-
Notifications
You must be signed in to change notification settings - Fork 89
/
Copy pathinfrastructure.cluster.x-k8s.io_ibmpowervsclusters.yaml
1185 lines (1185 loc) · 61.7 KB
/
infrastructure.cluster.x-k8s.io_ibmpowervsclusters.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: ibmpowervsclusters.infrastructure.cluster.x-k8s.io
spec:
group: infrastructure.cluster.x-k8s.io
names:
kind: IBMPowerVSCluster
listKind: IBMPowerVSClusterList
plural: ibmpowervsclusters
singular: ibmpowervscluster
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Cluster to which this IBMPowerVSCluster belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
type: string
- description: Time duration since creation of IBMPowerVSCluster
jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.serviceInstanceID
name: PowerVS Cloud Instance ID
priority: 1
type: string
- description: Control Plane Endpoint
jsonPath: .spec.controlPlaneEndpoint.host
name: Endpoint
priority: 1
type: string
- description: Control Plane Port
jsonPath: .spec.controlPlaneEndpoint.port
name: Port
priority: 1
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: IBMPowerVSCluster is the Schema for the ibmpowervsclusters API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: IBMPowerVSClusterSpec defines the desired state of IBMPowerVSCluster.
properties:
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
network:
description: Network is the reference to the Network to use for this
cluster.
properties:
id:
description: ID of resource
minLength: 1
type: string
name:
description: Name of resource
minLength: 1
type: string
regex:
description: |-
Regular expression to match resource,
In case of multiple resources matches the provided regular expression the first matched resource will be selected
minLength: 1
type: string
type: object
serviceInstanceID:
description: ServiceInstanceID is the id of the power cloud instance
where the vsi instance will get deployed.
minLength: 1
type: string
required:
- network
- serviceInstanceID
type: object
status:
description: IBMPowerVSClusterStatus defines the observed state of IBMPowerVSCluster.
properties:
ready:
description: |-
INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
Important: Run "make" to regenerate code after modifying this file
type: boolean
required:
- ready
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- description: Cluster to which this IBMPowerVSCluster belongs
jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name
name: Cluster
type: string
- description: Time duration since creation of IBMPowerVSCluster
jsonPath: .metadata.creationTimestamp
name: Age
type: date
- jsonPath: .spec.serviceInstanceID
name: PowerVS Cloud Instance ID
priority: 1
type: string
- description: Control Plane Endpoint
jsonPath: .spec.controlPlaneEndpoint.host
name: Endpoint
priority: 1
type: string
- description: Control Plane Port
jsonPath: .spec.controlPlaneEndpoint.port
name: Port
priority: 1
type: string
name: v1beta2
schema:
openAPIV3Schema:
description: IBMPowerVSCluster is the Schema for the ibmpowervsclusters API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: IBMPowerVSClusterSpec defines the desired state of IBMPowerVSCluster.
properties:
controlPlaneEndpoint:
description: ControlPlaneEndpoint represents the endpoint used to
communicate with the control plane.
properties:
host:
description: The hostname on which the API server is serving.
type: string
port:
description: The port on which the API server is serving.
format: int32
type: integer
required:
- host
- port
type: object
cosInstance:
description: |-
cosInstance contains options to configure a supporting IBM Cloud COS bucket for this
cluster - currently used for nodes requiring Ignition
(https://coreos.github.io/ignition/) for bootstrapping (requires
BootstrapFormatIgnition feature flag to be enabled).
when powervs.cluster.x-k8s.io/create-infra=true annotation is set on IBMPowerVSCluster resource and Ignition is set, then
1. CosInstance.Name should be set not setting will result in webhook error.
2. CosInstance.BucketName should be set not setting will result in webhook error.
3. CosInstance.BucketRegion should be set not setting will result in webhook error.
properties:
bucketName:
description: bucketName is IBM cloud COS bucket name
type: string
bucketRegion:
description: bucketRegion is IBM cloud COS bucket region
type: string
name:
description: |-
name defines name of IBM cloud COS instance to be created.
when IBMPowerVSCluster.Ignition is set
maxLength: 63
minLength: 3
pattern: ^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$
type: string
type: object
dhcpServer:
description: |-
dhcpServer is contains the configuration to be used while creating a new DHCP server in PowerVS workspace.
when the field is omitted, CLUSTER_NAME will be used as DHCPServer.Name and DHCP server will be created.
it will automatically create network with name DHCPSERVER<DHCPServer.Name>_Private in PowerVS workspace.
properties:
cidr:
description: Optional cidr for DHCP private network
type: string
dnsServer:
default: 1.1.1.1
description: Optional DNS Server for DHCP service
type: string
id:
description: Optional id of the existing DHCPServer
type: string
name:
description: Optional name of DHCP Service. Only alphanumeric
characters and dashes are allowed.
type: string
snat:
default: true
description: Optional indicates if SNAT will be enabled for DHCP
service
type: boolean
type: object
ignition:
description: Ignition defined options related to the bootstrapping
systems where Ignition is used.
properties:
version:
default: "2.3"
description: Version defines which version of Ignition will be
used to generate bootstrap data.
enum:
- "2.3"
- "2.4"
- "3.0"
- "3.1"
- "3.2"
- "3.3"
- "3.4"
type: string
type: object
loadBalancers:
description: |-
loadBalancers is optional configuration for configuring loadbalancers to control plane or data plane nodes.
when omitted system will create a default public loadbalancer with name CLUSTER_NAME-loadbalancer.
when specified a vpc loadbalancer will be created and controlPlaneEndpoint will be set with associated hostname of loadbalancer.
ControlPlaneEndpoint will be set with associated hostname of public loadbalancer.
when LoadBalancers[].ID is set, its expected that there exist a loadbalancer with ID or else system will give error.
when LoadBalancers[].Name is set, system will first check for loadbalancer with Name, if not exist system will create new loadbalancer.
For each loadbalancer a default backed pool and front listener will be configured with port 6443.
items:
description: VPCLoadBalancerSpec defines the desired state of an
VPC load balancer.
properties:
additionalListeners:
description: AdditionalListeners sets the additional listeners
for the control plane load balancer.
items:
description: |-
AdditionalListenerSpec defines the desired state of an
additional listener on an VPC load balancer.
properties:
defaultPoolName:
description: defaultPoolName defines the name of a VPC
Load Balancer Backend Pool to use for the VPC Load Balancer
Listener.
maxLength: 63
minLength: 1
pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$
type: string
port:
description: Port sets the port for the additional listener.
format: int64
maximum: 65535
minimum: 1
type: integer
protocol:
description: |-
protocol defines the protocol to use for the VPC Load Balancer Listener.
Will default to TCP protocol if not specified.
enum:
- http
- https
- tcp
- udp
type: string
required:
- port
type: object
type: array
x-kubernetes-list-map-keys:
- port
x-kubernetes-list-type: map
backendPools:
description: backendPools defines the load balancer's backend
pools.
items:
description: VPCLoadBalancerBackendPoolSpec defines the desired
configuration of a VPC Load Balancer Backend Pool.
properties:
algorithm:
description: algorithm defines the load balancing algorithm
to use.
enum:
- least_connections
- round_robin
- weighted_round_robin
type: string
healthMonitor:
description: healthMonitor defines the backend pool's
health monitor.
properties:
delay:
description: delay defines the seconds to wait between
health checks.
format: int64
maximum: 60
minimum: 2
type: integer
port:
description: port defines the port to perform health
monitoring on.
format: int64
maximum: 65535
minimum: 1
type: integer
retries:
description: retries defines the max retries for health
check.
format: int64
maximum: 10
minimum: 1
type: integer
timeout:
description: timeout defines the seconds to wait for
a health check response.
format: int64
maximum: 59
minimum: 1
type: integer
type:
description: type defines the protocol used for health
checks.
enum:
- http
- https
- tcp
type: string
urlPath:
description: urlPath defines the URL to use for health
monitoring.
pattern: ^\/(([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})+(\/([a-zA-Z0-9-._~!$&'()*+,;=:@]|%[a-fA-F0-9]{2})*)*)?(\\?([a-zA-Z0-9-._~!$&'()*+,;=:@\/?]|%[a-fA-F0-9]{2})*)?$
type: string
required:
- delay
- retries
- timeout
- type
type: object
name:
description: name defines the name of the Backend Pool.
maxLength: 63
minLength: 1
pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$
type: string
protocol:
description: protocol defines the protocol to use for
the Backend Pool.
enum:
- http
- https
- tcp
- udp
type: string
required:
- algorithm
- healthMonitor
- protocol
type: object
type: array
id:
description: id of the loadbalancer
maxLength: 64
minLength: 1
pattern: ^[-0-9a-z_]+$
type: string
name:
description: Name sets the name of the VPC load balancer.
maxLength: 63
minLength: 1
pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$
type: string
public:
default: true
description: public indicates that load balancer is public or
private
type: boolean
securityGroups:
description: |-
securityGroups defines the Security Groups to attach to the load balancer.
Security Groups defined here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer).
items:
description: VPCResource represents a VPC resource.
properties:
id:
description: id of the resource.
minLength: 1
type: string
name:
description: name of the resource.
minLength: 1
type: string
type: object
x-kubernetes-validations:
- message: an id or name must be provided
rule: has(self.id) || has(self.name)
type: array
subnets:
description: |-
subnets defines the VPC Subnets to attach to the load balancer.
Subnets defiens here are expected to already exist when the load balancer is reconciled (these do not get created when reconciling the load balancer).
items:
description: VPCResource represents a VPC resource.
properties:
id:
description: id of the resource.
minLength: 1
type: string
name:
description: name of the resource.
minLength: 1
type: string
type: object
x-kubernetes-validations:
- message: an id or name must be provided
rule: has(self.id) || has(self.name)
type: array
type: object
type: array
network:
description: |-
Network is the reference to the Network to use for this cluster.
when the field is omitted, A DHCP service will be created in the Power VS workspace and its private network will be used.
the DHCP service created network will have the following name format
1. in the case of DHCPServer.Name is not set the name will be DHCPSERVER<CLUSTER_NAME>_Private.
2. if DHCPServer.Name is set the name will be DHCPSERVER<DHCPServer.Name>_Private.
when Network.ID is set, its expected that there exist a network in PowerVS workspace with id or else system will give error.
when Network.Name is set, system will first check for network with Name in PowerVS workspace, if not exist system will check DHCP network with given Network.name, if that also not exist, it will create a new DHCP service and name will be DHCPSERVER<Network.Name>_Private.
Network.RegEx is not yet supported and system will ignore the value.
properties:
id:
description: ID of resource
minLength: 1
type: string
name:
description: Name of resource
minLength: 1
type: string
regex:
description: |-
Regular expression to match resource,
In case of multiple resources matches the provided regular expression the first matched resource will be selected
minLength: 1
type: string
type: object
resourceGroup:
description: |-
resourceGroup name under which the resources will be created.
when powervs.cluster.x-k8s.io/create-infra=true annotation is set on IBMPowerVSCluster resource,
1. it is expected to set the ResourceGroup.Name, not setting will result in webhook error.
ResourceGroup.ID and ResourceGroup.Regex is not yet supported and system will ignore the value.
properties:
id:
description: ID of resource
minLength: 1
type: string
name:
description: Name of resource
minLength: 1
type: string
regex:
description: |-
Regular expression to match resource,
In case of multiple resources matches the provided regular expression the first matched resource will be selected
minLength: 1
type: string
type: object
serviceInstance:
description: |-
serviceInstance is the reference to the Power VS server workspace on which the server instance(VM) will be created.
Power VS server workspace is a container for all Power VS instances at a specific geographic region.
serviceInstance can be created via IBM Cloud catalog or CLI.
supported serviceInstance identifier in PowerVSResource are Name and ID and that can be obtained from IBM Cloud UI or IBM Cloud cli.
More detail about Power VS service instance.
https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server
when omitted system will dynamically create the service instance with name CLUSTER_NAME-serviceInstance.
when ServiceInstance.ID is set, its expected that there exist a service instance in PowerVS workspace with id or else system will give error.
when ServiceInstance.Name is set, system will first check for service instance with Name in PowerVS workspace, if not exist system will create new instance.
if there are more than one service instance exist with the ServiceInstance.Name in given Zone, installation fails with an error. Use ServiceInstance.ID in those situations to use the specific service instance.
ServiceInstance.Regex is not yet supported not yet supported and system will ignore the value.
properties:
id:
description: ID of resource
minLength: 1
type: string
name:
description: Name of resource
minLength: 1
type: string
regex:
description: |-
Regular expression to match resource,
In case of multiple resources matches the provided regular expression the first matched resource will be selected
minLength: 1
type: string
type: object
serviceInstanceID:
description: |-
ServiceInstanceID is the id of the power cloud instance where the vsi instance will get deployed.
Deprecated: use ServiceInstance instead
type: string
transitGateway:
description: |-
transitGateway contains information about IBM Cloud TransitGateway
IBM Cloud TransitGateway helps in establishing network connectivity between IBM Cloud Power VS and VPC infrastructure
more information about TransitGateway can be found here https://www.ibm.com/products/transit-gateway.
when TransitGateway.ID is set, its expected that there exist a TransitGateway with ID or else system will give error.
when TransitGateway.Name is set, system will first check for TransitGateway with Name, if not exist system will create new TransitGateway.
properties:
globalRouting:
description: |-
globalRouting indicates whether to set global routing true or not while creating the transit gateway.
set this field to true only when PowerVS and VPC are from different regions, if they are same it's suggested to use local routing by setting the field to false.
when the field is omitted, based on PowerVS region (region associated with IBMPowerVSCluster.Spec.Zone) and VPC region(IBMPowerVSCluster.Spec.VPC.Region) system will decide whether to enable globalRouting or not.
type: boolean
id:
description: id of resource.
type: string
name:
description: name of resource.
maxLength: 63
minLength: 1
pattern: ^([a-zA-Z]|[a-zA-Z][-_a-zA-Z0-9]*[a-zA-Z0-9])$
type: string
type: object
vpc:
description: |-
vpc contains information about IBM Cloud VPC resources.
when omitted system will dynamically create the VPC with name CLUSTER_NAME-vpc.
when VPC.ID is set, its expected that there exist a VPC with ID or else system will give error.
when VPC.Name is set, system will first check for VPC with Name, if not exist system will create new VPC.
when powervs.cluster.x-k8s.io/create-infra=true annotation is set on IBMPowerVSCluster resource,
1. it is expected to set the VPC.Region, not setting will result in webhook error.
properties:
id:
description: id of resource.
maxLength: 64
minLength: 1
pattern: ^[-0-9a-z_]+$
type: string
name:
description: name of resource.
maxLength: 63
minLength: 1
pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$
type: string
region:
description: |-
region of IBM Cloud VPC.
when powervs.cluster.x-k8s.io/create-infra=true annotation is set on IBMPowerVSCluster resource,
it is expected to set the region, not setting will result in webhook error.
type: string
type: object
vpcSecurityGroups:
description: VPCSecurityGroups to attach it to the VPC resource
items:
description: VPCSecurityGroup defines a VPC Security Group that
should exist or be created within the specified VPC, with the
specified Security Group Rules.
properties:
id:
description: id of the Security Group.
type: string
name:
description: name of the Security Group.
type: string
rules:
description: rules are the Security Group Rules for the Security
Group.
items:
description: VPCSecurityGroupRule defines a VPC Security Group
Rule for a specified Security Group.
properties:
action:
description: action defines whether to allow or deny traffic
defined by the Security Group Rule.
enum:
- allow
- deny
type: string
destination:
description: |-
destination is a VPCSecurityGroupRulePrototype which defines the destination of outbound traffic for the Security Group Rule.
Only used when direction is VPCSecurityGroupRuleDirectionOutbound.
properties:
icmpCode:
description: |-
icmpCode is the ICMP code for the Rule.
Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp.
format: int64
type: integer
icmpType:
description: |-
icmpType is the ICMP type for the Rule.
Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp.
format: int64
type: integer
portRange:
description: portRange is a range of ports allowed
for the Rule's remote.
properties:
maximumPort:
description: maximumPort is the inclusive upper
range of ports.
format: int64
maximum: 65535
minimum: 1
type: integer
minimumPort:
description: minimumPort is the inclusive lower
range of ports.
format: int64
maximum: 65535
minimum: 1
type: integer
type: object
x-kubernetes-validations:
- message: maximum port must be greater than or equal
to minimum port
rule: self.maximumPort >= self.minimumPort
protocol:
description: protocol defines the traffic protocol
used for the Security Group Rule.
enum:
- all
- icmp
- tcp
- udp
type: string
remotes:
description: |-
remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote.
Specifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc.
This allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc.
items:
description: |-
VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details.
The type of remote defines the additional remote details where are used for defining the remote.
properties:
address:
description: |2-
address is the address to use for the remote's destination/source.
Only used when remoteType is VPCSecurityGroupRuleRemoteTypeAddress.
type: string
cidrSubnetName:
description: |-
cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source.
Only used when remoteType is VPCSecurityGroupRuleRemoteTypeCIDR.
type: string
remoteType:
description: remoteType defines the type of
filter to define for the remote's destination/source.
enum:
- any
- cidr
- address
- sg
type: string
securityGroupName:
description: |-
securityGroupName is the name of the VPC Security Group to use for the remote's destination/source.
Only used when remoteType is VPCSecurityGroupRuleRemoteTypeSG
type: string
required:
- remoteType
type: object
x-kubernetes-validations:
- message: cidrSubnetName, addresss, and securityGroupName
are not valid for VPCSecurityGroupRuleRemoteTypeAny
remoteType
rule: 'self.remoteType == ''any'' ? (!has(self.cidrSubnetName)
&& !has(self.address) && !has(self.securityGroupName))
: true'
- message: only cidrSubnetName is valid for VPCSecurityGroupRuleRemoteTypeCIDR
remoteType
rule: 'self.remoteType == ''cidr'' ? (has(self.cidrSubnetName)
&& !has(self.address) && !has(self.securityGroupName))
: true'
- message: only address is valid for VPCSecurityGroupRuleRemoteTypeIP
remoteType
rule: 'self.remoteType == ''address'' ? (has(self.address)
&& !has(self.cidrSubnetName) && !has(self.securityGroupName))
: true'
- message: only securityGroupName is valid for VPCSecurityGroupRuleRemoteTypeSG
remoteType
rule: 'self.remoteType == ''sg'' ? (has(self.securityGroupName)
&& !has(self.cidrSubnetName) && !has(self.address))
: true'
type: array
required:
- protocol
- remotes
type: object
x-kubernetes-validations:
- message: icmpCode and icmpType are only supported for
VPCSecurityGroupRuleProtocolIcmp protocol
rule: 'self.protocol != ''icmp'' ? (!has(self.icmpCode)
&& !has(self.icmpType)) : true'
- message: portRange is not valid for VPCSecurityGroupRuleProtocolAll
protocol
rule: 'self.protocol == ''all'' ? !has(self.portRange)
: true'
- message: portRange is not valid for VPCSecurityGroupRuleProtocolIcmp
protocol
rule: 'self.protocol == ''icmp'' ? !has(self.portRange)
: true'
direction:
description: direction defines whether the traffic is
inbound or outbound for the Security Group Rule.
enum:
- inbound
- outbound
type: string
securityGroupID:
description: securityGroupID is the ID of the Security
Group for the Security Group Rule.
type: string
source:
description: |-
source is a VPCSecurityGroupRulePrototype which defines the source of inbound traffic for the Security Group Rule.
Only used when direction is VPCSecurityGroupRuleDirectionInbound.
properties:
icmpCode:
description: |-
icmpCode is the ICMP code for the Rule.
Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp.
format: int64
type: integer
icmpType:
description: |-
icmpType is the ICMP type for the Rule.
Only used when Protocol is VPCSecurityGroupRuleProtocolIcmp.
format: int64
type: integer
portRange:
description: portRange is a range of ports allowed
for the Rule's remote.
properties:
maximumPort:
description: maximumPort is the inclusive upper
range of ports.
format: int64
maximum: 65535
minimum: 1
type: integer
minimumPort:
description: minimumPort is the inclusive lower
range of ports.
format: int64
maximum: 65535
minimum: 1
type: integer
type: object
x-kubernetes-validations:
- message: maximum port must be greater than or equal
to minimum port
rule: self.maximumPort >= self.minimumPort
protocol:
description: protocol defines the traffic protocol
used for the Security Group Rule.
enum:
- all
- icmp
- tcp
- udp
type: string
remotes:
description: |-
remotes is a set of VPCSecurityGroupRuleRemote's that define the traffic allowed by the Rule's remote.
Specifying multiple VPCSecurityGroupRuleRemote's creates a unique Security Group Rule with the shared Protocol, PortRange, etc.
This allows for easier management of Security Group Rule's for sets of CIDR's, IP's, etc.
items:
description: |-
VPCSecurityGroupRuleRemote defines a VPC Security Group Rule's remote details.
The type of remote defines the additional remote details where are used for defining the remote.
properties:
address:
description: |2-
address is the address to use for the remote's destination/source.
Only used when remoteType is VPCSecurityGroupRuleRemoteTypeAddress.
type: string
cidrSubnetName:
description: |-
cidrSubnetName is the name of the VPC Subnet to retrieve the CIDR from, to use for the remote's destination/source.
Only used when remoteType is VPCSecurityGroupRuleRemoteTypeCIDR.
type: string
remoteType:
description: remoteType defines the type of
filter to define for the remote's destination/source.
enum:
- any
- cidr
- address
- sg
type: string
securityGroupName:
description: |-
securityGroupName is the name of the VPC Security Group to use for the remote's destination/source.
Only used when remoteType is VPCSecurityGroupRuleRemoteTypeSG
type: string
required:
- remoteType
type: object
x-kubernetes-validations:
- message: cidrSubnetName, addresss, and securityGroupName
are not valid for VPCSecurityGroupRuleRemoteTypeAny
remoteType
rule: 'self.remoteType == ''any'' ? (!has(self.cidrSubnetName)
&& !has(self.address) && !has(self.securityGroupName))
: true'
- message: only cidrSubnetName is valid for VPCSecurityGroupRuleRemoteTypeCIDR
remoteType
rule: 'self.remoteType == ''cidr'' ? (has(self.cidrSubnetName)
&& !has(self.address) && !has(self.securityGroupName))
: true'
- message: only address is valid for VPCSecurityGroupRuleRemoteTypeIP
remoteType
rule: 'self.remoteType == ''address'' ? (has(self.address)
&& !has(self.cidrSubnetName) && !has(self.securityGroupName))
: true'
- message: only securityGroupName is valid for VPCSecurityGroupRuleRemoteTypeSG
remoteType
rule: 'self.remoteType == ''sg'' ? (has(self.securityGroupName)
&& !has(self.cidrSubnetName) && !has(self.address))
: true'
type: array
required:
- protocol
- remotes
type: object
x-kubernetes-validations:
- message: icmpCode and icmpType are only supported for
VPCSecurityGroupRuleProtocolIcmp protocol
rule: 'self.protocol != ''icmp'' ? (!has(self.icmpCode)
&& !has(self.icmpType)) : true'
- message: portRange is not valid for VPCSecurityGroupRuleProtocolAll
protocol
rule: 'self.protocol == ''all'' ? !has(self.portRange)
: true'
- message: portRange is not valid for VPCSecurityGroupRuleProtocolIcmp
protocol
rule: 'self.protocol == ''icmp'' ? !has(self.portRange)
: true'
required:
- action
- direction
type: object
x-kubernetes-validations:
- message: both destination and source cannot be provided
rule: (has(self.destination) && !has(self.source)) || (!has(self.destination)
&& has(self.source))
- message: source must be set for VPCSecurityGroupRuleDirectionInbound
direction
rule: 'self.direction == ''inbound'' ? has(self.source)
: true'
- message: destination is not valid for VPCSecurityGroupRuleDirectionInbound
direction
rule: 'self.direction == ''inbound'' ? !has(self.destination)
: true'
- message: destination must be set for VPCSecurityGroupRuleDirectionOutbound
direction
rule: 'self.direction == ''outbound'' ? has(self.destination)
: true'
- message: source is not valid for VPCSecurityGroupRuleDirectionOutbound
direction
rule: 'self.direction == ''outbound'' ? !has(self.source)
: true'
type: array
tags:
description: tags are tags to add to the Security Group.
items:
type: string
type: array
type: object
x-kubernetes-validations:
- message: either an id or name must be specified
rule: has(self.id) || has(self.name)
type: array
vpcSubnets:
description: |-
vpcSubnets contains information about IBM Cloud VPC Subnet resources.
when omitted system will create the subnets in all the zone corresponding to VPC.Region, with name CLUSTER_NAME-vpcsubnet-ZONE_NAME.
possible values can be found here https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server.
when VPCSubnets[].ID is set, its expected that there exist a subnet with ID or else system will give error.
when VPCSubnets[].Zone is not set, a random zone is picked from available zones of VPC.Region.
when VPCSubnets[].Name is not set, system will set name as CLUSTER_NAME-vpcsubnet-INDEX.
if subnet with name VPCSubnets[].Name not found, system will create new subnet in VPCSubnets[].Zone.
items:
description: Subnet describes a subnet.
properties:
cidr:
type: string
id:
maxLength: 64
minLength: 1
pattern: ^[-0-9a-z_]+$
type: string
name:
maxLength: 63
minLength: 1
pattern: ^([a-z]|[a-z][-a-z0-9]*[a-z0-9])$
type: string
zone:
type: string
type: object
type: array
zone:
description: |-
zone is the name of Power VS zone where the cluster will be created
possible values can be found here https://cloud.ibm.com/docs/power-iaas?topic=power-iaas-creating-power-virtual-server.
when powervs.cluster.x-k8s.io/create-infra=true annotation is set on IBMPowerVSCluster resource,
1. it is expected to set the zone, not setting will result in webhook error.
2. the zone should have PER capabilities, or else system will give error.
type: string
required:
- network
- serviceInstanceID
type: object
status:
description: IBMPowerVSClusterStatus defines the observed state of IBMPowerVSCluster.
properties:
conditions:
description: Conditions defines current service state of the IBMPowerVSCluster.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object