as documented on https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config. This value is treated as a Go template, which allows to inject dynamic values like the internal cluster address or the cluster ID. Refer to pkg/resources/prometheus and the documentation for more information on the available fields.
`scrapeAnnotationPrefix` string	ScrapeAnnotationPrefix (if set) is used to make the in-cluster Prometheus scrape pods inside the user clusters.

KubermaticVPAComponent

Appears in:

KubermaticVPAConfiguration

Field	Description
`dockerRepository` string	DockerRepository is the repository containing the component’s image.
`resources` ResourceRequirements	Resources describes the requested and maximum allowed CPU/memory usage.

KubermaticVPAConfiguration

KubermaticVPAConfiguration configures the Kubernetes VPA.

Appears in:

KubermaticConfigurationSpec

Field	Description
`recommender` KubermaticVPAComponent
`updater` KubermaticVPAComponent
`admissionController` KubermaticVPAComponent

KubermaticVersioningConfiguration

KubermaticVersioningConfiguration configures the available and default Kubernetes versions.

Appears in:

KubermaticConfigurationSpec

Field	Description
`versions` Semver array	Versions lists the available versions.
`default` Semver	Default is the default version to offer users.
`updates` Update array	Updates is a list of available and automatic upgrades. All ’to’ versions must be configured in the version list for this orchestrator. Each update may optionally be configured to be ‘automatic: true’, in which case the controlplane of all clusters whose version matches the ‘from’ directive will get updated to the ’to’ version. If automatic is enabled, the ’to’ version must be a version and not a version range. Also, updates may set ‘automaticNodeUpdate: true’, in which case Nodes will get updates as well. ‘automaticNodeUpdate: true’ implies ‘automatic: true’ as well, because Nodes may not have a newer version than the controlplane.
`providerIncompatibilities` Incompatibility array	ProviderIncompatibilities lists all the Kubernetes version incompatibilities
`externalClusters` object (keys:ExternalClusterProviderType, values:ExternalClusterProviderVersioningConfiguration)	ExternalClusters contains the available and default Kubernetes versions and updates for ExternalClusters.

KubermaticWebhookConfiguration

KubermaticWebhookConfiguration configures the Kubermatic webhook.

Appears in:

KubermaticConfigurationSpec

Field	Description
`dockerRepository` string	DockerRepository is the repository containing the Kubermatic webhook image.
`pprofEndpoint` string	PProfEndpoint controls the port the webhook should listen on to provide pprof data. This port is never exposed from the container and only available via port-forwardings.
`resources` ResourceRequirements	Resources describes the requested and maximum allowed CPU/memory usage.
`debugLog` boolean	DebugLog enables more verbose logging.
`replicas` integer	Replicas sets the number of pod replicas for the webhook.

KubernetesDashboard

KubernetesDashboard contains settings for the kubernetes-dashboard component as part of the cluster control plane.

Appears in:

ClusterSpec

Field	Description
`enabled` boolean	Controls whether kubernetes-dashboard is deployed to the user cluster or not. Enabled by default.

Kubevirt

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`kubeconfig` string

KubevirtCloudSpec

KubevirtCloudSpec specifies the access data to Kubevirt.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`kubeconfig` string	The cluster’s kubeconfig file, encoded with base64.
`csiKubeconfig` string
`preAllocatedDataVolumes` PreAllocatedDataVolume array	Custom Images are a good example of this use case.
`infraStorageClasses` string array	Deprecated: in favor of StorageClasses. InfraStorageClasses is a list of storage classes from KubeVirt infra cluster that are used for initialization of user cluster storage classes by the CSI driver kubevirt (hot pluggable disks)
`storageClasses` KubeVirtInfraStorageClass array	StorageClasses is a list of storage classes from KubeVirt infra cluster that are used for initialization of user cluster storage classes by the CSI driver kubevirt (hot pluggable disks. It contains also some flag specifying which one is the default one.
`imageCloningEnabled` boolean	ImageCloningEnabled flag enable/disable cloning for a cluster.

LeaderElectionSettings

Appears in:

ControllerSettings

Field	Description
`leaseDurationSeconds` integer	LeaseDurationSeconds is the duration in seconds that non-leader candidates will wait to force acquire leadership. This is measured against time of last observed ack.
`renewDeadlineSeconds` integer	RenewDeadlineSeconds is the duration in seconds that the acting controlplane will retry refreshing leadership before giving up.
`retryPeriodSeconds` integer	RetryPeriodSeconds is the duration in seconds the LeaderElector clients should wait between tries of actions.

LoggingRateLimitSettings

LoggingRateLimitSettings contains rate-limiting configuration for logging in the user cluster.

Appears in:

MLAAdminSettingSpec

Field	Description
`ingestionRate` integer	IngestionRate represents ingestion rate limit in requests per second (nginx `rate` in `r/s`).
`ingestionBurstSize` integer	IngestionBurstSize represents ingestion burst size in number of requests (nginx `burst`).
`queryRate` integer	QueryRate represents query request rate limit per second (nginx `rate` in `r/s`).
`queryBurstSize` integer	QueryBurstSize represents query burst size in number of requests (nginx `burst`).

MLAAdminSetting

MLAAdminSetting is the object representing cluster-specific administrator settings for KKP user cluster MLA (monitoring, logging & alerting) stack.

Appears in:

MLAAdminSettingList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`MLAAdminSetting`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` MLAAdminSettingSpec

MLAAdminSettingList

MLAAdminSettingList specifies a list of administrtor settings for KKP user cluster MLA (monitoring, logging & alerting) stack.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`MLAAdminSettingList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` MLAAdminSetting array

MLAAdminSettingSpec

MLAAdminSettingSpec specifies the cluster-specific administrator settings for KKP user cluster MLA (monitoring, logging & alerting) stack.

Appears in:

MLAAdminSetting

Field	Description
`clusterName` string	ClusterName is the name of the user cluster whose MLA settings are defined in this object.
`monitoringRateLimits` MonitoringRateLimitSettings	MonitoringRateLimits contains rate-limiting configuration for monitoring in the user cluster.
`loggingRateLimits` LoggingRateLimitSettings	LoggingRateLimits contains rate-limiting configuration logging in the user cluster.

MLASettings

Appears in:

ClusterSpec

Field	Description
`monitoringEnabled` boolean	MonitoringEnabled is the flag for enabling monitoring in user cluster.
`loggingEnabled` boolean	LoggingEnabled is the flag for enabling logging in user cluster.
`monitoringResources` ResourceRequirements	MonitoringResources is the resource requirements for user cluster prometheus.
`loggingResources` ResourceRequirements	LoggingResources is the resource requirements for user cluster promtail.
`monitoringReplicas` integer	MonitoringReplicas is the number of desired pods of user cluster prometheus deployment.

MachineControllerConfiguration

MachineControllerConfiguration configures Machine Controller.

Appears in:

KubermaticUserClusterConfiguration

Field	Description
`imageRepository` string	ImageRepository is used to override the Machine Controller image repository. It is only for development, tests and PoC purposes. This field must not be set in production environments.
`imageTag` string	ImageTag is used to override the Machine Controller image. It is only for development, tests and PoC purposes. This field must not be set in production environments.

MachineFlavorFilter

Appears in:

DatacenterSpec
SettingSpec

Field	Description
`minCPU` integer	Minimum number of vCPU
`maxCPU` integer	Maximum number of vCPU
`minRAM` integer	Minimum RAM size in GB
`maxRAM` integer	Maximum RAM size in GB
`enableGPU` boolean	Include VMs with GPU

MachineNetworkingConfig

MachineNetworkingConfig specifies the networking parameters used for IPAM.

Appears in:

ClusterSpec

Field	Description
`cidr` string
`gateway` string
`dnsServers` string array

Match

Match contains the constraint to resource matching data.

Appears in:

ConstraintSpec

Field	Description
`kinds` Kind array	Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the constraint will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope
`scope` string	Scope accepts , Cluster, or Namespaced which determines if cluster-scoped and/or namesapced-scoped resources are selected. (defaults to )
`namespaces` string array	Namespaces is a list of namespace names. If defined, a constraint will only apply to resources in a listed namespace.
`excludedNamespaces` string array	ExcludedNamespaces is a list of namespace names. If defined, a constraint will only apply to resources not in a listed namespace.
`labelSelector` LabelSelector	LabelSelector is a standard Kubernetes label selector.
`namespaceSelector` LabelSelector	NamespaceSelector is a standard Kubernetes namespace selector. If defined, make sure to add Namespaces to your configs.config.gatekeeper.sh object to ensure namespaces are synced into OPA

MeteringConfiguration

MeteringConfiguration contains all the configuration for the metering tool.

Appears in:

SeedSpec

Field	Description
`enabled` boolean
`storageClassName` string	StorageClassName is the name of the storage class that the metering prometheus instance uses to store metric data for reporting.
`storageSize` string	StorageSize is the size of the storage class. Default value is 100Gi.
`reports` object (keys:string, values:MeteringReportConfiguration)	ReportConfigurations is a map of report configuration definitions.

MeteringReportConfiguration

Appears in:

MeteringConfiguration

Field	Description
`schedule` string	Schedule in Cron format, see https://en.wikipedia.org/wiki/Cron. Please take a note that Schedule is responsible only for setting the time when a report generation mechanism kicks off. The Interval MUST be set independently.
`interval` integer	Interval defines the number of days consulted in the metering report.
`retention` integer	Retention defines a number of days after which reports are queued for removal. If not set, reports are kept forever. Please note that this functionality works only for object storage that supports an object lifecycle management mechanism.
`type` string array	Types of reports to generate. Available report types are cluster and namespace. By default, all types of reports are generated.

MlaOptions

Appears in:

SettingSpec

Field	Description
`loggingEnabled` boolean
`loggingEnforced` boolean
`monitoringEnabled` boolean
`monitoringEnforced` boolean

MonitoringRateLimitSettings

MonitoringRateLimitSettings contains rate-limiting configuration for monitoring in the user cluster.

Appears in:

MLAAdminSettingSpec

Field	Description
`ingestionRate` integer	IngestionRate represents the ingestion rate limit in samples per second (Cortex `ingestion_rate`).
`ingestionBurstSize` integer	IngestionBurstSize represents ingestion burst size in samples per second (Cortex `ingestion_burst_size`).
`maxSeriesPerMetric` integer	MaxSeriesPerMetric represents maximum number of series per metric (Cortex `max_series_per_metric`).
`maxSeriesTotal` integer	MaxSeriesTotal represents maximum number of series per this user cluster (Cortex `max_series_per_user`).
`queryRate` integer	QueryRate represents query request rate limit per second (nginx `rate` in `r/s`).
`queryBurstSize` integer	QueryBurstSize represents query burst size in number of requests (nginx `burst`).
`maxSamplesPerQuery` integer	MaxSamplesPerQuery represents maximum number of samples during a query (Cortex `max_samples_per_query`).
`maxSeriesPerQuery` integer	MaxSeriesPerQuery represents maximum number of timeseries during a query (Cortex `max_series_per_query`).

NetworkRanges

NetworkRanges represents ranges of network addresses.

Appears in:

AWSCloudSpec
AzureCloudSpec
ClusterNetworkingConfig
ClusterSpec
GCPCloudSpec
OpenstackCloudSpec

Field	Description
`cidrBlocks` string array

NodePortProxyComponentEnvoy

Appears in:

NodeportProxyConfig

Field	Description
`dockerRepository` string	DockerRepository is the repository containing the component’s image.
`resources` ResourceRequirements	Resources describes the requested and maximum allowed CPU/memory usage.
`loadBalancerService` EnvoyLoadBalancerService

NodeSettings

NodeSettings are node specific flags which can be configured on datacenter level.

Appears in:

Datacenter

Field	Description
`httpProxy` ProxyValue	Optional: If set, this proxy will be configured for both HTTP and HTTPS.
`noProxy` ProxyValue	Optional: If set this will be set as NO_PROXY environment variable on the node; The value must be a comma-separated list of domains for which no proxy should be used, e.g. “*.example.com,internal.dev”. Note that the in-cluster apiserver URL will be automatically prepended to this value.
`insecureRegistries` string array	Optional: These image registries will be configured as insecure on the container runtime.
`registryMirrors` string array	Optional: These image registries will be configured as registry mirrors on the container runtime.
`pauseImage` string	Optional: Translates to –pod-infra-container-image on the kubelet. If not set, the kubelet will default it.
`containerdRegistryMirrors` ContainerRuntimeContainerd	Optional: ContainerdRegistryMirrors configure registry mirrors endpoints. Can be used multiple times to specify multiple mirrors.

NodeportProxyComponent

Appears in:

ComponentSettings
NodePortProxyComponentEnvoy
NodeportProxyConfig

Field	Description
`dockerRepository` string	DockerRepository is the repository containing the component’s image.
`resources` ResourceRequirements	Resources describes the requested and maximum allowed CPU/memory usage.

NodeportProxyConfig

Appears in:

SeedSpec

Field	Description
`disable` boolean	Disable will prevent the Kubermatic Operator from creating a nodeport-proxy setup on the seed cluster. This should only be used if a suitable replacement is installed (like the nodeport-proxy Helm chart).
`annotations` object (keys:string, values:string)	Annotations are used to further tweak the LoadBalancer integration with the cloud provider where the seed cluster is running. Deprecated: Use .envoy.loadBalancerService.annotations instead.
`envoy` NodePortProxyComponentEnvoy	Envoy configures the Envoy application itself.
`envoyManager` NodeportProxyComponent	EnvoyManager configures the Kubermatic-internal Envoy manager.
`updater` NodeportProxyComponent	Updater configures the component responsible for updating the LoadBalancer service.

NotificationsOptions

Appears in:

SettingSpec

Field	Description
`hideErrors` boolean	HideErrors will silence error notifications for the dashboard.
`hideErrorEvents` boolean	HideErrorEvents will silence error events for the dashboard.

Nutanix

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`proxyURL` string	ProxyURL is used to optionally configure a HTTP proxy to access Nutanix Prism Central.
`username` string	Username is the username to access the Nutanix Prism Central API.
`password` string	Password is the password corresponding to the provided user.
`clusterName` string	ClusterName is the Nutanix cluster to deploy resources and nodes to.
`projectName` string	ProjectName is the optional Nutanix project to use. If none is given, no project will be used.
`csiUsername` string	Prism Element Username for csi driver
`csiPassword` string	Prism Element Password for csi driver
`csiEndpoint` string	CSIEndpoint to access Nutanix Prism Element for csi driver
`csiPort` integer	CSIPort to use when connecting to the Nutanix Prism Element endpoint (defaults to 9440)

NutanixCSIConfig

NutanixCSIConfig contains credentials and the endpoint for the Nutanix Prism Element to which the CSI driver connects.

Appears in:

NutanixCloudSpec

Field	Description
`username` string	Prism Element Username for csi driver
`password` string	Prism Element Password for csi driver
`endpoint` string	Prism Element Endpoint to access Nutanix Prism Element for csi driver
`port` integer	Optional: Port to use when connecting to the Nutanix Prism Element endpoint (defaults to 9440)
`storageContainer` string	Optional: defaults to “SelfServiceContainer”
`fstype` string	Optional: defaults to “xfs”
`ssSegmentedIscsiNetwork` boolean	Optional: defaults to “false”

NutanixCloudSpec

NutanixCloudSpec specifies the access data to Nutanix.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`clusterName` string	ClusterName is the Nutanix cluster that this user cluster will be deployed to.
`projectName` string	ProjectName is the project that this cluster is deployed into. If none is given, no project will be used.
`proxyURL` string
`username` string
`password` string
`csi` NutanixCSIConfig	NutanixCSIConfig for csi driver that connects to a prism element

OIDCProviderConfiguration

OIDCProviderConfiguration allows to configure OIDC provider at the Seed level. If set, it overwrites the OIDC configuration from the KubermaticConfiguration. OIDC is later used to configure: - access to User Cluster API-Servers (via user kubeconfigs) - https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens, - access to User Cluster’s Kubernetes Dashboards.

Appears in:

SeedSpec

Field	Description
`issuerURL` string	URL of the provider which allows the API server to discover public signing keys.
`issuerClientID` string	IssuerClientID is the application’s ID.
`issuerClientSecret` string	IssuerClientSecret is the application’s secret.
`cookieHashKey` string	Optional: CookieHashKey is required, used to authenticate the cookie value using HMAC. It is recommended to use a key with 32 or 64 bytes. If not set, configuration is inherited from the default OIDC provider.
`cookieSecureMode` boolean	Optional: CookieSecureMode if true then cookie received only with HTTPS otherwise with HTTP. If not set, configuration is inherited from the default OIDC provider.
`offlineAccessAsScope` boolean	Optional: OfflineAccessAsScope if true then “offline_access” scope will be used otherwise ‘access_type=offline" query param will be passed. If not set, configuration is inherited from the default OIDC provider.
`skipTLSVerify` boolean	Optional: SkipTLSVerify skip TLS verification for the token issuer. If not set, configuration is inherited from the default OIDC provider.

OIDCSettings

Appears in:

ClusterSpec

Field	Description
`issuerURL` string
`clientID` string
`clientSecret` string
`usernameClaim` string
`groupsClaim` string
`requiredClaim` string
`extraScopes` string

OPAIntegrationSettings

OPAIntegrationSettings configures the usage of OPA (Open Policy Agent) Gatekeeper inside the user cluster.

Appears in:

ClusterSpec

Field	Description
`enabled` boolean	Enables OPA Gatekeeper integration.
`webhookTimeoutSeconds` integer	The timeout in seconds that is set for the Gatekeeper validating webhook admission review calls. Defaults to `10` (seconds).
`experimentalEnableMutation` boolean	Optional: Enables experimental mutation in Gatekeeper.
`controllerResources` ResourceRequirements	Optional: ControllerResources is the resource requirements for user cluster gatekeeper controller.
`auditResources` ResourceRequirements	Optional: AuditResources is the resource requirements for user cluster gatekeeper audit.

OSVersions

OSVersions defines a map of OS version and the source to download the image.

Appears in:

AuditSidecarConfiguration

OpaOptions

Appears in:

SettingSpec

Field	Description
`enabled` boolean
`enforced` boolean

OpenStack

Appears in:

ProviderConfiguration

Field	Description
`enforceCustomDisk` boolean	EnforceCustomDisk will enforce the custom disk option for machines for the dashboard.

Openstack

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`useToken` boolean
`applicationCredentialID` string
`applicationCredentialSecret` string
`username` string
`password` string
`project` string
`projectID` string
`domain` string
`network` string
`securityGroups` string
`floatingIPPool` string
`routerID` string
`subnetID` string

OpenstackCloudSpec

OpenstackCloudSpec specifies access data to an OpenStack cloud.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`username` string
`password` string
`project` string	project, formally known as tenant.
`projectID` string	project id, formally known as tenantID.
`domain` string
`applicationCredentialID` string
`applicationCredentialSecret` string
`useToken` boolean
`token` string	Used internally during cluster creation
`network` string	Network holds the name of the internal network When specified, all worker nodes will be attached to this network. If not specified, a network, subnet & router will be created
Note that the network is internal if the “External” field is set to false
`securityGroups` string
`nodePortsAllowedIPRange` string	A CIDR range that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.
`nodePortsAllowedIPRanges` NetworkRanges	Optional: CIDR ranges that will be used to allow access to the node port range in the security group to. Only applies if the security group is generated by KKP and not preexisting. If NodePortsAllowedIPRange nor NodePortsAllowedIPRanges is set, the node port range can be accessed from anywhere.
`floatingIPPool` string	FloatingIPPool holds the name of the public network The public network is reachable from the outside world and should provide the pool of IP addresses to choose from.
When specified, all worker nodes will receive a public ip from this floating ip pool
Note that the network is external if the “External” field is set to true
`routerID` string
`subnetID` string
`ipv6SubnetID` string	IPv6SubnetID holds the ID of the subnet used for IPv6 networking. If not provided, a new subnet will be created if IPv6 is enabled.
`ipv6SubnetPool` string	IPv6SubnetPool holds the name of the subnet pool used for creating new IPv6 subnets. If not provided, the default IPv6 subnet pool will be used.
`useOctavia` boolean	Whether or not to use Octavia for LoadBalancer type of Service implementation instead of using Neutron-LBaaS. Attention:Openstack CCM use Octavia as default load balancer implementation since v1.17.0
Takes precedence over the ‘use_octavia’ flag provided at datacenter level if both are specified.
`enableIngressHostname` boolean	Enable the `enable-ingress-hostname` cloud provider option on the Openstack CCM. Can only be used with the external CCM and might be deprecated and removed in future versions as it is considered a workaround for the PROXY protocol to preserve client IPs.
`ingressHostnameSuffix` string	Set a specific suffix for the hostnames used for the PROXY protocol workaround that is enabled by EnableIngressHostname. The suffix is set to `nip.io` by default. Can only be used with the external CCM and might be deprecated and removed in future versions as it is considered a workaround only.

OpenstackNodeSizeRequirements

Appears in:

DatacenterSpecOpenstack

Field	Description
`minimumVCPUs` integer	VCPUs is the minimum required amount of (virtual) CPUs
`minimumMemory` integer	MinimumMemory is the minimum required amount of memory, measured in MB

OperatingSystemManager

OperatingSystemManager configures the image repo and the tag version for osm deployment.

Appears in:

KubermaticUserClusterConfiguration

Field	Description
`imageRepository` string	ImageRepository is used to override the OperatingSystemManager image repository. It is recommended to use this field only for development, tests and PoC purposes. For production environments. it is not recommended, to use this field due to compatibility with the overall KKP stack.
`imageTag` string	ImageTag is used to override the OperatingSystemManager image. It is recommended to use this field only for development, tests and PoC purposes. For production environments. it is not recommended, to use this field due to compatibility with the overall KKP stack.

Packet

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`apiKey` string
`projectID` string
`billingCycle` string

PacketCloudSpec

PacketCloudSpec specifies access data to a Packet cloud.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`apiKey` string
`projectID` string
`billingCycle` string

PreAllocatedDataVolume

Appears in:

KubevirtCloudSpec

Field	Description
`name` string
`annotations` object (keys:string, values:string)
`url` string
`size` string
`storageClass` string

Preset

Presets are preconfigured cloud provider credentials that can be applied to new clusters. This frees end users from having to know the actual credentials used for their clusters.

Appears in:

PresetList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`Preset`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` PresetSpec

PresetList

PresetList is the type representing a PresetList.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`PresetList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` Preset array	List of presets

PresetSpec

Presets specifies default presets for supported providers.

Appears in:

Preset

Field	Description
`digitalocean` Digitalocean
`hetzner` Hetzner
`azure` Azure
`vsphere` VSphere
`aws` AWS
`openstack` Openstack
`packet` Packet
`gcp` GCP
`kubevirt` Kubevirt
`alibaba` Alibaba
`anexia` Anexia
`nutanix` Nutanix
`vmwareclouddirector` VMwareCloudDirector
`gke` GKE
`eks` EKS
`aks` AKS
`requiredEmails` string array	RequiredEmails is a list of e-mail addresses that this presets should be restricted to. Each item in the list can be either a full e-mail address or just a domain name. This restriction is only enforced in the KKP API.
`projects` string array	Projects is a list of project IDs that this preset is limited to.
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.

Project

Project is the type describing a project. A project is a collection of SSH keys, clusters and members. Members are assigned by creating UserProjectBinding objects.

Appears in:

ProjectList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`Project`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` ProjectSpec
`status` ProjectStatus

ProjectList

ProjectList is a collection of projects.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ProjectList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` Project array

ProjectSpec

ProjectSpec is a specification of a project.

Appears in:

Project

Field	Description
`name` string	Name is the human-readable name given to the project.

ProjectStatus

ProjectStatus represents the current status of a project.

Appears in:

Project

Field	Description
`phase` ProjectPhase	Phase describes the project phase. New projects are in the `Inactive` phase; after being reconciled they move to `Active` and during deletion they are `Terminating`.

ProviderConfiguration

Appears in:

SettingSpec

Field	Description
`openStack` OpenStack	OpenStack are the configurations for openstack provider.

ProviderPreset

Appears in:

AKS
AWS
Alibaba
Anexia
Azure
Digitalocean
EKS
Fake
GCP
GKE
Hetzner
Kubevirt
Nutanix
Openstack
Packet
VMwareCloudDirector
VSphere

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.

ProxySettings

ProxySettings allow configuring a HTTP proxy for the controlplanes and nodes.

Appears in:

NodeSettings
SeedSpec

Field	Description
`httpProxy` ProxyValue	Optional: If set, this proxy will be configured for both HTTP and HTTPS.
`noProxy` ProxyValue	Optional: If set this will be set as NO_PROXY environment variable on the node; The value must be a comma-separated list of domains for which no proxy should be used, e.g. “*.example.com,internal.dev”. Note that the in-cluster apiserver URL will be automatically prepended to this value.

ProxyValue

Underlying type: string

Appears in:

NodeSettings
ProxySettings

ResourceDetails

ResourceDetails holds the CPU, Memory and Storage quantities.

Appears in:

ClusterStatus
DefaultProjectResourceQuota
ResourceQuotaSpec
ResourceQuotaStatus

Field	Description
`cpu` Quantity	CPU holds the quantity of CPU. For the format, please check k8s.io/apimachinery/pkg/api/resource.Quantity.
`memory` Quantity	Memory represents the quantity of RAM size. For the format, please check k8s.io/apimachinery/pkg/api/resource.Quantity.
`storage` Quantity	Storage represents the disk size. For the format, please check k8s.io/apimachinery/pkg/api/resource.Quantity.

ResourceQuota

ResourceQuota specifies the amount of cluster resources a project can use.

Appears in:

ResourceQuotaList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ResourceQuota`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` ResourceQuotaSpec
`status` ResourceQuotaStatus

ResourceQuotaList

ResourceQuotaList is a collection of resource quotas.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`ResourceQuotaList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` ResourceQuota array

ResourceQuotaSpec

ResourceQuotaSpec describes the desired state of a resource quota.

Appears in:

ResourceQuota

Field	Description
`subject` Subject	Subject specifies to which entity the quota applies to.
`quota` ResourceDetails	Quota specifies the current maximum allowed usage of resources.

ResourceQuotaStatus

ResourceQuotaStatus describes the current state of a resource quota.

Appears in:

ResourceQuota

Field	Description
`globalUsage` ResourceDetails	GlobalUsage is holds the current usage of resources for all seeds.
`localUsage` ResourceDetails	LocalUsage is holds the current usage of resources for the local seed.

RuleGroup

Appears in:

RuleGroupList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`RuleGroup`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` RuleGroupSpec

RuleGroupList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`RuleGroupList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` RuleGroup array

RuleGroupSpec

Appears in:

RuleGroup

Field	Description
`isDefault` boolean	IsDefault indicates whether the ruleGroup is default
`ruleGroupType` RuleGroupType	RuleGroupType is the type of this ruleGroup applies to. It can be `Metrics` or `Logs`.
`cluster` ObjectReference	Cluster is the reference to the cluster the ruleGroup should be created in. All fields except for the name are ignored.
`data` integer array	Data contains the RuleGroup data. Ref: https://prometheus.io/docs/prometheus/latest/configuration/recording_rules/#rule_group

RuleGroupType

Underlying type: string

Appears in:

RuleGroupSpec

SSHKeySpec

Appears in:

UserSSHKey

Field	Description
`name` string	Name is the human readable name for this SSH key.
`owner` string	Owner is the name of the User object that owns this SSH key. Deprecated: This field is not used anymore.
`project` string	Project is the name of the Project object that this SSH key belongs to. This field is immutable.
`clusters` string array	Clusters is the list of cluster names that this SSH key is assigned to.
`fingerprint` string	Fingerprint is calculated server-side based on the supplied public key and doesn’t need to be set by clients.
`publicKey` string	PublicKey is the SSH public key.

SecretboxEncryptionConfiguration

SecretboxEncryptionConfiguration defines static key encryption based on the ‘secretbox’ solution for Kubernetes.

Appears in:

EncryptionConfiguration

Field	Description
`keys` SecretboxKey array	List of ‘secretbox’ encryption keys. The first element of this list is considered the “primary” key which will be used for encrypting data while writing it. Additional keys will be used for decrypting data while reading it, if keys higher in the list did not succeed in decrypting it.

SecretboxKey

SecretboxKey stores a key or key reference for encrypting Kubernetes API data at rest with a static key.

Appears in:

SecretboxEncryptionConfiguration

Field	Description
`name` string	Identifier of a key, used in various places to refer to the key.
`value` string	Value contains a 32-byte random key that is base64 encoded. This is the key used for encryption. Can be generated via `head -c 32 /dev/urandom
`secretRef` SecretKeySelector	Instead of passing the sensitive encryption key via the `value` field, a secret can be referenced. The key of the secret referenced here needs to hold a key equivalent to the `value` field.

Seed

Seed is the type representing a Seed cluster. Seed clusters host the the control planes for KKP user clusters.

Appears in:

SeedList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`Seed`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` SeedSpec
`status` SeedStatus

SeedCondition

Appears in:

SeedStatus

Field	Description
`status` ConditionStatus	Status of the condition, one of True, False, Unknown.
`lastHeartbeatTime` Time	Last time we got an update on a given condition.
`lastTransitionTime` Time	Last time the condition transit from one status to another.
`reason` string	(brief) reason for the condition’s last transition.
`message` string	Human readable message indicating details about last transition.

SeedList

SeedDatacenterList is the type representing a SeedDatacenterList.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`SeedList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` Seed array	List of seeds

SeedMLASettings

SeedMLASettings allow configuring seed level MLA (Monitoring, Logging & Alerting) stack settings.

Appears in:

SeedSpec

Field	Description
`userClusterMLAEnabled` boolean	Optional: UserClusterMLAEnabled controls whether the user cluster MLA (Monitoring, Logging & Alerting) stack is enabled in the seed.

SeedSpec

The spec for a seed cluster.

Appears in:

Seed

Field	Description
`country` string	Optional: Country of the seed as ISO-3166 two-letter code, e.g. DE or UK. For informational purposes in the Kubermatic dashboard only.
`location` string	Optional: Detailed location of the cluster, like “Hamburg” or “Datacenter 7”. For informational purposes in the Kubermatic dashboard only.
`kubeconfig` ObjectReference	A reference to the Kubeconfig of this cluster. The Kubeconfig must have cluster-admin privileges. This field is mandatory for every seed, even if there are no datacenters defined yet.
`datacenters` object (keys:string, values:Datacenter)	Datacenters contains a map of the possible datacenters (DCs) in this seed. Each DC must have a globally unique identifier (i.e. names must be unique across all seeds).
`seedDNSOverwrite` string	Optional: This can be used to override the DNS name used for this seed. By default the seed name is used.
`nodeportProxy` NodeportProxyConfig	NodeportProxy can be used to configure the NodePort proxy service that is responsible for making user-cluster control planes accessible from the outside.
`proxySettings` ProxySettings	Optional: ProxySettings can be used to configure HTTP proxy settings on the worker nodes in user clusters. However, proxy settings on nodes take precedence.
`exposeStrategy` ExposeStrategy	Optional: ExposeStrategy explicitly sets the expose strategy for this seed cluster, if not set, the default provided by the master is used.
`mla` SeedMLASettings	Optional: MLA allows configuring seed level MLA (Monitoring, Logging & Alerting) stack settings.
`defaultComponentSettings` ComponentSettings	DefaultComponentSettings are default values to set for newly created clusters. Deprecated: Use DefaultClusterTemplate instead.
`defaultClusterTemplate` string	DefaultClusterTemplate is the name of a cluster template of scope “seed” that is used to default all new created clusters
`metering` MeteringConfiguration	Metering configures the metering tool on user clusters across the seed.
`etcdBackupRestore` EtcdBackupRestore	EtcdBackupRestore holds the configuration of the automatic etcd backup restores for the Seed; if this is set, the new backup/restore controllers are enabled for this Seed.
`oidcProviderConfiguration` OIDCProviderConfiguration	OIDCProviderConfiguration allows to configure OIDC provider at the Seed level.

SeedStatus

SeedStatus contains runtime information regarding the seed.

Appears in:

Seed

Field	Description
`phase` SeedPhase	Phase contains a human readable text to indicate the seed cluster status. No logic should be tied to this field, as its content can change in between KKP releases.
`clusters` integer	Clusters is the total number of user clusters that exist on this seed.
`versions` SeedVersionsStatus	Versions contains information regarding versions of components in the cluster and the cluster itself.
`conditions` object (keys:SeedConditionType, values:SeedCondition)	Conditions contains conditions the seed is in, its primary use case is status signaling between controllers or between controllers and the API.

SeedVersionsStatus

SeedVersionsStatus contains information regarding versions of components in the cluster and the cluster itself.

Appears in:

SeedStatus

Field	Description
`kubermatic` string	Kubermatic is the version of the currently deployed KKP components. Note that a permanent version skew between master and seed is not supported and KKP setups should never run for longer times with a skew between the clusters.
`cluster` string	Cluster is the Kubernetes version of the cluster’s control plane.

ServiceAccountSettings

Appears in:

ClusterSpec

Field	Description
`tokenVolumeProjectionEnabled` boolean
`issuer` string	Issuer is the identifier of the service account token issuer If this is not specified, it will be set to the URL of apiserver by default
`apiAudiences` string array	APIAudiences are the Identifiers of the API If this is not specified, it will be set to a single element list containing the issuer URL

SettingSpec

Appears in:

KubermaticSetting

Field	Description
`customLinks` CustomLink array	CustomLinks are additional links that can be shown the dashboard’s footer.
`defaultNodeCount` integer	DefaultNodeCount is the default number of replicas for the initial MachineDeployment.
`displayDemoInfo` boolean	DisplayDemoInfo controls whether a “Demo System” hint is shown in the footer.
`displayAPIDocs` boolean	DisplayDemoInfo controls whether a a link to the KKP API documentation is shown in the footer.
`displayTermsOfService` boolean	DisplayDemoInfo controls whether a a link to TOS is shown in the footer.
`enableDashboard` boolean	EnableDashboard enables the link to the Kubernetes dashboard for a user cluster.
`enableWebTerminal` boolean	EnableWebTerminal enables the Web Terminal feature for the user clusters.
`enableOIDCKubeconfig` boolean
`disableAdminKubeconfig` boolean	DisableAdminKubeconfig disables the admin kubeconfig functionality on the dashboard.
`userProjectsLimit` integer	UserProjectsLimit is the maximum number of projects a user can create.
`restrictProjectCreation` boolean
`enableExternalClusterImport` boolean
`cleanupOptions` CleanupOptions	CleanupOptions control what happens when a cluster is deleted via the dashboard.
`opaOptions` OpaOptions
`mlaOptions` MlaOptions
`mlaAlertmanagerPrefix` string
`mlaGrafanaPrefix` string
`notifications` NotificationsOptions	Notifications are the configuration for notifications on dashboard.
`providerConfiguration` ProviderConfiguration	ProviderConfiguration are the cloud provider specific configurations on dashboard.
`machineDeploymentVMResourceQuota` MachineFlavorFilter	MachineDeploymentVMResourceQuota is used to filter out allowed machine flavors based on the specified resource limits like CPU, Memory, and GPU etc.
`defaultQuota` DefaultProjectResourceQuota	DefaultProjectResourceQuota allows to configure a default project resource quota which will be set for all projects that do not have a custom quota already set. EE-version only.

StatefulSetSettings

Appears in:

ComponentSettings

Field	Description
`resources` ResourceRequirements

Subject

Subject describes the entity to which the quota applies to.

Appears in:

ResourceQuotaSpec

Field	Description
`name` string	Name of the quota subject.

SubnetCIDR

Underlying type: string

SubnetCIDR is used to store IPv4/IPv6 CIDR.

Appears in:

IPAMAllocationSpec
IPAMPoolDatacenterSettings

SystemApplicationsConfiguration

SystemApplicationsConfiguration contains configuration for system Applications (e.g. CNI).

Appears in:

KubermaticUserClusterConfiguration

Field	Description
`helmRepository` string	HelmRepository specifies OCI repository containing Helm charts of system Applications.
`helmRegistryConfigFile` SecretKeySelector	HelmRegistryConfigFile optionally holds the ref and key in the secret for the OCI registry credential file. The value is dockercfg file that follows the same format rules as ~/.docker/config.json The Secret must exist in the namespace where KKP is installed (default is “kubermatic”). The Secret must be annotated with `apps.kubermatic.k8c.io/secret-type:` set to “helm”.

Update

Update represents an update option for a user cluster.

Appears in:

KubermaticVersioningConfiguration

Field	Description
`from` string	From is the version from which an update is allowed. Wildcards are allowed, e.g. “1.18.*”.
`to` string	To is the version to which an update is allowed. Must be a valid version if `automatic` is set to true, e.g. “1.20.13”. Can be a wildcard otherwise, e.g. “1.20.*”.
`automatic` boolean	Automatic controls whether this update is executed automatically for the control plane of all matching user clusters. —
`automaticNodeUpdate` boolean	Automatic controls whether this update is executed automatically for the worker nodes of all matching user clusters. —

UpdateWindow

UpdateWindow allows defining windows for maintenance tasks related to OS updates. This is only applied to cluster nodes using Flatcar Linux. The reference time for this is the node system time and might differ from the user’s timezone, which needs to be considered when configuring a window.

Appears in:

ClusterSpec

Field	Description
`start` string	Sets the start time of the update window. This can be a time of day in 24h format, e.g. `22:30`, or a day of week plus a time of day, for example `Mon 21:00`. Only short names for week days are supported, i.e. `Mon`, `Tue`, `Wed`, `Thu`, `Fri`, `Sat` and `Sun`.
`length` string	Sets the length of the update window beginning with the start time. This needs to be a valid duration as parsed by Go’s time.ParseDuration (https://pkg.go.dev/time#ParseDuration), e.g. `2h`.

User

User specifies a KKP user. Users can be either humans or KKP service accounts.

Appears in:

UserList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`User`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` UserSpec
`status` UserStatus

UserList

UserList is a list of users.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`UserList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` User array

UserProjectBinding

UserProjectBinding specifies a binding between a user and a project This resource is used by the user management to manipulate members of the given project.

Appears in:

UserProjectBindingList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`UserProjectBinding`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` UserProjectBindingSpec

UserProjectBindingList

UserProjectBindingList is a list of users.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`UserProjectBindingList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` UserProjectBinding array

UserProjectBindingSpec

UserProjectBindingSpec specifies a user.

Appears in:

UserProjectBinding

Field	Description
`userEmail` string	UserEmail is the email of the user that is bound to the given project.
`projectID` string	ProjectID is the name of the target project.
`group` string	Group is the user’s group, determining their permissions within the project. Must be one of `owners`, `editors`, `viewers` or `projectmanagers`.

UserSSHKey

UserSSHKey specifies a users UserSSHKey.

Appears in:

UserSSHKeyList

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`UserSSHKey`
`metadata` ObjectMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`spec` SSHKeySpec

UserSSHKeyList

UserSSHKeyList specifies a users UserSSHKey.

Field	Description
`apiVersion` string	`kubermatic.k8c.io/v1`
`kind` string	`UserSSHKeyList`
`metadata` ListMeta	Refer to Kubernetes API documentation for fields of `metadata`.
`items` UserSSHKey array

UserSettings

UserSettings represent an user settings.

Appears in:

UserSpec

Field	Description
`selectedTheme` string
`itemsPerPage` integer
`selectedProjectID` string
`selectProjectTableView` boolean
`collapseSidenav` boolean
`displayAllProjectsForAdmin` boolean
`lastSeenChangelogVersion` string
`useClustersView` boolean

UserSpec

UserSpec specifies a user.

Appears in:

User

Field	Description
`id` string	ID is an unused legacy field. Deprecated: do not set this field anymore.
`name` string	Name is the full name of this user.
`email` string	Email is the email address of this user. Emails must be globally unique across all KKP users.
`admin` boolean	IsAdmin defines whether this user is an administrator with additional permissions. Admins can for example see all projects and clusters in the KKP dashboard.
`groups` string array	Groups holds the information to which groups the user belongs to. Set automatically when logging in to the KKP API, and used by the KKP API.
`project` string	Project is the name of the project that this service account user is tied to. This field is only applicable to service accounts and regular users must not set this field.
`settings` UserSettings	Settings contains both user-configurable and system-owned configuration for the KKP dashboard.
`invalidTokensReference` GlobalSecretKeySelector	InvalidTokensReference is a reference to a Secret that contains invalidated login tokens. The tokens are used to provide a safe logout mechanism.

UserStatus

UserStatus stores status information about a user.

Appears in:

User

Field	Description
`lastSeen` Time

VMwareCloudDirector

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`username` string
`password` string
`vdc` string
`organization` string
`ovdcNetwork` string

VMwareCloudDirectorCSIConfig

Appears in:

VMwareCloudDirectorCloudSpec

Field	Description
`storageProfile` string	The name of the storage profile to use for disks created by CSI driver
`filesystem` string	Filesystem to use for named disks, defaults to “ext4”

VMwareCloudDirectorCloudSpec

VMwareCloudDirectorCloudSpec specifies access data to VMware Cloud Director cloud.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`username` string	Username is the VMware Cloud Director user name.
`password` string	Password is the VMware Cloud Director user password.
`organization` string	Organization is the name of organization to use.
`vdc` string	VDC is the organizational virtual data center.
`ovdcNetwork` string	Network is the name of organizational virtual data center network that will be associated with the VMs and vApp.
`vapp` string	VApp used for isolation of VMs and their associated network
`csi` VMwareCloudDirectorCSIConfig	Config for CSI driver

VSphere

Appears in:

PresetSpec

Field	Description
`enabled` boolean	Only enabled presets will be available in the KKP dashboard.
`datacenter` string	If datacenter is set, this preset is only applicable to the configured datacenter.
`username` string
`password` string
`vmNetName` string
`datastore` string
`datastoreCluster` string
`resourcePool` string

VSphereCloudSpec

VSphereCloudSpec specifies access data to VSphere cloud.

Appears in:

CloudSpec

Field	Description
`credentialsReference` GlobalSecretKeySelector
`username` string	Username is the vSphere user name.
`password` string	Password is the vSphere user password.
`vmNetName` string	VMNetName is the name of the vSphere network.
`folder` string	Folder is the folder to be used to group the provisioned virtual machines.
`datastore` string	Datastore to be used for storing virtual machines and as a default for dynamic volume provisioning, it is mutually exclusive with DatastoreCluster.
`datastoreCluster` string	DatastoreCluster to be used for storing virtual machines, it is mutually exclusive with Datastore.
`storagePolicy` string	StoragePolicy to be used for storage provisioning
`resourcePool` string	ResourcePool is used to manage resources such as cpu and memory for vSphere virtual machines. The resource pool should be defined on vSphere cluster level.
`infraManagementUser` VSphereCredentials	This user will be used for everything except cloud provider functionality
`tags` VSphereTag	Tags represents the tags that are attached or created on the cluster level, that are then propagated down to the MachineDeployments. In order to attach tags on MachineDeployment, users must create the tag on a cluster level first then attach that tag on the MachineDeployment.

VSphereCredentials

VSphereCredentials credentials represents a credential for accessing vSphere.

Appears in:

DatacenterSpecVSphere
VSphereCloudSpec

Field	Description
`username` string
`password` string

VSphereTag

VSphereTag represents the tags that are attached or created on the cluster level, that are then propagated down to the MachineDeployments. In order to attach tags on MachineDeployment, users must create the tag on a cluster level first then attach that tag on the MachineDeployment.

Appears in:

VSphereCloudSpec

Field	Description
`tags` string array	Tags represents the name of the created tags.
`categoryID` string	CategoryID is the id of the vsphere category that the tag belongs to. If the category id is left empty, the default category id for the cluster will be used.