mirror of
https://github.com/rancher/k3k.git
synced 2026-03-27 13:56:54 +00:00
9836f8376d
* initial implementation restored policyName * added test, fixed priority scheduling * requested changes from review - wrapped errors - fixed some kube-api-linter issues to match k8s conventions - moved policy namespace check in the same condition branch
715 lines
30 KiB
Plaintext
715 lines
30 KiB
Plaintext
[id="k3k-api-reference"]
|
|
= API Reference
|
|
:revdate: "2006-01-02"
|
|
:page-revdate: {revdate}
|
|
:anchor_prefix: k8s-api
|
|
|
|
== Packages
|
|
- xref:{anchor_prefix}-k3k-io-v1beta1[$$k3k.io/v1beta1$$]
|
|
|
|
|
|
[id="{anchor_prefix}-k3k-io-v1beta1"]
|
|
== k3k.io/v1beta1
|
|
|
|
|
|
=== Resource Types
|
|
- xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-cluster[$$Cluster$$]
|
|
- xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterlist[$$ClusterList$$]
|
|
- xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicy[$$VirtualClusterPolicy$$]
|
|
- xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicylist[$$VirtualClusterPolicyList$$]
|
|
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-addon"]
|
|
=== Addon
|
|
|
|
|
|
|
|
Addon specifies a Secret containing YAML to be deployed on cluster startup.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`secretNamespace`* __string__ | SecretNamespace is the namespace of the Secret. + | |
|
|
| *`secretRef`* __string__ | SecretRef is the name of the Secret. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-appliedpolicy"]
|
|
=== AppliedPolicy
|
|
|
|
|
|
|
|
AppliedPolicy defines the observed state of an applied policy.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterstatus[$$ClusterStatus$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`name`* __string__ | name is the name of the VirtualClusterPolicy currently applied to this cluster. + | | MinLength: 1 +
|
|
|
|
| *`priorityClass`* __string__ | priorityClass is the priority class enforced by the active VirtualClusterPolicy. + | |
|
|
| *`nodeSelector`* __object (keys:string, values:string)__ | nodeSelector is a node selector enforced by the active VirtualClusterPolicy. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-cluster"]
|
|
=== Cluster
|
|
|
|
|
|
|
|
Cluster defines a virtual Kubernetes cluster managed by k3k.
|
|
It specifies the desired state of a virtual cluster, including version, node configuration, and networking.
|
|
k3k uses this to provision and manage these virtual clusters.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterlist[$$ClusterList$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`apiVersion`* __string__ | `k3k.io/v1beta1` | |
|
|
| *`kind`* __string__ | `Cluster` | |
|
|
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
|
| |
|
|
| *`spec`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$]__ | Spec defines the desired state of the Cluster. + | { } |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterlist"]
|
|
=== ClusterList
|
|
|
|
|
|
|
|
ClusterList is a list of Cluster resources.
|
|
|
|
|
|
|
|
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`apiVersion`* __string__ | `k3k.io/v1beta1` | |
|
|
| *`kind`* __string__ | `ClusterList` | |
|
|
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
|
| |
|
|
| *`items`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-cluster[$$Cluster$$] array__ | | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clustermode"]
|
|
=== ClusterMode
|
|
|
|
_Underlying type:_ _string_
|
|
|
|
ClusterMode is the possible provisioning mode of a Cluster.
|
|
|
|
_Validation:_
|
|
- Enum: [shared virtual]
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$]
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicyspec[$$VirtualClusterPolicySpec$$]
|
|
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterphase"]
|
|
=== ClusterPhase
|
|
|
|
_Underlying type:_ _string_
|
|
|
|
ClusterPhase is a high-level summary of the cluster's current lifecycle state.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterstatus[$$ClusterStatus$$]
|
|
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec"]
|
|
=== ClusterSpec
|
|
|
|
|
|
|
|
ClusterSpec defines the desired state of a virtual Kubernetes cluster.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-cluster[$$Cluster$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`version`* __string__ | Version is the K3s version to use for the virtual nodes. +
|
|
It should follow the K3s versioning convention (e.g., v1.28.2-k3s1). +
|
|
If not specified, the Kubernetes version of the host node will be used. + | |
|
|
| *`mode`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clustermode[$$ClusterMode$$]__ | Mode specifies the cluster provisioning mode: "shared" or "virtual". +
|
|
Defaults to "shared". This field is immutable. + | shared | Enum: [shared virtual] +
|
|
|
|
| *`servers`* __integer__ | Servers specifies the number of K3s pods to run in server (control plane) mode. +
|
|
Must be at least 1. Defaults to 1. + | 1 |
|
|
| *`agents`* __integer__ | Agents specifies the number of K3s pods to run in agent (worker) mode. +
|
|
Must be 0 or greater. Defaults to 0. +
|
|
This field is ignored in "shared" mode. + | 0 |
|
|
| *`clusterCIDR`* __string__ | ClusterCIDR is the CIDR range for pod IPs. +
|
|
Defaults to 10.42.0.0/16 in shared mode and 10.52.0.0/16 in virtual mode. +
|
|
This field is immutable. + | |
|
|
| *`serviceCIDR`* __string__ | ServiceCIDR is the CIDR range for service IPs. +
|
|
Defaults to 10.43.0.0/16 in shared mode and 10.53.0.0/16 in virtual mode. +
|
|
This field is immutable. + | |
|
|
| *`clusterDNS`* __string__ | ClusterDNS is the IP address for the CoreDNS service. +
|
|
Must be within the ServiceCIDR range. Defaults to 10.43.0.10. +
|
|
This field is immutable. + | |
|
|
| *`persistence`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistenceconfig[$$PersistenceConfig$$]__ | Persistence specifies options for persisting etcd data. +
|
|
Defaults to dynamic persistence, which uses a PersistentVolumeClaim to provide data persistence. +
|
|
A default StorageClass is required for dynamic persistence. + | |
|
|
| *`expose`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-exposeconfig[$$ExposeConfig$$]__ | Expose specifies options for exposing the API server. +
|
|
By default, it's only exposed as a ClusterIP. + | |
|
|
| *`nodeSelector`* __object (keys:string, values:string)__ | NodeSelector specifies node labels to constrain where server/agent pods are scheduled. +
|
|
In "shared" mode, this also applies to workloads. + | |
|
|
| *`priorityClass`* __string__ | PriorityClass specifies the priorityClassName for server/agent pods. +
|
|
In "shared" mode, this also applies to workloads. + | |
|
|
| *`tokenSecretRef`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#secretreference-v1-core[$$SecretReference$$]__ | TokenSecretRef is a Secret reference containing the token used by worker nodes to join the cluster. +
|
|
The Secret must have a "token" field in its data. + | |
|
|
| *`tlsSANs`* __string array__ | TLSSANs specifies subject alternative names for the K3s server certificate. + | |
|
|
| *`serverArgs`* __string array__ | ServerArgs specifies ordered key-value pairs for K3s server pods. +
|
|
Example: ["--tls-san=example.com"] + | |
|
|
| *`agentArgs`* __string array__ | AgentArgs specifies ordered key-value pairs for K3s agent pods. +
|
|
Example: ["--node-name=my-agent-node"] + | |
|
|
| *`serverEnvs`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#envvar-v1-core[$$EnvVar$$] array__ | ServerEnvs specifies list of environment variables to set in the server pod. + | |
|
|
| *`agentEnvs`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#envvar-v1-core[$$EnvVar$$] array__ | AgentEnvs specifies list of environment variables to set in the agent pod. + | |
|
|
| *`addons`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-addon[$$Addon$$] array__ | Addons specifies secrets containing raw YAML to deploy on cluster startup. + | |
|
|
| *`serverLimit`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcelist-v1-core[$$ResourceList$$]__ | ServerLimit specifies resource limits for server nodes. + | |
|
|
| *`workerLimit`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcelist-v1-core[$$ResourceList$$]__ | WorkerLimit specifies resource limits for agent nodes. + | |
|
|
| *`mirrorHostNodes`* __boolean__ | MirrorHostNodes controls whether node objects from the host cluster +
|
|
are mirrored into the virtual cluster. + | |
|
|
| *`customCAs`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-customcas[$$CustomCAs$$]__ | CustomCAs specifies the cert/key pairs for custom CA certificates. + | |
|
|
| *`sync`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]__ | Sync specifies the resources types that will be synced from virtual cluster to host cluster. + | { } |
|
|
| *`secretMounts`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-secretmount[$$SecretMount$$] array__ | SecretMounts specifies a list of secrets to mount into server and agent pods. +
|
|
Each entry defines a secret and its mount path within the pods. + | |
|
|
|===
|
|
|
|
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-configmapsyncconfig"]
|
|
=== ConfigMapSyncConfig
|
|
|
|
|
|
|
|
ConfigMapSyncConfig specifies the sync options for services.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | true |
|
|
| *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty +
|
|
then all resources of the given type will be synced. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource"]
|
|
=== CredentialSource
|
|
|
|
|
|
|
|
CredentialSource defines where to get a credential from.
|
|
It can represent either a TLS key pair or a single private key.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsources[$$CredentialSources$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`secretName`* __string__ | The secret must contain specific keys based on the credential type: +
|
|
- For TLS certificate pairs (e.g., ServerCA): `tls.crt` and `tls.key`. +
|
|
- For the ServiceAccountToken signing key: `tls.key`. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsources"]
|
|
=== CredentialSources
|
|
|
|
|
|
|
|
CredentialSources lists all the required credentials, including both
|
|
TLS key pairs and single signing keys.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-customcas[$$CustomCAs$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`serverCA`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | ServerCA specifies the server-ca cert/key pair. + | |
|
|
| *`clientCA`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | ClientCA specifies the client-ca cert/key pair. + | |
|
|
| *`requestHeaderCA`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | RequestHeaderCA specifies the request-header-ca cert/key pair. + | |
|
|
| *`etcdServerCA`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | ETCDServerCA specifies the etcd-server-ca cert/key pair. + | |
|
|
| *`etcdPeerCA`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | ETCDPeerCA specifies the etcd-peer-ca cert/key pair. + | |
|
|
| *`serviceAccountToken`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsource[$$CredentialSource$$]__ | ServiceAccountToken specifies the service-account-token key. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-customcas"]
|
|
=== CustomCAs
|
|
|
|
|
|
|
|
CustomCAs specifies the cert/key pairs for custom CA certificates.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`enabled`* __boolean__ | Enabled toggles this feature on or off. + | true |
|
|
| *`sources`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-credentialsources[$$CredentialSources$$]__ | Sources defines the sources for all required custom CA certificates. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-exposeconfig"]
|
|
=== ExposeConfig
|
|
|
|
|
|
|
|
ExposeConfig specifies options for exposing the API server.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`ingress`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-ingressconfig[$$IngressConfig$$]__ | Ingress specifies options for exposing the API server through an Ingress. + | |
|
|
| *`loadBalancer`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-loadbalancerconfig[$$LoadBalancerConfig$$]__ | LoadBalancer specifies options for exposing the API server through a LoadBalancer service. + | |
|
|
| *`nodePort`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-nodeportconfig[$$NodePortConfig$$]__ | NodePort specifies options for exposing the API server through NodePort. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-ingressconfig"]
|
|
=== IngressConfig
|
|
|
|
|
|
|
|
IngressConfig specifies options for exposing the API server through an Ingress.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-exposeconfig[$$ExposeConfig$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`annotations`* __object (keys:string, values:string)__ | Annotations specifies annotations to add to the Ingress. + | |
|
|
| *`ingressClassName`* __string__ | IngressClassName specifies the IngressClass to use for the Ingress. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-ingresssyncconfig"]
|
|
=== IngressSyncConfig
|
|
|
|
|
|
|
|
IngressSyncConfig specifies the sync options for services.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | false |
|
|
| *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty +
|
|
then all resources of the given type will be synced. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-loadbalancerconfig"]
|
|
=== LoadBalancerConfig
|
|
|
|
|
|
|
|
LoadBalancerConfig specifies options for exposing the API server through a LoadBalancer service.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-exposeconfig[$$ExposeConfig$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`serverPort`* __integer__ | ServerPort is the port on which the K3s server is exposed when type is LoadBalancer. +
|
|
If not specified, the default https 443 port will be allocated. +
|
|
If 0 or negative, the port will not be exposed. + | |
|
|
| *`etcdPort`* __integer__ | ETCDPort is the port on which the ETCD service is exposed when type is LoadBalancer. +
|
|
If not specified, the default etcd 2379 port will be allocated. +
|
|
If 0 or negative, the port will not be exposed. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-nodeportconfig"]
|
|
=== NodePortConfig
|
|
|
|
|
|
|
|
NodePortConfig specifies options for exposing the API server through NodePort.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-exposeconfig[$$ExposeConfig$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`serverPort`* __integer__ | ServerPort is the port on each node on which the K3s server is exposed when type is NodePort. +
|
|
If not specified, a random port between 30000-32767 will be allocated. +
|
|
If out of range, the port will not be exposed. + | |
|
|
| *`etcdPort`* __integer__ | ETCDPort is the port on each node on which the ETCD service is exposed when type is NodePort. +
|
|
If not specified, a random port between 30000-32767 will be allocated. +
|
|
If out of range, the port will not be exposed. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistenceconfig"]
|
|
=== PersistenceConfig
|
|
|
|
|
|
|
|
PersistenceConfig specifies options for persisting etcd data.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`type`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistencemode[$$PersistenceMode$$]__ | Type specifies the persistence mode. + | dynamic |
|
|
| *`storageClassName`* __string__ | StorageClassName is the name of the StorageClass to use for the PVC. +
|
|
This field is only relevant in "dynamic" mode. + | |
|
|
| *`storageRequestSize`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#quantity-resource-api[$$Quantity$$]__ | StorageRequestSize is the requested size for the PVC. +
|
|
This field is only relevant in "dynamic" mode. + | 2G |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistencemode"]
|
|
=== PersistenceMode
|
|
|
|
_Underlying type:_ _string_
|
|
|
|
PersistenceMode is the storage mode of a Cluster.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistenceconfig[$$PersistenceConfig$$]
|
|
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistentvolumeclaimsyncconfig"]
|
|
=== PersistentVolumeClaimSyncConfig
|
|
|
|
|
|
|
|
PersistentVolumeClaimSyncConfig specifies the sync options for services.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | true |
|
|
| *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty +
|
|
then all resources of the given type will be synced. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-podsecurityadmissionlevel"]
|
|
=== PodSecurityAdmissionLevel
|
|
|
|
_Underlying type:_ _string_
|
|
|
|
PodSecurityAdmissionLevel is the policy level applied to the pods in the namespace.
|
|
|
|
_Validation:_
|
|
- Enum: [privileged baseline restricted]
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicyspec[$$VirtualClusterPolicySpec$$]
|
|
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-priorityclasssyncconfig"]
|
|
=== PriorityClassSyncConfig
|
|
|
|
|
|
|
|
PriorityClassSyncConfig specifies the sync options for services.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | false |
|
|
| *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty +
|
|
then all resources of the given type will be synced. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-secretmount"]
|
|
=== SecretMount
|
|
|
|
|
|
|
|
SecretMount defines a secret to be mounted into server or agent pods,
|
|
allowing for custom configurations, certificates, or other sensitive data.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`secretName`* __string__ | secretName is the name of the secret in the pod's namespace to use. +
|
|
More info: https://kubernetes.io/docs/concepts/storage/volumes#secret + | |
|
|
| *`items`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#keytopath-v1-core[$$KeyToPath$$] array__ | items If unspecified, each key-value pair in the Data field of the referenced +
|
|
Secret will be projected into the volume as a file whose name is the +
|
|
key and content is the value. If specified, the listed keys will be +
|
|
projected into the specified paths, and unlisted keys will not be +
|
|
present. If a key is specified which is not present in the Secret, +
|
|
the volume setup will error unless it is marked optional. Paths must be +
|
|
relative and may not contain the '..' path or start with '..'. + | |
|
|
| *`defaultMode`* __integer__ | defaultMode is Optional: mode bits used to set permissions on created files by default. +
|
|
Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. +
|
|
YAML accepts both octal and decimal values, JSON requires decimal values +
|
|
for mode bits. Defaults to 0644. +
|
|
Directories within the path are not affected by this setting. +
|
|
This might be in conflict with other options that affect the file +
|
|
mode, like fsGroup, and the result can be other mode bits set. + | |
|
|
| *`optional`* __boolean__ | optional field specify whether the Secret or its keys must be defined + | |
|
|
| *`mountPath`* __string__ | MountPath is the path within server and agent pods where the +
|
|
secret contents will be mounted. + | |
|
|
| *`subPath`* __string__ | SubPath is an optional path within the secret to mount instead of the root. +
|
|
When specified, only the specified key from the secret will be mounted as a file +
|
|
at MountPath, keeping the parent directory writable. + | |
|
|
| *`role`* __string__ | Role is the type of the k3k pod that will be used to mount the secret. +
|
|
This can be 'server', 'agent', or 'all' (for both). + | | Enum: [server agent all] +
|
|
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-secretsyncconfig"]
|
|
=== SecretSyncConfig
|
|
|
|
|
|
|
|
SecretSyncConfig specifies the sync options for services.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | true |
|
|
| *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty +
|
|
then all resources of the given type will be synced. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-servicesyncconfig"]
|
|
=== ServiceSyncConfig
|
|
|
|
|
|
|
|
ServiceSyncConfig specifies the sync options for services.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`enabled`* __boolean__ | Enabled is an on/off switch for syncing resources. + | true |
|
|
| *`selector`* __object (keys:string, values:string)__ | Selector specifies set of labels of the resources that will be synced, if empty +
|
|
then all resources of the given type will be synced. + | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig"]
|
|
=== SyncConfig
|
|
|
|
|
|
|
|
SyncConfig will contain the resources that should be synced from virtual cluster to host cluster.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clusterspec[$$ClusterSpec$$]
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicyspec[$$VirtualClusterPolicySpec$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`services`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-servicesyncconfig[$$ServiceSyncConfig$$]__ | Services resources sync configuration. + | { enabled:true } |
|
|
| *`configMaps`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-configmapsyncconfig[$$ConfigMapSyncConfig$$]__ | ConfigMaps resources sync configuration. + | { enabled:true } |
|
|
| *`secrets`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-secretsyncconfig[$$SecretSyncConfig$$]__ | Secrets resources sync configuration. + | { enabled:true } |
|
|
| *`ingresses`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-ingresssyncconfig[$$IngressSyncConfig$$]__ | Ingresses resources sync configuration. + | { enabled:false } |
|
|
| *`persistentVolumeClaims`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-persistentvolumeclaimsyncconfig[$$PersistentVolumeClaimSyncConfig$$]__ | PersistentVolumeClaims resources sync configuration. + | { enabled:true } |
|
|
| *`priorityClasses`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-priorityclasssyncconfig[$$PriorityClassSyncConfig$$]__ | PriorityClasses resources sync configuration. + | { enabled:false } |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicy"]
|
|
=== VirtualClusterPolicy
|
|
|
|
|
|
|
|
VirtualClusterPolicy allows defining common configurations and constraints
|
|
for clusters within a clusterpolicy.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicylist[$$VirtualClusterPolicyList$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`apiVersion`* __string__ | `k3k.io/v1beta1` | |
|
|
| *`kind`* __string__ | `VirtualClusterPolicy` | |
|
|
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#objectmeta-v1-meta[$$ObjectMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
|
| |
|
|
| *`spec`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicyspec[$$VirtualClusterPolicySpec$$]__ | Spec defines the desired state of the VirtualClusterPolicy. + | { } |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicylist"]
|
|
=== VirtualClusterPolicyList
|
|
|
|
|
|
|
|
VirtualClusterPolicyList is a list of VirtualClusterPolicy resources.
|
|
|
|
|
|
|
|
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`apiVersion`* __string__ | `k3k.io/v1beta1` | |
|
|
| *`kind`* __string__ | `VirtualClusterPolicyList` | |
|
|
| *`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#listmeta-v1-meta[$$ListMeta$$]__ | Refer to Kubernetes API documentation for fields of `metadata`.
|
|
| |
|
|
| *`items`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicy[$$VirtualClusterPolicy$$] array__ | | |
|
|
|===
|
|
|
|
|
|
[id="{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicyspec"]
|
|
=== VirtualClusterPolicySpec
|
|
|
|
|
|
|
|
VirtualClusterPolicySpec defines the desired state of a VirtualClusterPolicy.
|
|
|
|
|
|
|
|
_Appears In:_
|
|
|
|
* xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-virtualclusterpolicy[$$VirtualClusterPolicy$$]
|
|
|
|
[cols="25a,55a,10a,10a", options="header"]
|
|
|===
|
|
| Field | Description | Default | Validation
|
|
| *`quota`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#resourcequotaspec-v1-core[$$ResourceQuotaSpec$$]__ | Quota specifies the resource limits for clusters within a clusterpolicy. + | |
|
|
| *`limit`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.31/#limitrangespec-v1-core[$$LimitRangeSpec$$]__ | Limit specifies the LimitRange that will be applied to all pods within the VirtualClusterPolicy +
|
|
to set defaults and constraints (min/max) + | |
|
|
| *`defaultNodeSelector`* __object (keys:string, values:string)__ | DefaultNodeSelector specifies the node selector that applies to all clusters (server + agent) in the target Namespace. + | |
|
|
| *`defaultPriorityClass`* __string__ | DefaultPriorityClass specifies the priorityClassName applied to all pods of all clusters in the target Namespace. + | |
|
|
| *`allowedMode`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-clustermode[$$ClusterMode$$]__ | AllowedMode specifies the allowed cluster provisioning mode. Defaults to "shared". + | shared | Enum: [shared virtual] +
|
|
|
|
| *`disableNetworkPolicy`* __boolean__ | DisableNetworkPolicy indicates whether to disable the creation of a default network policy for cluster isolation. + | |
|
|
| *`podSecurityAdmissionLevel`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-podsecurityadmissionlevel[$$PodSecurityAdmissionLevel$$]__ | PodSecurityAdmissionLevel specifies the pod security admission level applied to the pods in the namespace. + | | Enum: [privileged baseline restricted] +
|
|
|
|
| *`sync`* __xref:{anchor_prefix}-github-com-rancher-k3k-pkg-apis-k3k-io-v1beta1-syncconfig[$$SyncConfig$$]__ | Sync specifies the resources types that will be synced from virtual cluster to host cluster. + | { } |
|
|
|===
|
|
|
|
|
|
|
|
|