KubeletConfig [machineconfiguration.openshift.io/v1]
Description
KubeletConfig describes a customized Kubelet configuration. Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).
Type
object
Required
spec
Specification
Property | Type | Description |
---|---|---|
|
| APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources |
|
| Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds |
| Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata | |
|
| KubeletConfigSpec defines the desired state of KubeletConfig |
|
| KubeletConfigStatus defines the observed state of a KubeletConfig |
.spec
Description
KubeletConfigSpec defines the desired state of KubeletConfig
Type
object
Property | Type | Description |
---|---|---|
|
| |
| `` | kubeletConfig fields are defined in kubernetes upstream. Please refer to the types defined in the version/commit used by OpenShift of the upstream kubernetes. It’s important to note that, since the fields of the kubelet configuration are directly fetched from upstream the validation of those values is handled directly by the kubelet. Please refer to the upstream version of the relevant kubernetes for the valid values of these fields. Invalid values of the kubelet configuration fields may render cluster nodes unusable. |
|
| |
|
| MachineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. A nil selector will result in no pools being selected. |
|
| If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12. |
.spec.machineConfigPoolSelector
Description
MachineConfigPoolSelector selects which pools the KubeletConfig shoud apply to. A nil selector will result in no pools being selected.
Type
object
Property | Type | Description |
---|---|---|
|
| matchExpressions is a list of label selector requirements. The requirements are ANDed. |
|
| A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. |
|
| matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is “key”, the operator is “In”, and the values array contains only “value”. The requirements are ANDed. |
.spec.machineConfigPoolSelector.matchExpressions
Description
matchExpressions is a list of label selector requirements. The requirements are ANDed.
Type
array
.spec.machineConfigPoolSelector.matchExpressions[]
Description
A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
Type
object
Required
key
operator
Property | Type | Description |
---|---|---|
|
| key is the label key that the selector applies to. |
|
| operator represents a key’s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. |
|
| values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. |
.spec.tlsSecurityProfile
Description
If unset, the default is based on the apiservers.config.openshift.io/cluster resource. Note that only Old and Intermediate profiles are currently supported, and the maximum available minTLSVersion is VersionTLS12.
Type
object
Property | Type | Description |
---|---|---|
|
| intermediate is a TLS security profile based on: https://wiki.mozilla.org/Security/ServerSide_TLS#Intermediate_compatibility.28recommended.29 and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 minTLSVersion: VersionTLS12 |
|
| old is a TLS security profile based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility and looks like this (yaml): ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: VersionTLS10 |
|
| type is one of Old, Intermediate, Modern or Custom. Custom provides the ability to specify individual TLS security profile parameters. Old, Intermediate and Modern are TLS security profiles based on: https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations The profiles are intent based, so they may change over time as new ciphers are developed and existing ciphers are found to be insecure. Depending on precisely which ciphers are available to a process, the list may be reduced. Note that the Modern profile is currently not supported because it is not yet well adopted by common software libraries. |
.status
Description
KubeletConfigStatus defines the observed state of a KubeletConfig
Type
object
Property | Type | Description |
---|---|---|
|
| conditions represents the latest available observations of current state. |
|
| KubeletConfigCondition defines the state of the KubeletConfig |
|
| observedGeneration represents the generation observed by the controller. |
.status.conditions
Description
conditions represents the latest available observations of current state.
Type
array
.status.conditions[]
Description
KubeletConfigCondition defines the state of the KubeletConfig
Type
object
Property | Type | Description |
---|---|---|
| `` | lastTransitionTime is the time of the last update to the current status object. |
|
| message provides additional information about the current condition. This is only to be consumed by humans. |
|
| reason is the reason for the condition’s last transition. Reasons are PascalCase |
|
| status of the condition, one of True, False, Unknown. |
|
| type specifies the state of the operator’s reconciliation functionality. |
API endpoints
The following API endpoints are available:
/apis/machineconfiguration.openshift.io/v1/kubeletconfigs
DELETE
: delete collection of KubeletConfigGET
: list objects of kind KubeletConfigPOST
: create a KubeletConfig
/apis/machineconfiguration.openshift.io/v1/kubeletconfigs/{name}
DELETE
: delete a KubeletConfigGET
: read the specified KubeletConfigPATCH
: partially update the specified KubeletConfigPUT
: replace the specified KubeletConfig
/apis/machineconfiguration.openshift.io/v1/kubeletconfigs/{name}/status
GET
: read status of the specified KubeletConfigPATCH
: partially update status of the specified KubeletConfigPUT
: replace status of the specified KubeletConfig
/apis/machineconfiguration.openshift.io/v1/kubeletconfigs
HTTP method
DELETE
Description
delete collection of KubeletConfig
HTTP code | Reponse body |
---|---|
200 - OK | Status schema |
401 - Unauthorized | Empty |
HTTP method
GET
Description
list objects of kind KubeletConfig
HTTP code | Reponse body |
---|---|
200 - OK | KubeletConfigList schema |
401 - Unauthorized | Empty |
HTTP method
POST
Description
create a KubeletConfig
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
| KubeletConfig schema |
HTTP code | Reponse body |
---|---|
200 - OK | KubeletConfig schema |
201 - Created | KubeletConfig schema |
202 - Accepted | KubeletConfig schema |
401 - Unauthorized | Empty |
/apis/machineconfiguration.openshift.io/v1/kubeletconfigs/{name}
Parameter | Type | Description |
---|---|---|
|
| name of the KubeletConfig |
HTTP method
DELETE
Description
delete a KubeletConfig
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
HTTP code | Reponse body |
---|---|
200 - OK | Status schema |
202 - Accepted | Status schema |
401 - Unauthorized | Empty |
HTTP method
GET
Description
read the specified KubeletConfig
HTTP code | Reponse body |
---|---|
200 - OK | KubeletConfig schema |
401 - Unauthorized | Empty |
HTTP method
PATCH
Description
partially update the specified KubeletConfig
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK | KubeletConfig schema |
401 - Unauthorized | Empty |
HTTP method
PUT
Description
replace the specified KubeletConfig
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
| KubeletConfig schema |
HTTP code | Reponse body |
---|---|
200 - OK | KubeletConfig schema |
201 - Created | KubeletConfig schema |
401 - Unauthorized | Empty |
/apis/machineconfiguration.openshift.io/v1/kubeletconfigs/{name}/status
Parameter | Type | Description |
---|---|---|
|
| name of the KubeletConfig |
HTTP method
GET
Description
read status of the specified KubeletConfig
HTTP code | Reponse body |
---|---|
200 - OK | KubeletConfig schema |
401 - Unauthorized | Empty |
HTTP method
PATCH
Description
partially update status of the specified KubeletConfig
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
HTTP code | Reponse body |
---|---|
200 - OK | KubeletConfig schema |
401 - Unauthorized | Empty |
HTTP method
PUT
Description
replace status of the specified KubeletConfig
Parameter | Type | Description |
---|---|---|
|
| When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed |
|
| fieldValidation instructs the server on how to handle objects in the request (POST/PUT/PATCH) containing unknown or duplicate fields. Valid values are: - Ignore: This will ignore any unknown fields that are silently dropped from the object, and will ignore all but the last duplicate field that the decoder encounters. This is the default behavior prior to v1.23. - Warn: This will send a warning via the standard warning response header for each unknown field that is dropped from the object, and for each duplicate field that is encountered. The request will still succeed if there are no other errors, and will only persist the last of any duplicate fields. This is the default in v1.23+ - Strict: This will fail the request with a BadRequest error if any unknown fields would be dropped from the object, or if any duplicate fields are present. The error returned from the server will contain all unknown and duplicate fields encountered. |
Parameter | Type | Description |
---|---|---|
| KubeletConfig schema |
HTTP code | Reponse body |
---|---|
200 - OK | KubeletConfig schema |
201 - Created | KubeletConfig schema |
401 - Unauthorized | Empty |