[id="k3k-api-reference"] = API Reference :revdate: "2006-01-02" :page-revdate: {revdate} :anchor_prefix: k8s-api == Packages - xref:{anchor_prefix}-k3k-io-v1beta1[$$k3k.io/v1beta1$$] [id="{anchor_prefix}-k3k-io-v1beta1"] == k3k.io/v1beta1 === Resource Types - xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-cluster[$$Cluster$$] - xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterlist[$$ClusterList$$] - xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicy[$$VirtualClusterPolicy$$] - xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicylist[$$VirtualClusterPolicyList$$] [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-addon"] === Addon Addon specifies a Secret containing YAML to be deployed on cluster startup. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`secretNamespace`* __string__ | SecretNamespace is the namespace of the Secret. + | | | *`secretRef`* __string__ | SecretRef is the name of the Secret. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-appliedpolicy"] === AppliedPolicy AppliedPolicy defines the observed state of an applied policy. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterstatus[$$ClusterStatus$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`name`* __string__ | name is the name of the VirtualClusterPolicy currently applied to this cluster. + | | MinLength: 1 + | *`priorityClass`* __string__ | priorityClass is the priority class enforced by the active VirtualClusterPolicy. + | | | *`nodeSelector`* __object (keys:string, values:string)__ | nodeSelector is a node selector enforced by the active VirtualClusterPolicy. + | | | *`serverAffinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#affinity-v1-core[$$Affinity$$]__ | serverAffinity is the affinity rules for server pods enforced by the active VirtualClusterPolicy. + This includes both node affinity and pod affinity/anti-affinity rules. + | | | *`agentAffinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#affinity-v1-core[$$Affinity$$]__ | agentAffinity is the affinity rules for agent pods enforced by the active VirtualClusterPolicy. + This includes both node affinity and pod affinity/anti-affinity rules. + | | | *`sync`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]__ | sync is the SyncConfig enforced by the active VirtualClusterPolicy. + | | | *`runtimeClassName`* __string__ | SecurityContext specifies custom SecurityContext to be added + to the agent and server pods of the cluster in virtual or shared mode. + | | | *`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#securitycontext-v1-core[$$SecurityContext$$]__ | RuntimeClassName specifies alternative runtime class for the + agent and server pods of the cluster in virtual or shared mode. + | | | *`hostUsers`* __boolean__ | HostUsers sets the user namespace for server and agent pods. + If set to true or not present, the pod will be run in the host user namespace. + When set to false, a new userns is created for the pod. + This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-cluster"] === Cluster Cluster defines a virtual Kubernetes cluster managed by k3k. It specifies the desired state of a virtual cluster, including version, node configuration, and networking. k3k uses this to provision and manage these virtual clusters. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterlist[$$ClusterList$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`apiVersion`* __string__ | `k3k.io/v1beta1` | | | *`kind`* __string__ | `Cluster` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | | *`spec`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$]__ | Spec defines the desired state of the Cluster. + | { } | | *`status`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterstatus[$$ClusterStatus$$]__ | Status reflects the observed state of the Cluster. + | { } | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterlist"] === ClusterList ClusterList is a list of Cluster resources. [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`apiVersion`* __string__ | `k3k.io/v1beta1` | | | *`kind`* __string__ | `ClusterList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | | *`items`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-cluster[$$Cluster$$] array__ | | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clustermode"] === ClusterMode _Underlying type:_ _string_ ClusterMode is the possible provisioning mode of a Cluster. _Validation:_ - Enum: [shared virtual] _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$] * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicyspec[$$VirtualClusterPolicySpec$$] [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterphase"] === ClusterPhase _Underlying type:_ _string_ ClusterPhase is a high-level summary of the cluster's current lifecycle state. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterstatus[$$ClusterStatus$$] [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec"] === ClusterSpec ClusterSpec defines the desired state of a virtual Kubernetes cluster. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-cluster[$$Cluster$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`version`* __string__ | Version is the K3s version to use for the virtual nodes. + It should follow the K3s versioning convention (e.g., v1.28.2-k3s1). + If not specified, the Kubernetes version of the host node will be used. + | | | *`mode`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clustermode[$$ClusterMode$$]__ | Mode specifies the cluster provisioning mode: "shared" or "virtual". + Defaults to "shared". This field is immutable. + | shared | Enum: [shared virtual] + | *`servers`* __integer__ | Servers specifies the number of K3s pods to run in server (control plane) mode. + Must be at least 1. Defaults to 1. + | 1 | | *`agents`* __integer__ | Agents specifies the number of K3s pods to run in agent (worker) mode. + Must be 0 or greater. Defaults to 0. + This field is ignored in "shared" mode. + | 0 | | *`clusterCIDR`* __string__ | ClusterCIDR is the CIDR range for pod IPs. + Defaults to 10.42.0.0/16 in shared mode and 10.52.0.0/16 in virtual mode. + This field is immutable. + | | | *`serviceCIDR`* __string__ | ServiceCIDR is the CIDR range for service IPs. + Defaults to 10.43.0.0/16 in shared mode and 10.53.0.0/16 in virtual mode. + This field is immutable. + | | | *`clusterDNS`* __string__ | ClusterDNS is the IP address for the CoreDNS service. + Must be within the ServiceCIDR range. Defaults to 10.43.0.10. + This field is immutable. + | | | *`persistence`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistenceconfig[$$PersistenceConfig$$]__ | Persistence specifies options for persisting etcd data. + Defaults to dynamic persistence, which uses a PersistentVolumeClaim to provide data persistence. + A default StorageClass is required for dynamic persistence. + | | | *`expose`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-exposeconfig[$$ExposeConfig$$]__ | Expose specifies options for exposing the API server. + By default, it's only exposed as a ClusterIP. + | | | *`nodeSelector`* __object (keys:string, values:string)__ | NodeSelector specifies node labels to constrain where server/agent pods are scheduled. + In "shared" mode, this also applies to workloads. + | | | *`priorityClass`* __string__ | PriorityClass specifies the priorityClassName for server/agent pods. + In "shared" mode, this also applies to workloads. + | | | *`tokenSecretRef`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#secretreference-v1-core[$$SecretReference$$]__ | TokenSecretRef is a Secret reference containing the token used by worker nodes to join the cluster. + The Secret must have a "token" field in its data. + | | | *`tlsSANs`* __string array__ | TLSSANs specifies subject alternative names for the K3s server certificate. + | | | *`serverArgs`* __string array__ | ServerArgs specifies ordered key-value pairs for K3s server pods. + Example: ["--tls-san=example.com"] + | | | *`agentArgs`* __string array__ | AgentArgs specifies ordered key-value pairs for K3s agent pods. + Example: ["--node-name=my-agent-node"] + | | | *`serverEnvs`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#envvar-v1-core[$$EnvVar$$] array__ | ServerEnvs specifies list of environment variables to set in the server pod. + | | | *`agentEnvs`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#envvar-v1-core[$$EnvVar$$] array__ | AgentEnvs specifies list of environment variables to set in the agent pod. + | | | *`addons`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-addon[$$Addon$$] array__ | Addons specifies secrets containing raw YAML to deploy on cluster startup. + | | | *`serverLimit`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcelist-v1-core[$$ResourceList$$]__ | ServerLimit specifies resource limits for server nodes. + | | | *`workerLimit`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcelist-v1-core[$$ResourceList$$]__ | WorkerLimit specifies resource limits for agent nodes. + | | | *`serverResources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ | ServerResources specifies resources limits and requests for server nodes. + | | | *`workerResources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ | WorkerResources specifies resources limits and requests for worker nodes. + | | | *`serverAffinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#affinity-v1-core[$$Affinity$$]__ | ServerAffinity specifies the affinity rules for server pods. + This includes both node affinity and pod affinity/anti-affinity rules. + | | | *`agentAffinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#affinity-v1-core[$$Affinity$$]__ | AgentAffinity specifies the affinity rules for agent pods. + This includes both node affinity and pod affinity/anti-affinity rules. + | | | *`mirrorHostNodes`* __boolean__ | MirrorHostNodes controls whether node objects from the host cluster + are mirrored into the virtual cluster. + | | | *`customCAs`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-customcas[$$CustomCAs$$]__ | CustomCAs specifies the cert/key pairs for custom CA certificates. + | | | *`sync`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]__ | Sync specifies the resources types that will be synced from virtual cluster to host cluster. + | { } | | *`secretMounts`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-secretmount[$$SecretMount$$] array__ | SecretMounts specifies a list of secrets to mount into server and agent pods. + Each entry defines a secret and its mount path within the pods. + | | | *`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#securitycontext-v1-core[$$SecurityContext$$]__ | SecurityContext specifies custom SecurityContext to be added + to the agent and server pods of the cluster in virtual or shared mode. + This option will override the SecurityContext set by default for virtual mode. + | | | *`runtimeClassName`* __string__ | RuntimeClassName specifies alternative runtime class for the + agent and server pods of the cluster in virtual or shared mode. + | | | *`hostUsers`* __boolean__ | HostUsers sets the user namespace for server and agent pods. + If set to true or not present, the pod will be run in the host user namespace. + When set to false, a new userns is created for the pod. + This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterstatus"] === ClusterStatus ClusterStatus reflects the observed state of a Cluster. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-cluster[$$Cluster$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`hostVersion`* __string__ | HostVersion is the Kubernetes version of the host node. + | | | *`clusterCIDR`* __string__ | ClusterCIDR is the CIDR range for pod IPs. + | | | *`serviceCIDR`* __string__ | ServiceCIDR is the CIDR range for service IPs. + | | | *`clusterDNS`* __string__ | ClusterDNS is the IP address for the CoreDNS service. + | | | *`tlsSANs`* __string array__ | TLSSANs specifies subject alternative names for the K3s server certificate. + | | | *`policyName`* __string__ | PolicyName specifies the virtual cluster policy name bound to the virtual cluster. + | | | *`policy`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-appliedpolicy[$$AppliedPolicy$$]__ | policy represents the status of the policy applied to this cluster. + This field is set by the VirtualClusterPolicy controller. + | | | *`kubeletPort`* __integer__ | KubeletPort specefies the port used by k3k-kubelet in shared mode. + | | | *`conditions`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#condition-v1-meta[$$Condition$$] array__ | Conditions are the individual conditions for the cluster set. + | | | *`phase`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterphase[$$ClusterPhase$$]__ | Phase is a high-level summary of the cluster's current lifecycle state. + | Unknown | Enum: [Pending Provisioning Ready Failed Terminating Unknown] + |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-configmapsyncconfig"] === ConfigMapSyncConfig ConfigMapSyncConfig specifies the sync options for ConfigMaps. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | true | | *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource"] === CredentialSource CredentialSource defines where to get a credential from. It can represent either a TLS key pair or a single private key. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsources[$$CredentialSources$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`secretName`* __string__ | The secret must contain specific keys based on the credential type: + - For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. + - For the ServiceAccountToken signing key: `tls.key`. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsources"] === CredentialSources CredentialSources lists all the required credentials, including both TLS key pairs and single signing keys. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-customcas[$$CustomCAs$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`serverCA`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | ServerCA specifies the server-ca cert/key pair. + | | | *`clientCA`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | ClientCA specifies the client-ca cert/key pair. + | | | *`requestHeaderCA`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | RequestHeaderCA specifies the request-header-ca cert/key pair. + | | | *`etcdServerCA`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | ETCDServerCA specifies the etcd-server-ca cert/key pair. + | | | *`etcdPeerCA`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | ETCDPeerCA specifies the etcd-peer-ca cert/key pair. + | | | *`serviceAccountToken`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | ServiceAccountToken specifies the service-account-token key. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-customcas"] === CustomCAs CustomCAs specifies the cert/key pairs for custom CA certificates. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`enabled`* __boolean__ | Enabled toggles this feature on or off. + | true | | *`sources`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsources[$$CredentialSources$$]__ | Sources defines the sources for all required custom CA certificates. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-exposeconfig"] === ExposeConfig ExposeConfig specifies options for exposing the API server. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`ingress`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-ingressconfig[$$IngressConfig$$]__ | Ingress specifies options for exposing the API server through an Ingress. + | | | *`loadBalancer`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-loadbalancerconfig[$$LoadBalancerConfig$$]__ | LoadBalancer specifies options for exposing the API server through a LoadBalancer service. + | | | *`nodePort`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-nodeportconfig[$$NodePortConfig$$]__ | NodePort specifies options for exposing the API server through NodePort. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-ingressconfig"] === IngressConfig IngressConfig specifies options for exposing the API server through an Ingress. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-exposeconfig[$$ExposeConfig$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`annotations`* __object (keys:string, values:string)__ | Annotations specifies annotations to add to the Ingress. + | | | *`ingressClassName`* __string__ | IngressClassName specifies the IngressClass to use for the Ingress. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-ingresssyncconfig"] === IngressSyncConfig IngressSyncConfig specifies the sync options for Ingresses. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | false | | *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + | | | *`disableTLSSecretTranslation`* __boolean__ | DisableTLSSecretTranslation is an on/off switch for translating TLS secrets + from virtual cluster to host cluster + | false | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-loadbalancerconfig"] === LoadBalancerConfig LoadBalancerConfig specifies options for exposing the API server through a LoadBalancer service. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-exposeconfig[$$ExposeConfig$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`serverPort`* __integer__ | ServerPort is the port on which the K3s server is exposed when type is LoadBalancer. + If not specified, the default https 443 port will be allocated. + If 0 or negative, the port will not be exposed. + | | | *`etcdPort`* __integer__ | ETCDPort is the port on which the ETCD service is exposed when type is LoadBalancer. + If not specified, the default etcd 2379 port will be allocated. + If 0 or negative, the port will not be exposed. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-nodeportconfig"] === NodePortConfig NodePortConfig specifies options for exposing the API server through NodePort. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-exposeconfig[$$ExposeConfig$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`serverPort`* __integer__ | ServerPort is the port on each node on which the K3s server is exposed when type is NodePort. + If not specified, a random port between 30000-32767 will be allocated. + If out of range, the port will not be exposed. + | | | *`etcdPort`* __integer__ | ETCDPort is the port on each node on which the ETCD service is exposed when type is NodePort. + If not specified, a random port between 30000-32767 will be allocated. + If out of range, the port will not be exposed. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistenceconfig"] === PersistenceConfig PersistenceConfig specifies options for persisting etcd data. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`type`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistencemode[$$PersistenceMode$$]__ | Type specifies the persistence mode. + | dynamic | | *`storageClassName`* __string__ | StorageClassName is the name of the StorageClass to use for the PVC. + This field is only relevant in "dynamic" mode. + | | | *`storageRequestSize`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#quantity-resource-api[$$Quantity$$]__ | StorageRequestSize is the requested size for the PVC. + This field is only relevant in "dynamic" mode. + | 2G | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistencemode"] === PersistenceMode _Underlying type:_ _string_ PersistenceMode is the storage mode of a Cluster. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistenceconfig[$$PersistenceConfig$$] [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistentvolumeclaimsyncconfig"] === PersistentVolumeClaimSyncConfig PersistentVolumeClaimSyncConfig specifies the sync options for PersistentVolumeClaims. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | true | | *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-podsecurityadmissionlevel"] === PodSecurityAdmissionLevel _Underlying type:_ _string_ PodSecurityAdmissionLevel is the policy level applied to the pods in the namespace. _Validation:_ - Enum: [privileged baseline restricted] _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicyspec[$$VirtualClusterPolicySpec$$] [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-priorityclasssyncconfig"] === PriorityClassSyncConfig PriorityClassSyncConfig specifies the sync options for PriorityClasses. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | false | | *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-secretmount"] === SecretMount SecretMount defines a secret to be mounted into server or agent pods, allowing for custom configurations, certificates, or other sensitive data. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`secretName`* __string__ | secretName is the name of the secret in the pod's namespace to use. + More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + | | | *`items`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#keytopath-v1-core[$$KeyToPath$$] array__ | items If unspecified, each key-value pair in the Data field of the referenced + Secret will be projected into the volume as a file whose name is the + key and content is the value. If specified, the listed keys will be + projected into the specified paths, and unlisted keys will not be + present. If a key is specified which is not present in the Secret, + the volume setup will error unless it is marked optional. Paths must be + relative and may not contain the '..' path or start with '..'. + | | | *`defaultMode`* __integer__ | defaultMode is Optional: mode bits used to set permissions on created files by default. + Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. + YAML accepts both octal and decimal values, JSON requires decimal values + for mode bits. Defaults to 0644. + Directories within the path are not affected by this setting. + This might be in conflict with other options that affect the file + mode, like fsGroup, and the result can be other mode bits set. + | | | *`optional`* __boolean__ | optional field specify whether the Secret or its keys must be defined + | | | *`mountPath`* __string__ | MountPath is the path within server and agent pods where the + secret contents will be mounted. + | | | *`subPath`* __string__ | SubPath is an optional path within the secret to mount instead of the root. + When specified, only the specified key from the secret will be mounted as a file + at MountPath, keeping the parent directory writable. + | | | *`role`* __string__ | Role is the type of the k3k pod that will be used to mount the secret. + This can be 'server', 'agent', or 'all' (for both). + | | Enum: [server agent all] + |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-secretsyncconfig"] === SecretSyncConfig SecretSyncConfig specifies the sync options for Secrets. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | true | | *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-servicesyncconfig"] === ServiceSyncConfig ServiceSyncConfig specifies the sync options for Services. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | true | | *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-storageclasssyncconfig"] === StorageClassSyncConfig StorageClassSyncConfig specifies the sync options for StorageClasses. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | false | | *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty + then all resources of the given type will be synced. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig"] === SyncConfig SyncConfig will contain the resources that should be synced from virtual cluster to host cluster. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-appliedpolicy[$$AppliedPolicy$$] * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$] * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicyspec[$$VirtualClusterPolicySpec$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`services`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-servicesyncconfig[$$ServiceSyncConfig$$]__ | Services resources sync configuration. + | { enabled:true } | | *`configMaps`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-configmapsyncconfig[$$ConfigMapSyncConfig$$]__ | ConfigMaps resources sync configuration. + | { enabled:true } | | *`secrets`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-secretsyncconfig[$$SecretSyncConfig$$]__ | Secrets resources sync configuration. + | { enabled:true } | | *`ingresses`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-ingresssyncconfig[$$IngressSyncConfig$$]__ | Ingresses resources sync configuration. + | { enabled:false } | | *`persistentVolumeClaims`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistentvolumeclaimsyncconfig[$$PersistentVolumeClaimSyncConfig$$]__ | PersistentVolumeClaims resources sync configuration. + | { enabled:true } | | *`priorityClasses`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-priorityclasssyncconfig[$$PriorityClassSyncConfig$$]__ | PriorityClasses resources sync configuration. + | { enabled:false } | | *`storageClasses`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-storageclasssyncconfig[$$StorageClassSyncConfig$$]__ | StorageClasses resources sync configuration. + | { enabled:false } | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicy"] === VirtualClusterPolicy VirtualClusterPolicy allows defining common configurations and constraints for clusters within a clusterpolicy. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicylist[$$VirtualClusterPolicyList$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`apiVersion`* __string__ | `k3k.io/v1beta1` | | | *`kind`* __string__ | `VirtualClusterPolicy` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | | *`spec`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicyspec[$$VirtualClusterPolicySpec$$]__ | Spec defines the desired state of the VirtualClusterPolicy. + | { } | | *`status`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicystatus[$$VirtualClusterPolicyStatus$$]__ | Status reflects the observed state of the VirtualClusterPolicy. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicylist"] === VirtualClusterPolicyList VirtualClusterPolicyList is a list of VirtualClusterPolicy resources. [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`apiVersion`* __string__ | `k3k.io/v1beta1` | | | *`kind`* __string__ | `VirtualClusterPolicyList` | | | *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`. | | | *`items`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicy[$$VirtualClusterPolicy$$] array__ | | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicyspec"] === VirtualClusterPolicySpec VirtualClusterPolicySpec defines the desired state of a VirtualClusterPolicy. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicy[$$VirtualClusterPolicy$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`quota`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcequotaspec-v1-core[$$ResourceQuotaSpec$$]__ | Quota specifies the resource limits for clusters within a clusterpolicy. + | | | *`limit`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#limitrangespec-v1-core[$$LimitRangeSpec$$]__ | Limit specifies the LimitRange that will be applied to all pods within the VirtualClusterPolicy + to set defaults and constraints (min/max) + | | | *`defaultNodeSelector`* __object (keys:string, values:string)__ | DefaultNodeSelector specifies the node selector that applies to all clusters (server + agent) in the target Namespace. + | | | *`defaultPriorityClass`* __string__ | DefaultPriorityClass specifies the priorityClassName applied to all pods of all clusters in the target Namespace. + | | | *`defaultServerAffinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#affinity-v1-core[$$Affinity$$]__ | DefaultServerAffinity specifies the affinity rules applied to server pods of all clusters in the target Namespace. + This includes both node affinity and pod affinity/anti-affinity rules. + | | | *`defaultAgentAffinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#affinity-v1-core[$$Affinity$$]__ | DefaultAgentAffinity specifies the affinity rules applied to agent pods of all clusters in the target Namespace. + This includes both node affinity and pod affinity/anti-affinity rules. + | | | *`allowedMode`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clustermode[$$ClusterMode$$]__ | AllowedMode specifies the allowed cluster provisioning mode. Defaults to "shared". + | shared | Enum: [shared virtual] + | *`disableNetworkPolicy`* __boolean__ | DisableNetworkPolicy indicates whether to disable the creation of a default network policy for cluster isolation. + | | | *`podSecurityAdmissionLevel`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-podsecurityadmissionlevel[$$PodSecurityAdmissionLevel$$]__ | PodSecurityAdmissionLevel specifies the pod security admission level applied to the pods in the namespace. + | | Enum: [privileged baseline restricted] + | *`sync`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]__ | Sync specifies the resources types that will be synced from virtual cluster to host cluster. + | { } | | *`runtimeClassName`* __string__ | SecurityContext specifies custom SecurityContext to be added + to the agent and server pods of the cluster in virtual or shared mode. + | | | *`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#securitycontext-v1-core[$$SecurityContext$$]__ | RuntimeClassName specifies alternative runtime class for the + agent and server pods of the cluster in virtual or shared mode. + | | | *`hostUsers`* __boolean__ | HostUsers sets the user namespace for server and agent pods. + If set to true or not present, the pod will be run in the host user namespace. + When set to false, a new userns is created for the pod. + This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. + | | |=== [id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicystatus"] === VirtualClusterPolicyStatus VirtualClusterPolicyStatus reflects the observed state of a VirtualClusterPolicy. _Appears In:_ * xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicy[$$VirtualClusterPolicy$$] [cols="25a,55a,10a,10a", options="header"] |=== | Field | Description | Default | Validation | *`observedGeneration`* __integer__ | ObservedGeneration was the generation at the time the status was updated. + | | | *`lastUpdateTime`* __string__ | LastUpdate is the timestamp when the status was last updated. + | | | *`summary`* __string__ | Summary is a summary of the status. + | | | *`conditions`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#condition-v1-meta[$$Condition$$] array__ | Conditions are the individual conditions for the cluster set. + | | |===