diff --git a/pkg/machinery/config/config.go b/pkg/machinery/config/config.go index d8ca9210eb8..458785fb802 100644 --- a/pkg/machinery/config/config.go +++ b/pkg/machinery/config/config.go @@ -5,8 +5,6 @@ // Package config provides methods to generate and consume Talos configuration. package config -//go:generate docgen -generate-schema-from-dir types/ -json-schema-output schemas/config.schema.json -version-tag-file ../gendata/data/tag - import "github.com/siderolabs/talos/pkg/machinery/config/config" // Config defines the interface to access contents of the machine configuration. diff --git a/pkg/machinery/config/generate/init.go b/pkg/machinery/config/generate/init.go index 03b3b860047..cab9d117165 100644 --- a/pkg/machinery/config/generate/init.go +++ b/pkg/machinery/config/generate/init.go @@ -187,7 +187,7 @@ func (in *Input) init() ([]config.Document, error) { cluster.AllowSchedulingOnControlPlanes = pointer.To(in.Options.AllowSchedulingOnControlPlanes) } else { // backwards compatibility for Talos versions older than 1.2 - cluster.AllowSchedulingOnMasters = pointer.To(in.Options.AllowSchedulingOnControlPlanes) //nolint:staticcheck + cluster.AllowSchedulingOnMasters = pointer.To(in.Options.AllowSchedulingOnControlPlanes) } } diff --git a/pkg/machinery/config/types/meta/meta.go b/pkg/machinery/config/types/meta/meta.go index c3b97a0791a..55f379a083b 100644 --- a/pkg/machinery/config/types/meta/meta.go +++ b/pkg/machinery/config/types/meta/meta.go @@ -7,8 +7,8 @@ package meta // Meta is a shared meta information for config documents. type Meta struct { - MetaAPIVersion string `yaml:"apiVersion,omitempty"` - MetaKind string `yaml:"kind"` + MetaAPIVersion string `yaml:"apiVersion,omitempty" docgen:"{'optional':false}"` + MetaKind string `yaml:"kind" docgen:"{'optional':false}"` } // Kind implements config.Document interface. diff --git a/pkg/machinery/config/types/network/default_action_config.go b/pkg/machinery/config/types/network/default_action_config.go index 124b3efceae..9354e9e31a9 100644 --- a/pkg/machinery/config/types/network/default_action_config.go +++ b/pkg/machinery/config/types/network/default_action_config.go @@ -4,8 +4,6 @@ package network -//docgen:jsonschema - import ( "github.com/siderolabs/talos/pkg/machinery/config/config" "github.com/siderolabs/talos/pkg/machinery/config/internal/registry" @@ -35,19 +33,11 @@ var ( // DefaultActionConfigV1Alpha1 is a ingress firewall default action configuration document. // -// examples: -// - value: exampleDefaultActionConfigV1Alpha1() -// alias: NetworkDefaultActionConfig -// schemaRoot: true -// schemaMeta: v1alpha1/NetworkDefaultActionConfig +//docgen:version=v1alpha1 type DefaultActionConfigV1Alpha1 struct { meta.Meta `yaml:",inline"` - // description: | - // Default action for all not explicitly configured ingress traffic: accept or block. - // values: - // - "accept" - // - "block" - Ingress nethelpers.DefaultAction `yaml:"ingress"` + // The default action for all configured ingress traffic not explicitly defined. + Ingress nethelpers.DefaultAction `yaml:"ingress" docgen:"{'in':'1.7','values':['accept','block']}"` } // NewDefaultActionConfigV1Alpha1 creates a new DefaultActionConfig config document. diff --git a/pkg/machinery/config/types/network/network.go b/pkg/machinery/config/types/network/network.go index f396a9a0124..78048470016 100644 --- a/pkg/machinery/config/types/network/network.go +++ b/pkg/machinery/config/types/network/network.go @@ -5,6 +5,4 @@ // Package network provides network machine configuration documents. package network -//go:generate docgen -output network_doc.go network.go default_action_config.go port_range.go rule_config.go - //go:generate deep-copy -type DefaultActionConfigV1Alpha1 -type RuleConfigV1Alpha1 -pointer-receiver -header-file ../../../../../hack/boilerplate.txt -o deep_copy.generated.go . diff --git a/pkg/machinery/config/types/network/port_range.go b/pkg/machinery/config/types/network/port_range.go index b9371be190f..540be20fc46 100644 --- a/pkg/machinery/config/types/network/port_range.go +++ b/pkg/machinery/config/types/network/port_range.go @@ -13,8 +13,6 @@ import ( ) // PortRange is a port range. -// -//docgen:nodoc type PortRange struct { Lo uint16 Hi uint16 @@ -72,8 +70,6 @@ func (pr PortRange) String() string { } // PortRanges is a slice of port ranges. -// -//docgen:nodoc type PortRanges []PortRange // Validate the port ranges. diff --git a/pkg/machinery/config/types/network/rule_config.go b/pkg/machinery/config/types/network/rule_config.go index 084ab7f5864..3559c81eda3 100644 --- a/pkg/machinery/config/types/network/rule_config.go +++ b/pkg/machinery/config/types/network/rule_config.go @@ -4,8 +4,6 @@ package network -//docgen:jsonschema - import ( "errors" "fmt" @@ -45,85 +43,38 @@ var ( // RuleConfigV1Alpha1 is a network firewall rule config document. // -// examples: -// - value: exampleRuleConfigV1Alpha1() -// alias: NetworkRuleConfig -// schemaRoot: true -// schemaMeta: v1alpha1/NetworkRuleConfig +//docgen:version=v1alpha1 type RuleConfigV1Alpha1 struct { meta.Meta `yaml:",inline"` - // description: | - // Name of the config document. - // schemaRequired: true - MetaName string `yaml:"name"` - // description: | - // Port selector defines which ports and protocols on the host are affected by the rule. - PortSelector RulePortSelector `yaml:"portSelector"` - // description: | - // Ingress defines which source subnets are allowed to access the host ports/protocols defined by the `portSelector`. - Ingress IngressConfig `yaml:"ingress" merge:"replace"` + // Name of the config document. + MetaName string `yaml:"name" docgen:"{'in':'1.7','optional':false}"` + // The port selector defines which ports and protocols on the host are affected by the rule. + PortSelector RulePortSelector `yaml:"portSelector" docgen:"{'in':'1.7'}"` + // Defines which source subnets are allowed to access the host ports/protocols defined by the `portSelector`. + Ingress IngressConfig `yaml:"ingress" merge:"replace" docgen:"{'in':'1.7'}"` } // RulePortSelector is a port selector for the network rule. type RulePortSelector struct { - // description: | - // Ports defines a list of port ranges or single ports. - // The port ranges are inclusive, and should not overlap. - // examples: - // - value: > - // examplePortRanges1() - // - value: > - // examplePortRanges2() - // schema: - // type: array - // items: - // oneOf: - // - type: integer - // - type: string - Ports PortRanges `yaml:"ports" merge:"replace"` - // description: | - // Protocol defines traffic protocol (e.g. TCP or UDP). - // values: - // - "tcp" - // - "udp" - // - "icmp" - // - "icmpv6" - Protocol nethelpers.Protocol `yaml:"protocol"` + // Defines a list of port ranges or single ports. The port ranges are inclusive, and should not overlap. + Ports PortRanges `yaml:"ports" merge:"replace" docgen:"{'in':'1.7'}"` + // Defines traffic protocol (e.g. TCP or UDP). + Protocol nethelpers.Protocol `yaml:"protocol" docgen:"{'in':'1.7','values':['tcp','udp','icmp','icmpv6']}"` } // IngressConfig is a ingress config. -// -//docgen:alias type IngressConfig []IngressRule // IngressRule is a ingress rule. type IngressRule struct { - // description: | - // Subnet defines a source subnet. - // examples: - // - value: > - // netip.MustParsePrefix("10.3.4.0/24") - // - value: > - // netip.MustParsePrefix("2001:db8::/32") - // - value: > - // netip.MustParsePrefix("1.3.4.5/32") - // schema: - // type: string - // pattern: ^[0-9a-f.:]+/\d{1,3}$ - Subnet netip.Prefix `yaml:"subnet"` - // description: | - // Except defines a source subnet to exclude from the rule, it gets excluded from the `subnet`. - // schema: - // type: string - // pattern: ^[0-9a-f.:]+/\d{1,3}$ - Except Prefix `yaml:"except,omitempty"` + // Defines a source subnet. + Subnet netip.Prefix `yaml:"subnet" docgen:"{'in':'1.7','pattern':'^[0-9a-f.:]+/\d{1,3}$'}"` + Except Prefix `yaml:"except,omitempty" docgen:"{'in':'1.7','pattern':'^[0-9a-f.:]+/\d{1,3}$'}"` } // Prefix is a wrapper for netip.Prefix. // // It implements IsZero() so that yaml.Marshal correctly skips empty values. -// -//docgen:nodoc type Prefix struct { netip.Prefix } diff --git a/pkg/machinery/config/types/runtime/event_sink.go b/pkg/machinery/config/types/runtime/event_sink.go index 9ab35185c33..af6be455108 100644 --- a/pkg/machinery/config/types/runtime/event_sink.go +++ b/pkg/machinery/config/types/runtime/event_sink.go @@ -4,8 +4,6 @@ package runtime -//docgen:jsonschema - import ( "fmt" "net" @@ -41,19 +39,11 @@ var ( // EventSinkV1Alpha1 is a event sink config document. // -// examples: -// - value: exampleEventSinkV1Alpha1() -// alias: EventSinkConfig -// schemaRoot: true -// schemaMeta: v1alpha1/EventSinkConfig +//docgen:version=v1alpha1 type EventSinkV1Alpha1 struct { meta.Meta `yaml:",inline"` - // description: | - // The endpoint for the event sink as 'host:port'. - // examples: - // - value: > - // "10.3.7.3:2810" - Endpoint string `yaml:"endpoint"` + // The endpoint for the event sink as 'host:port'. + Endpoint string `yaml:"endpoint" docgen:"{'in':'1.7'}"` } // NewEventSinkV1Alpha1 creates a new eventsink config document. diff --git a/pkg/machinery/config/types/runtime/extensions/extensions.go b/pkg/machinery/config/types/runtime/extensions/extensions.go index ad52de3238d..414c456d5ed 100644 --- a/pkg/machinery/config/types/runtime/extensions/extensions.go +++ b/pkg/machinery/config/types/runtime/extensions/extensions.go @@ -5,6 +5,4 @@ // Package extensions provides extensions config documents. package extensions -//go:generate docgen -output extensions_doc.go extensions.go service_config.go - //go:generate deep-copy -type ServiceConfigV1Alpha1 -pointer-receiver -header-file ../../../../../../hack/boilerplate.txt -o deep_copy.generated.go . diff --git a/pkg/machinery/config/types/runtime/extensions/service_config.go b/pkg/machinery/config/types/runtime/extensions/service_config.go index cbc59dc2592..f22c834d826 100644 --- a/pkg/machinery/config/types/runtime/extensions/service_config.go +++ b/pkg/machinery/config/types/runtime/extensions/service_config.go @@ -4,8 +4,6 @@ package extensions -//docgen:jsonschema - import ( "fmt" @@ -40,33 +38,23 @@ var ( // ServiceConfigV1Alpha1 is a extensionserviceconfig document. // -// examples: -// - value: extensionServiceConfigV1Alpha1() -// alias: ExtensionServiceConfig -// schemaRoot: true -// schemaMeta: v1alpha1/ExtensionServiceConfig +//docgen:version=v1alpha1 type ServiceConfigV1Alpha1 struct { meta.Meta `yaml:",inline"` - // description: | - // Name of the extension service. - // schemaRequired: true - ServiceName string `yaml:"name"` - // description: | - // The config files for the extension service. - ServiceConfigFiles []ConfigFile `yaml:"configFiles,omitempty"` - // description: | - // The environment for the extension service. - ServiceEnvironment []string `yaml:"environment,omitempty"` + // The name of the extension service. + ServiceName string `yaml:"name" docgen:"{'in':'1.7','optional':false}"` + // The config files for the extension service. + ServiceConfigFiles []ConfigFile `yaml:"configFiles,omitempty" docgen:"{'in':'1.7'}"` + // The environment for the extension service. + ServiceEnvironment []string `yaml:"environment,omitempty" docgen:"{'in':'1.7'}"` } // ConfigFile is a config file for extension services. type ConfigFile struct { - // description: | - // The content of the extension service config file. - ConfigFileContent string `yaml:"content"` - // description: | - // The mount path of the extension service config file. - ConfigFileMountPath string `yaml:"mountPath"` + // The content of the extension service config file. + ConfigFileContent string `yaml:"content" docgen:"{'in':'1.7'}"` + // The mount path of the extension service config file. + ConfigFileMountPath string `yaml:"mountPath" docgen:"{'in':'1.7'}"` } // NewServicesConfigV1Alpha1 creates a new siderolink config document. diff --git a/pkg/machinery/config/types/runtime/kmsg_log.go b/pkg/machinery/config/types/runtime/kmsg_log.go index 21070524e1a..3800c5aefbd 100644 --- a/pkg/machinery/config/types/runtime/kmsg_log.go +++ b/pkg/machinery/config/types/runtime/kmsg_log.go @@ -4,8 +4,6 @@ package runtime -//docgen:jsonschema - import ( "errors" "net/url" @@ -41,28 +39,13 @@ var ( // KmsgLogV1Alpha1 is a event sink config document. // -// examples: -// - value: exampleKmsgLogV1Alpha1() -// alias: KmsgLogConfig -// schemaRoot: true -// schemaMeta: v1alpha1/KmsgLogConfig +//docgen:version=v1alpha1 type KmsgLogV1Alpha1 struct { meta.Meta `yaml:",inline"` - // description: | - // Name of the config document. - MetaName string `yaml:"name"` - // description: | - // The URL encodes the log destination. - // The scheme must be tcp:// or udp://. - // The path must be empty. - // The port is required. - // examples: - // - value: > - // "udp://10.3.7.3:2810" - // schema: - // type: string - // pattern: "^(tcp|udp)://" - KmsgLogURL meta.URL `yaml:"url"` + // Name of the config document. + MetaName string `yaml:"name" docgen:"{'in':'1.7'}"` + // Encodes the log destination. The path must be empty and the port is required. + KmsgLogURL meta.URL `yaml:"url" docgen:"{'in':'1.7','pattern':'^(tcp|udp)://'}"` } // NewKmsgLogV1Alpha1 creates a new eventsink config document. diff --git a/pkg/machinery/config/types/runtime/runtime.go b/pkg/machinery/config/types/runtime/runtime.go index d41cf40ee26..d276b5fc0e7 100644 --- a/pkg/machinery/config/types/runtime/runtime.go +++ b/pkg/machinery/config/types/runtime/runtime.go @@ -5,6 +5,4 @@ // Package runtime provides runtime machine configuration documents. package runtime -//go:generate docgen -output runtime_doc.go runtime.go kmsg_log.go event_sink.go watchdog_timer.go - //go:generate deep-copy -type EventSinkV1Alpha1 -type KmsgLogV1Alpha1 -type WatchdogTimerV1Alpha1 -pointer-receiver -header-file ../../../../../hack/boilerplate.txt -o deep_copy.generated.go . diff --git a/pkg/machinery/config/types/runtime/watchdog_timer.go b/pkg/machinery/config/types/runtime/watchdog_timer.go index 0e0e47af9c1..ab430e26e41 100644 --- a/pkg/machinery/config/types/runtime/watchdog_timer.go +++ b/pkg/machinery/config/types/runtime/watchdog_timer.go @@ -4,8 +4,6 @@ package runtime -//docgen:jsonschema - import ( "fmt" "net/url" @@ -45,29 +43,13 @@ const ( // WatchdogTimerV1Alpha1 is a watchdog timer config document. // -// examples: -// - value: exampleWatchdogTimerV1Alpha1() -// alias: WatchdogTimerConfig -// schemaRoot: true -// schemaMeta: v1alpha1/WatchdogTimerConfig +//docgen:version=v1alpha1 type WatchdogTimerV1Alpha1 struct { meta.Meta `yaml:",inline"` - // description: | - // Path to the watchdog device. - // examples: - // - value: > - // "/dev/watchdog0" - WatchdogDevice string `yaml:"device"` - // description: | - // Timeout for the watchdog. - // - // If Talos is unresponsive for this duration, the watchdog will reset the system. - // - // Default value is 1 minute, minimum value is 10 seconds. - // schema: - // type: string - // pattern: ^[-+]?(((\d+(\.\d*)?|\d*(\.\d+)+)([nuµm]?s|m|h))|0)+$ - WatchdogTimeout time.Duration `yaml:"timeout,omitempty"` + // The Path to the watchdog device. + WatchdogDevice string `yaml:"device" docgen:"{'in':'1.7'}"` + // The timeout for the watchdog. If Talos is unresponsive for this duration, the watchdog will reset the system. + WatchdogTimeout time.Duration `yaml:"timeout,omitempty" docgen:"{'in':'1.7','default':'1m'}"` } // NewWatchdogTimerV1Alpha1 creates a new eventsink config document. diff --git a/pkg/machinery/config/types/siderolink/siderolink.go b/pkg/machinery/config/types/siderolink/siderolink.go index e6324f1128e..7b803a16a38 100644 --- a/pkg/machinery/config/types/siderolink/siderolink.go +++ b/pkg/machinery/config/types/siderolink/siderolink.go @@ -5,8 +5,6 @@ // Package siderolink provides SideroLink machine configuration documents. package siderolink -//docgen:jsonschema - import ( "errors" "net/url" @@ -19,8 +17,6 @@ import ( "github.com/siderolabs/talos/pkg/machinery/config/validation" ) -//go:generate docgen -output ./siderolink_doc.go ./siderolink.go - //go:generate deep-copy -type ConfigV1Alpha1 -pointer-receiver -header-file ../../../../../hack/boilerplate.txt -o deep_copy.generated.go . // Kind is a siderolink config document kind. @@ -46,22 +42,11 @@ var ( // ConfigV1Alpha1 is a SideroLink connection machine configuration document. // -// examples: -// - value: exampleConfigV1Alpha1() -// alias: SideroLinkConfig -// schemaRoot: true -// schemaMeta: v1alpha1/SideroLinkConfig +//docgen:version=v1alpha1 type ConfigV1Alpha1 struct { meta.Meta `yaml:",inline"` - // description: | - // SideroLink API URL to connect to. - // examples: - // - value: > - // "https://siderolink.api/join?token=secret" - // schema: - // type: string - // pattern: "^(https|grpc)://" - APIUrlConfig meta.URL `yaml:"apiUrl"` + // The SideroLink API URL to connect to. + APIUrlConfig meta.URL `yaml:"apiUrl" docgen:"{'in':'1.7','pattern':'^(https|grpc)://'}"` } // NewConfigV1Alpha1 creates a new siderolink config document. diff --git a/pkg/machinery/config/types/v1alpha1/v1alpha1_types.go b/pkg/machinery/config/types/v1alpha1/v1alpha1_types.go index a8a154522cd..612c28fdaa2 100644 --- a/pkg/machinery/config/types/v1alpha1/v1alpha1_types.go +++ b/pkg/machinery/config/types/v1alpha1/v1alpha1_types.go @@ -11,14 +11,11 @@ this configuration document contains most of the configuration options. It is expected that new configuration options will be added as new documents, and existing ones migrated to their own documents. */ +//nolint:revive,stylecheck package v1alpha1 -//go:generate docgen -output ./v1alpha1_types_doc.go ./v1alpha1_types.go - //go:generate deepcopy-gen --go-header-file ../../../../../hack/boilerplate.txt --bounding-dirs ../v1alpha1 --output-file zz_generated.deepcopy -//docgen:jsonschema - import ( "fmt" "net/url" @@ -44,282 +41,143 @@ func init() { }) } -// Config defines the v1alpha1.Config Talos machine configuration document. +// Config represents the v1alpha1 configuration file. // -// examples: -// - value: configExample() -// schemaRoot: true +//docgen:version=v1alpha1 type Config struct { - // description: | - // Indicates the schema used to decode the contents. - // values: - // - "v1alpha1" - ConfigVersion string `yaml:"version"` - // description: | - // Enable verbose logging to the console. - // All system containers logs will flow into serial console. - // - // **Note:** To avoid breaking Talos bootstrap flow enable this option only if serial console can handle high message throughput. - // values: - // - true - // - yes - // - false - // - no - ConfigDebug *bool `yaml:"debug,omitempty"` - // docgen:nodoc + // Decodes the contents using the specified schema. + ConfigVersion string `yaml:"version" docgen:"{'values':['v1alpha1'],'in':'1.5'}"` + + // Enables verbose logging to the console. + // All system container logs flow into the serial console. // - // Deprecated: Not supported anymore. - ConfigPersist *bool `yaml:"persist,omitempty"` - // description: | - // Provides machine specific configuration options. - MachineConfig *MachineConfig `yaml:"machine"` - // description: | - // Provides cluster specific configuration options. - ClusterConfig *ClusterConfig `yaml:"cluster"` + // Note: Enable this option only if the serial console can handle high message throughput to avoid disrupting the Talos bootstrap flow. + ConfigDebug *bool `yaml:"debug,omitempty" docgen:"{'in':'1.5'}"` + + // Determines whether to pull the machine config on every boot. + ConfigPersist *bool `yaml:"persist,omitempty" docgen:"{'deprecated':'1.6','in':'1.5'}"` + + // Specifies machine specific configuration options. + MachineConfig *MachineConfig `yaml:"machine" docgen:"{'in':'1.5'}"` + + // Specifies cluster specific configuration options. + ClusterConfig *ClusterConfig `yaml:"cluster" docgen:"{'in':'1.5'}"` } var _ config.MachineConfig = (*MachineConfig)(nil) // MachineConfig represents the machine-specific config values. -// -// examples: -// - value: machineConfigExample() type MachineConfig struct { - // description: | - // Defines the role of the machine within the cluster. - // - // **Control Plane** - // - // Control Plane node type designates the node as a control plane member. - // This means it will host etcd along with the Kubernetes controlplane components such as API Server, Controller Manager, Scheduler. - // - // **Worker** - // - // Worker node type designates the node as a worker node. - // This means it will be an available compute node for scheduling workloads. - // - // This node type was previously known as "join"; that value is still supported but deprecated. - // values: - // - "controlplane" - // - "worker" - MachineType string `yaml:"type"` - // description: | - // The `token` is used by a machine to join the PKI of the cluster. - // Using this token, a machine will create a certificate signing request (CSR), and request a certificate that will be used as its' identity. - // examples: - // - name: example token - // value: "\"328hom.uqjzh6jnn2eie9oi\"" - MachineToken string `yaml:"token"` // Warning: It is important to ensure that this token is correct since a machine's certificate has a short TTL by default. - // description: | - // The root certificate authority of the PKI. - // It is composed of a base64 encoded `crt` and `key`. - // examples: - // - value: pemEncodedCertificateExample() - // name: machine CA example - // schema: - // type: object - // additionalProperties: false - // properties: - // crt: - // type: string - // key: - // type: string - MachineCA *x509.PEMEncodedCertificateAndKey `yaml:"ca,omitempty"` - // description: | - // The certificates issued by certificate authorities are accepted in addition to issuing 'ca'. - // It is composed of a base64 encoded `crt``. - // schema: - // type: object - // additionalProperties: false - // properties: - // crt: - // type: string - MachineAcceptedCAs []*x509.PEMEncodedCertificate `yaml:"acceptedCAs,omitempty"` - // description: | - // Extra certificate subject alternative names for the machine's certificate. - // By default, all non-loopback interface IPs are automatically added to the certificate's SANs. - // examples: - // - name: Uncomment this to enable SANs. - // value: '[]string{"10.0.0.10", "172.16.0.10", "192.168.0.10"}' - MachineCertSANs []string `yaml:"certSANs"` - // description: | - // Provides machine specific control plane configuration options. - // examples: - // - name: ControlPlane definition example. - // value: machineControlplaneExample() - MachineControlPlane *MachineControlPlaneConfig `yaml:"controlPlane,omitempty"` - // description: | - // Used to provide additional options to the kubelet. - // examples: - // - name: Kubelet definition example. - // value: machineKubeletExample() - MachineKubelet *KubeletConfig `yaml:"kubelet,omitempty"` - // description: | - // Used to provide static pod definitions to be run by the kubelet directly bypassing the kube-apiserver. - // - // Static pods can be used to run components which should be started before the Kubernetes control plane is up. - // Talos doesn't validate the pod definition. - // Updates to this field can be applied without a reboot. - // - // See https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/. - // examples: - // - name: nginx static pod. - // value: machinePodsExample() - // schema: - // type: array - // items: - // type: object - MachinePods []Unstructured `yaml:"pods,omitempty"` - // description: | - // Provides machine specific network configuration options. - // examples: - // - name: Network definition example. - // value: machineNetworkConfigExample() - MachineNetwork *NetworkConfig `yaml:"network,omitempty"` - // description: | - // Used to partition, format and mount additional disks. - // Since the rootfs is read only with the exception of `/var`, mounts are only valid if they are under `/var`. - // Note that the partitioning and formatting is done only once, if and only if no existing XFS partitions are found. - // If `size:` is omitted, the partition is sized to occupy the full disk. - // examples: - // - name: MachineDisks list example. - // value: machineDisksExample() - MachineDisks []*MachineDisk `yaml:"disks,omitempty"` // Note: `size` is in units of bytes. - // description: | - // Used to provide instructions for installations. - // - // Note that this configuration section gets silently ignored by Talos images that are considered pre-installed. - // To make sure Talos installs according to the provided configuration, Talos should be booted with ISO or PXE-booted. - // examples: - // - name: MachineInstall config usage example. - // value: machineInstallExample() - MachineInstall *InstallConfig `yaml:"install,omitempty"` - // description: | - // Allows the addition of user specified files. - // The value of `op` can be `create`, `overwrite`, or `append`. - // In the case of `create`, `path` must not exist. - // In the case of `overwrite`, and `append`, `path` must be a valid file. - // If an `op` value of `append` is used, the existing file will be appended. - // Note that the file contents are not required to be base64 encoded. - // examples: - // - name: MachineFiles usage example. - // value: machineFilesExample() - MachineFiles []*MachineFile `yaml:"files,omitempty"` // Note: The specified `path` is relative to `/var`. - // description: | - // The `env` field allows for the addition of environment variables. - // All environment variables are set on PID 1 in addition to every service. - // values: - // - "`GRPC_GO_LOG_VERBOSITY_LEVEL`" - // - "`GRPC_GO_LOG_SEVERITY_LEVEL`" - // - "`http_proxy`" - // - "`https_proxy`" - // - "`no_proxy`" - // examples: - // - name: Environment variables definition examples. - // value: machineEnvExamples0() - // - value: machineEnvExamples1() - // - value: machineEnvExamples2() - // schema: - // type: object - // patternProperties: - // ".*": - // type: string - MachineEnv Env `yaml:"env,omitempty"` - // description: | - // Used to configure the machine's time settings. - // examples: - // - name: Example configuration for cloudflare ntp server. - // value: machineTimeExample() - MachineTime *TimeConfig `yaml:"time,omitempty"` - // description: | - // Used to configure the machine's sysctls. - // examples: - // - name: MachineSysctls usage example. - // value: machineSysctlsExample() - MachineSysctls map[string]string `yaml:"sysctls,omitempty"` - // description: | - // Used to configure the machine's sysfs. - // examples: - // - name: MachineSysfs usage example. - // value: machineSysfsExample() - MachineSysfs map[string]string `yaml:"sysfs,omitempty"` - // description: | - // Used to configure the machine's container image registry mirrors. - // - // Automatically generates matching CRI configuration for registry mirrors. - // - // The `mirrors` section allows to redirect requests for images to a non-default registry, - // which might be a local registry or a caching mirror. - // - // The `config` section provides a way to authenticate to the registry with TLS client - // identity, provide registry CA, or authentication information. - // Authentication information has same meaning with the corresponding field in [`.docker/config.json`](https://docs.docker.com/engine/api/v1.41/#section/Authentication). - // - // See also matching configuration for [CRI containerd plugin](https://github.com/containerd/cri/blob/master/docs/registry.md). - // examples: - // - value: machineConfigRegistriesExample() - MachineRegistries RegistriesConfig `yaml:"registries,omitempty"` - // description: | - // Machine system disk encryption configuration. - // Defines each system partition encryption parameters. - // examples: - // - value: machineSystemDiskEncryptionExample() - MachineSystemDiskEncryption *SystemDiskEncryptionConfig `yaml:"systemDiskEncryption,omitempty"` - // description: | - // Features describe individual Talos features that can be switched on or off. - // examples: - // - value: machineFeaturesExample() - MachineFeatures *FeaturesConfig `yaml:"features,omitempty"` - // description: | - // Configures the udev system. - // examples: - // - value: machineUdevExample() - MachineUdev *UdevConfig `yaml:"udev,omitempty"` - // description: | - // Configures the logging system. - // examples: - // - value: machineLoggingExample() - MachineLogging *LoggingConfig `yaml:"logging,omitempty"` - // description: | - // Configures the kernel. - // examples: - // - value: machineKernelExample() - MachineKernel *KernelConfig `yaml:"kernel,omitempty"` - // description: | - // Configures the seccomp profiles for the machine. - // examples: - // - value: machineSeccompExample() - MachineSeccompProfiles []*MachineSeccompProfile `yaml:"seccompProfiles,omitempty" talos:"omitonlyifnil"` - // description: | - // Configures the node labels for the machine. - // - // Note: In the default Kubernetes configuration, worker nodes are restricted to set - // labels with some prefixes (see [NodeRestriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) admission plugin). - // examples: - // - name: node labels example. - // value: 'map[string]string{"exampleLabel": "exampleLabelValue"}' - MachineNodeLabels map[string]string `yaml:"nodeLabels,omitempty"` - // description: | - // Configures the node taints for the machine. Effect is optional. - // - // Note: In the default Kubernetes configuration, worker nodes are not allowed to - // modify the taints (see [NodeRestriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) admission plugin). - // examples: - // - name: node taints example. - // value: 'map[string]string{"exampleTaint": "exampleTaintValue:NoSchedule"}' - MachineNodeTaints map[string]string `yaml:"nodeTaints,omitempty"` + // Specifies the machine's role within the cluster. The roles can be either "controlplane" or "worker". + // The "controlplane" role hosts etcd and the Kubernetes control plane components such as API Server, Controller Manager, Scheduler. + // The "worker" role is available for scheduling workloads. + MachineType string `yaml:"type" docgen:"{'values':['controlplane','worker'],'in':'1.5'}"` + + // Utilizes the `token` for a machine to join the cluster's PKI. + // A machine creates a certificate signing request (CSR) using this token and requests a certificate to be used as its identity. + MachineToken string `yaml:"token" docgen:"{'in':'1.5'}"` + + // Represents the root certificate authority of the PKI, composed of a base64 encoded `crt` and `key`. + MachineCA *x509.PEMEncodedCertificateAndKey `yaml:"ca,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the certificates issued by certificate authorities that are accepted in addition to the issuing `ca`, composed of a base64 encoded `crt`. + MachineAcceptedCAs []*x509.PEMEncodedCertificate `yaml:"acceptedCAs,omitempty" docgen:"{'in':'1.7'}"` + + // Adds extra certificate subject alternative names for the machine's certificate. + // By default, all non-loopback interface IPs are automatically added to the certificate's SANs. + MachineCertSANs []string `yaml:"certSANs" docgen:"{'in':'1.5'}"` + + // Provides machine specific control plane configuration options. + MachineControlPlane *MachineControlPlaneConfig `yaml:"controlPlane,omitempty" docgen:"{'in':'1.5'}"` + + // Provides additional options to the kubelet. + MachineKubelet *KubeletConfig `yaml:"kubelet,omitempty" docgen:"{'in':'1.5'}"` + + // Provides static pod definitions to be run by the kubelet directly, bypassing the kube-apiserver. + // Static pods can be used to run components which should be started before the Kubernetes control plane is up. + // Talos doesn't validate the pod definition. + // Updates to this field can be applied without a reboot. + // See https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/. + MachinePods []Unstructured `yaml:"pods,omitempty" docgen:"{'in':'1.5'}"` + + // Provides machine specific network configuration options. + MachineNetwork *NetworkConfig `yaml:"network,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the partitioning, formatting, and mounting of additional disks. + // Since the rootfs is read-only with the exception of `/var`, mounts are only valid if they are under `/var`. + // Note that the partitioning and formatting is done only once, if and only if no existing XFS partitions are found. + // If `size:` is omitted, the partition is sized to occupy the full disk. + MachineDisks []*MachineDisk `yaml:"disks,omitempty" docgen:"{'in':'1.5'}"` + + // Provides instructions for installations. + // Note that this configuration section gets silently ignored by Talos images that are considered pre-installed. + // To ensure Talos installs according to the provided configuration, boot Talos with ISO or PXE-booted. + MachineInstall *InstallConfig `yaml:"install,omitempty" docgen:"{'in':'1.5'}"` + + // Allows the addition of user specified files. + // The value of `op` can be `create`, `overwrite`, or `append`. + // In the case of `create`, `path` must not exist. + // In the case of `overwrite`, and `append`, `path` must be a valid file. + // If an `op` value of `append` is used, the existing file will be appended. + // Note that the file contents are not required to be base64 encoded. + MachineFiles []*MachineFile `yaml:"files,omitempty" docgen:"{'in':'1.5'}"` + + // Adds environment variables. + // All environment variables are set on PID 1 in addition to every service. + MachineEnv Env `yaml:"env,omitempty" docgen:"{'values':['GRPC_GO_LOG_VERBOSITY_LEVEL','GRPC_GO_LOG_SEVERITY_LEVEL','http_proxy','no_proxy'],'in':'1.5'}"` + + // Configures the machine's time settings. + MachineTime *TimeConfig `yaml:"time,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the machine's sysctls. + MachineSysctls map[string]string `yaml:"sysctls,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the machine's sysfs. + MachineSysfs map[string]string `yaml:"sysfs,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the machine's container image registry mirrors. + // Automatically generates matching CRI configuration for registry mirrors. + // The `mirrors` section allows to redirect requests for images to a non-default registry, + // which might be a local registry or a caching mirror. + // The `config` section provides a way to authenticate to the registry with TLS client + // identity, provide registry CA, or authentication information. + // Authentication information has same meaning with the corresponding field in [`.docker/config.json`](https://docs.docker.com/engine/api/v1.41/#section/Authentication). + // See also matching configuration for [CRI containerd plugin](https://github.com/containerd/cri/blob/master/docs/registry.md). + MachineRegistries RegistriesConfig `yaml:"registries,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the machine system disk encryption. + // Defines each system partition encryption parameters. + MachineSystemDiskEncryption *SystemDiskEncryptionConfig `yaml:"systemDiskEncryption,omitempty" docgen:"{'in':'1.5'}"` + + // Describes individual Talos features that can be switched on or off. + MachineFeatures *FeaturesConfig `yaml:"features,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the udev system. + MachineUdev *UdevConfig `yaml:"udev,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the logging system. + MachineLogging *LoggingConfig `yaml:"logging,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the kernel. + MachineKernel *KernelConfig `yaml:"kernel,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the seccomp profiles for the machine. + MachineSeccompProfiles []*MachineSeccompProfile `yaml:"seccompProfiles,omitempty" docgen:"{'in':'1.5'}" talos:"omitonlyifnil"` + + // Configures the node labels for the machine. + MachineNodeLabels map[string]string `yaml:"nodeLabels,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the node taints for the machine. + MachineNodeTaints map[string]string `yaml:"nodeTaints,omitempty" docgen:"{'optional':true, 'in':'1.6'}"` } // MachineSeccompProfile defines seccomp profiles for the machine. type MachineSeccompProfile struct { - // description: | - // The `name` field is used to provide the file name of the seccomp profile. - MachineSeccompProfileName string `yaml:"name"` - // description: | - // The `value` field is used to provide the seccomp profile. - // schema: - // type: object - MachineSeccompProfileValue Unstructured `yaml:"value"` + // Provides the file name of the seccomp profile. + MachineSeccompProfileName string `yaml:"name" docgen:"{'in':'1.5'}"` + + // Provides the seccomp profile. + MachineSeccompProfileValue Unstructured `yaml:"value" docgen:"{'in':'1.5'}"` } var ( @@ -329,194 +187,86 @@ var ( ) // ClusterConfig represents the cluster-wide config values. -// -// examples: -// - value: clusterConfigExample() type ClusterConfig struct { - // description: | - // Globally unique identifier for this cluster (base64 encoded random 32 bytes). - ClusterID string `yaml:"id,omitempty"` - // description: | - // Shared secret of cluster (base64 encoded random 32 bytes). - // This secret is shared among cluster members but should never be sent over the network. - ClusterSecret string `yaml:"secret,omitempty"` - // description: | - // Provides control plane specific configuration options. - // examples: - // - name: Setting controlplane endpoint address to 1.2.3.4 and port to 443 example. - // value: clusterControlPlaneExample() - ControlPlane *ControlPlaneConfig `yaml:"controlPlane"` - // description: | - // Configures the cluster's name. - ClusterName string `yaml:"clusterName,omitempty"` - // description: | - // Provides cluster specific network configuration options. - // examples: - // - name: Configuring with flannel CNI and setting up subnets. - // value: clusterNetworkExample() - ClusterNetwork *ClusterNetworkConfig `yaml:"network,omitempty"` - // description: | - // The [bootstrap token](https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/) used to join the cluster. - // examples: - // - name: Bootstrap token example (do not use in production!). - // value: '"wlzjyw.bei2zfylhs2by0wd"' - BootstrapToken string `yaml:"token,omitempty"` - // description: | - // A key used for the [encryption of secret data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). - // Enables encryption with AESCBC. - // examples: - // - name: Decryption secret example (do not use in production!). - // value: '"z01mye6j16bspJYtTB/5SFX8j7Ph4JXxM2Xuu4vsBPM="' - ClusterAESCBCEncryptionSecret string `yaml:"aescbcEncryptionSecret,omitempty"` - // description: | - // A key used for the [encryption of secret data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). - // Enables encryption with secretbox. - // Secretbox has precedence over AESCBC. - // examples: - // - name: Decryption secret example (do not use in production!). - // value: '"z01mye6j16bspJYtTB/5SFX8j7Ph4JXxM2Xuu4vsBPM="' - ClusterSecretboxEncryptionSecret string `yaml:"secretboxEncryptionSecret,omitempty"` - // description: | - // The base64 encoded root certificate authority used by Kubernetes. - // examples: - // - name: ClusterCA example. - // value: pemEncodedCertificateExample() - // schema: - // type: object - // additionalProperties: false - // properties: - // crt: - // type: string - // key: - // type: string - ClusterCA *x509.PEMEncodedCertificateAndKey `yaml:"ca,omitempty"` - // description: | - // The list of base64 encoded accepted certificate authorities used by Kubernetes. - // schema: - // type: object - // additionalProperties: false - // properties: - // crt: - // type: string - ClusterAcceptedCAs []*x509.PEMEncodedCertificate `yaml:"acceptedCAs,omitempty"` - // description: | - // The base64 encoded aggregator certificate authority used by Kubernetes for front-proxy certificate generation. - // - // This CA can be self-signed. - // examples: - // - name: AggregatorCA example. - // value: pemEncodedCertificateExample() - // schema: - // type: object - // additionalProperties: false - // properties: - // crt: - // type: string - // key: - // type: string - ClusterAggregatorCA *x509.PEMEncodedCertificateAndKey `yaml:"aggregatorCA,omitempty"` - // description: | - // The base64 encoded private key for service account token generation. - // examples: - // - name: AggregatorCA example. - // value: pemEncodedKeyExample() - // schema: - // type: object - // additionalProperties: false - // properties: - // key: - // type: string - // additionalProperties: false - ClusterServiceAccount *x509.PEMEncodedKey `yaml:"serviceAccount,omitempty"` - // description: | - // API server specific configuration options. - // examples: - // - value: clusterAPIServerExample() - APIServerConfig *APIServerConfig `yaml:"apiServer,omitempty"` - // description: | - // Controller manager server specific configuration options. - // examples: - // - value: clusterControllerManagerExample() - ControllerManagerConfig *ControllerManagerConfig `yaml:"controllerManager,omitempty"` - // description: | - // Kube-proxy server-specific configuration options - // examples: - // - value: clusterProxyExample() - ProxyConfig *ProxyConfig `yaml:"proxy,omitempty"` - // description: | - // Scheduler server specific configuration options. - // examples: - // - value: clusterSchedulerExample() - SchedulerConfig *SchedulerConfig `yaml:"scheduler,omitempty"` - // description: | - // Configures cluster member discovery. - // examples: - // - value: clusterDiscoveryExample() - ClusterDiscoveryConfig *ClusterDiscoveryConfig `yaml:"discovery,omitempty"` - // description: | - // Etcd specific configuration options. - // examples: - // - value: clusterEtcdExample() - EtcdConfig *EtcdConfig `yaml:"etcd,omitempty"` - // description: | - // Core DNS specific configuration options. - // examples: - // - value: clusterCoreDNSExample() - CoreDNSConfig *CoreDNS `yaml:"coreDNS,omitempty"` - // description: | - // External cloud provider configuration. - // examples: - // - value: clusterExternalCloudProviderConfigExample() - ExternalCloudProviderConfig *ExternalCloudProviderConfig `yaml:"externalCloudProvider,omitempty"` - // description: | - // A list of urls that point to additional manifests. - // These will get automatically deployed as part of the bootstrap. - // examples: - // - value: > - // []string{ - // "https://www.example.com/manifest1.yaml", - // "https://www.example.com/manifest2.yaml", - // } - ExtraManifests []string `yaml:"extraManifests,omitempty" talos:"omitonlyifnil"` - // description: | - // A map of key value pairs that will be added while fetching the extraManifests. - // examples: - // - value: > - // map[string]string{ - // "Token": "1234567", - // "X-ExtraInfo": "info", - // } - ExtraManifestHeaders map[string]string `yaml:"extraManifestHeaders,omitempty"` - // description: | - // A list of inline Kubernetes manifests. - // These will get automatically deployed as part of the bootstrap. - // examples: - // - value: clusterInlineManifestsExample() - // schema: - // type: array - // items: - // $ref: "#/$defs/v1alpha1.ClusterInlineManifest" - ClusterInlineManifests ClusterInlineManifests `yaml:"inlineManifests,omitempty" talos:"omitonlyifnil"` - // description: | - // Settings for admin kubeconfig generation. - // Certificate lifetime can be configured. - // examples: - // - value: clusterAdminKubeconfigExample() - AdminKubeconfigConfig *AdminKubeconfigConfig `yaml:"adminKubeconfig,omitempty"` - // docgen:nodoc - // - // Deprecated: Use `AllowSchedulingOnControlPlanes` instead. - AllowSchedulingOnMasters *bool `yaml:"allowSchedulingOnMasters,omitempty"` - // description: | - // Allows running workload on control-plane nodes. - // values: - // - true - // - yes - // - false - // - no - // examples: - // - value: true - AllowSchedulingOnControlPlanes *bool `yaml:"allowSchedulingOnControlPlanes,omitempty"` + // Specifies a globally unique identifier for this cluster (base64 encoded random 32 bytes). + ClusterID string `yaml:"id,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a shared secret of the cluster (base64 encoded random 32 bytes). + // The secret should never be sent over the network. + ClusterSecret string `yaml:"secret,omitempty" docgen:"{'in':'1.5'}"` + + // Provides control plane specific configuration options. + ControlPlane *ControlPlaneConfig `yaml:"controlPlane" docgen:"{'in':'1.5'}"` + + // Specifies the cluster's name. + ClusterName string `yaml:"clusterName,omitempty" docgen:"{'in':'1.5'}"` + + // Provides cluster specific network configuration options. + ClusterNetwork *ClusterNetworkConfig `yaml:"network,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the bootstrap token used to join the cluster. + BootstrapToken string `yaml:"token,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a key for the encryption of secret data at rest using AESCBC. + ClusterAESCBCEncryptionSecret string `yaml:"aescbcEncryptionSecret,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a key for the encryption of secret data at rest using secretbox. + // Secretbox has precedence over AESCBC. + ClusterSecretboxEncryptionSecret string `yaml:"secretboxEncryptionSecret,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the root certificate authority used by Kubernetes. + ClusterCA *x509.PEMEncodedCertificateAndKey `yaml:"ca,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the certificates issued by certificate authorities used by Kubernetes that are accepted in addition to the issuing `ca`, composed of a base64 encoded `crt`. + ClusterAcceptedCAs []*x509.PEMEncodedCertificate `yaml:"acceptedCAs,omitempty" docgen:"{'in':'1.7'}"` + + // Specifies the aggregator certificate authority used by Kubernetes for front-proxy certificate generation. + ClusterAggregatorCA *x509.PEMEncodedCertificateAndKey `yaml:"aggregatorCA,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the private key for service account token generation. + ClusterServiceAccount *x509.PEMEncodedKey `yaml:"serviceAccount,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies API server specific configuration options. + APIServerConfig *APIServerConfig `yaml:"apiServer,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies controller manager server specific configuration options. + ControllerManagerConfig *ControllerManagerConfig `yaml:"controllerManager,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies kube-proxy server-specific configuration options. + ProxyConfig *ProxyConfig `yaml:"proxy,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies scheduler server specific configuration options. + SchedulerConfig *SchedulerConfig `yaml:"scheduler,omitempty" docgen:"{'in':'1.5'}"` + + // Configures cluster member discovery. + ClusterDiscoveryConfig *ClusterDiscoveryConfig `yaml:"discovery,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies etcd specific configuration options. + EtcdConfig *EtcdConfig `yaml:"etcd,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies Core DNS specific configuration options. + CoreDNSConfig *CoreDNS `yaml:"coreDNS,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies external cloud provider configuration. + ExternalCloudProviderConfig *ExternalCloudProviderConfig `yaml:"externalCloudProvider,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a list of urls that point to additional manifests. + ExtraManifests []string `yaml:"extraManifests,omitempty" docgen:"{'in':'1.5'}" talos:"omitonlyifnil"` + + // Specifies a map of key value pairs for fetching the extraManifests. + ExtraManifestHeaders map[string]string `yaml:"extraManifestHeaders,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a list of inline Kubernetes manifests. + ClusterInlineManifests ClusterInlineManifests `yaml:"inlineManifests,omitempty" docgen:"{'in':'1.5'}" talos:"omitonlyifnil"` + + // Specifies settings for admin kubeconfig generation. + AdminKubeconfigConfig *AdminKubeconfigConfig `yaml:"adminKubeconfig,omitempty" docgen:"{'in':'1.5'}"` + + // Allows running workload on control-plane nodes. + AllowSchedulingOnMasters *bool `yaml:"allowSchedulingOnMasters,omitempty" docgen:"{'deprecated':'1.6','in':'1.5'}"` + + // Allows running workload on control-plane nodes. + AllowSchedulingOnControlPlanes *bool `yaml:"allowSchedulingOnControlPlanes,omitempty" docgen:"{'in':'1.5'}"` } // LinuxIDMapping represents the Linux ID mapping. @@ -559,170 +309,91 @@ type ExtraMount struct { GIDMappings []LinuxIDMapping `yaml:"gidMappings,omitempty"` } -// MachineControlPlaneConfig machine specific configuration options. +// MachineControlPlaneConfig defines machine specific configuration options. type MachineControlPlaneConfig struct { - // description: | - // Controller manager machine specific configuration options. - MachineControllerManager *MachineControllerManagerConfig `yaml:"controllerManager,omitempty"` - // description: | - // Scheduler machine specific configuration options. - MachineScheduler *MachineSchedulerConfig `yaml:"scheduler,omitempty"` + // Specifies controller manager machine specific configuration options. + MachineControllerManager *MachineControllerManagerConfig `yaml:"controllerManager,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies scheduler machine specific configuration options. + MachineScheduler *MachineSchedulerConfig `yaml:"scheduler,omitempty" docgen:"{'in':'1.5'}"` } // MachineControllerManagerConfig represents the machine specific ControllerManager config values. type MachineControllerManagerConfig struct { - // description: | - // Disable kube-controller-manager on the node. - MachineControllerManagerDisabled *bool `yaml:"disabled,omitempty"` + // Specifies whether to disable the kube-controller-manager on the node. + MachineControllerManagerDisabled *bool `yaml:"disabled,omitempty" docgen:"{'in':'1.5'}"` } // MachineSchedulerConfig represents the machine specific Scheduler config values. type MachineSchedulerConfig struct { - // description: | - // Disable kube-scheduler on the node. - MachineSchedulerDisabled *bool `yaml:"disabled,omitempty"` + // Specifies whether to disable the kube-scheduler on the node. + MachineSchedulerDisabled *bool `yaml:"disabled,omitempty" docgen:"{'in':'1.5'}"` } // KubeletConfig represents the kubelet config values. type KubeletConfig struct { - // description: | - // The `image` field is an optional reference to an alternative kubelet image. - // examples: - // - value: kubeletImageExample() - KubeletImage string `yaml:"image,omitempty"` - // description: | - // The `ClusterDNS` field is an optional reference to an alternative kubelet clusterDNS ip list. - // examples: - // - value: '[]string{"10.96.0.10", "169.254.2.53"}' - KubeletClusterDNS []string `yaml:"clusterDNS,omitempty"` - // description: | - // The `extraArgs` field is used to provide additional flags to the kubelet. - // examples: - // - value: > - // map[string]string{ - // "key": "value", - // } - KubeletExtraArgs map[string]string `yaml:"extraArgs,omitempty"` - // description: | - // The `extraMounts` field is used to add additional mounts to the kubelet container. - // Note that either `bind` or `rbind` are required in the `options`. - // examples: - // - value: kubeletExtraMountsExample() - KubeletExtraMounts []ExtraMount `yaml:"extraMounts,omitempty"` - // description: | - // The `extraConfig` field is used to provide kubelet configuration overrides. - // - // Some fields are not allowed to be overridden: authentication and authorization, cgroups - // configuration, ports, etc. - // examples: - // - value: kubeletExtraConfigExample() - // schema: - // type: object - KubeletExtraConfig Unstructured `yaml:"extraConfig,omitempty"` - // description: | - // The `KubeletCredentialProviderConfig` field is used to provide kubelet credential configuration. - // examples: - // - value: kubeletCredentialProviderConfigExample() - // schema: - // type: object - KubeletCredentialProviderConfig Unstructured `yaml:"credentialProviderConfig,omitempty"` - // description: | - // Enable container runtime default Seccomp profile. - // values: - // - true - // - yes - // - false - // - no - KubeletDefaultRuntimeSeccompProfileEnabled *bool `yaml:"defaultRuntimeSeccompProfileEnabled,omitempty"` - // description: | - // The `registerWithFQDN` field is used to force kubelet to use the node FQDN for registration. - // This is required in clouds like AWS. - // values: - // - true - // - yes - // - false - // - no - KubeletRegisterWithFQDN *bool `yaml:"registerWithFQDN,omitempty"` - // description: | - // The `nodeIP` field is used to configure `--node-ip` flag for the kubelet. - // This is used when a node has multiple addresses to choose from. - // examples: - // - value: kubeletNodeIPExample() - KubeletNodeIP *KubeletNodeIPConfig `yaml:"nodeIP,omitempty"` - // description: | - // The `skipNodeRegistration` is used to run the kubelet without registering with the apiserver. - // This runs kubelet as standalone and only runs static pods. - // values: - // - true - // - yes - // - false - // - no - KubeletSkipNodeRegistration *bool `yaml:"skipNodeRegistration,omitempty"` - // description: | - // The `disableManifestsDirectory` field configures the kubelet to get static pod manifests from the /etc/kubernetes/manifests directory. - // It's recommended to configure static pods with the "pods" key instead. - // values: - // - true - // - yes - // - false - // - no - KubeletDisableManifestsDirectory *bool `yaml:"disableManifestsDirectory,omitempty"` + // Specifies an optional reference to an alternative kubelet image. + KubeletImage string `yaml:"image,omitempty" docgen:"{'optional':true,'in':'1.5'}"` + + // Specifies an optional reference to an alternative kubelet clusterDNS IP list. + KubeletClusterDNS []string `yaml:"clusterDNS,omitempty" docgen:"{'optional':true,'in':'1.5'}"` + + // Provides additional flags to the kubelet. + KubeletExtraArgs map[string]string `yaml:"extraArgs,omitempty" docgen:"{'in':'1.5'}"` + + // Adds additional mounts to the kubelet container. + KubeletExtraMounts []ExtraMount `yaml:"extraMounts,omitempty" docgen:"{'in':'1.5'}"` + + // Provides kubelet configuration overrides. + KubeletExtraConfig Unstructured `yaml:"extraConfig,omitempty" docgen:"{'in':'1.5'}"` + + // Provide kubelet credential configuration. + KubeletCredentialProviderConfig Unstructured `yaml:"credentialProviderConfig,omitempty" docgen:"{'in':'1.6'}"` + + // Enables the container runtime default Seccomp profile. + KubeletDefaultRuntimeSeccompProfileEnabled *bool `yaml:"defaultRuntimeSeccompProfileEnabled,omitempty" docgen:"{'in':'1.5'}"` + + // Forces the kubelet to use the node FQDN for registration. + KubeletRegisterWithFQDN *bool `yaml:"registerWithFQDN,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the `--node-ip` flag for the kubelet. + KubeletNodeIP *KubeletNodeIPConfig `yaml:"nodeIP,omitempty" docgen:"{'in':'1.5'}"` + + // Runs the kubelet without registering with the apiserver. + KubeletSkipNodeRegistration *bool `yaml:"skipNodeRegistration,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the kubelet to get static pod manifests from the /etc/kubernetes/manifests directory. + KubeletDisableManifestsDirectory *bool `yaml:"disableManifestsDirectory,omitempty" docgen:"{'in':'1.5'}"` } // KubeletNodeIPConfig represents the kubelet node IP configuration. type KubeletNodeIPConfig struct { - // description: | - // The `validSubnets` field configures the networks to pick kubelet node IP from. - // For dual stack configuration, there should be two subnets: one for IPv4, another for IPv6. - // IPs can be excluded from the list by using negative match with `!`, e.g `!10.0.0.0/8`. - // Negative subnet matches should be specified last to filter out IPs picked by positive matches. - // If not specified, node IP is picked based on cluster podCIDRs: IPv4/IPv6 address or both. - KubeletNodeIPValidSubnets []string `yaml:"validSubnets,omitempty"` + // Configures the networks to pick kubelet node IP from. + KubeletNodeIPValidSubnets []string `yaml:"validSubnets,omitempty" docgen:"{'in':'1.5'}"` } // NetworkConfig represents the machine's networking config values. type NetworkConfig struct { - // description: | - // Used to statically set the hostname for the machine. - NetworkHostname string `yaml:"hostname,omitempty"` - // description: | - // `interfaces` is used to define the network interface configuration. - // By default all network interfaces will attempt a DHCP discovery. - // This can be further tuned through this configuration parameter. - // examples: - // - value: machineNetworkConfigExample().NetworkInterfaces - NetworkInterfaces NetworkDeviceList `yaml:"interfaces,omitempty"` - // description: | - // Used to statically set the nameservers for the machine. - // Defaults to `1.1.1.1` and `8.8.8.8` - // examples: - // - value: '[]string{"8.8.8.8", "1.1.1.1"}' - NameServers []string `yaml:"nameservers,omitempty"` - // description: | - // Allows for extra entries to be added to the `/etc/hosts` file - // examples: - // - value: networkConfigExtraHostsExample() - ExtraHostEntries []*ExtraHost `yaml:"extraHostEntries,omitempty"` - // description: | - // Configures KubeSpan feature. - // examples: - // - value: networkKubeSpanExample() - NetworkKubeSpan *NetworkKubeSpan `yaml:"kubespan,omitempty"` - // description: | - // Disable generating a default search domain in /etc/resolv.conf - // based on the machine hostname. - // Defaults to `false`. - // values: - // - true - // - yes - // - false - // - no - NetworkDisableSearchDomain *bool `yaml:"disableSearchDomain,omitempty"` + // Specifies a static hostname for the machine. + NetworkHostname string `yaml:"hostname,omitempty" docgen:"{'in':'1.5'}"` + + // Defines the network interface configuration. + NetworkInterfaces NetworkDeviceList `yaml:"interfaces,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies static nameservers for the machine. + NameServers []string `yaml:"nameservers,omitempty" docgen:"{'in':'1.5'}"` + + // Allows adding extra entries to the `/etc/hosts` file. + ExtraHostEntries []*ExtraHost `yaml:"extraHostEntries,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the KubeSpan feature. + NetworkKubeSpan *NetworkKubeSpan `yaml:"kubespan,omitempty" docgen:"{'in':'1.5'}"` + + // Disables generating a default search domain in /etc/resolv.conf based on the machine hostname. + NetworkDisableSearchDomain *bool `yaml:"disableSearchDomain,omitempty" docgen:"{'in':'1.5'}"` } // NetworkDeviceList is a list of *Device structures with overridden merge process. -// -//docgen:alias type NetworkDeviceList []*Device // Merge the network interface configuration intelligently. @@ -774,58 +445,32 @@ func (devices *NetworkDeviceList) mergeDevice(device *Device) error { // InstallConfig represents the installation options for preparing a node. type InstallConfig struct { - // description: | - // The disk used for installations. - // examples: - // - value: '"/dev/sda"' - // - value: '"/dev/nvme0"' - InstallDisk string `yaml:"disk,omitempty"` - // description: | - // Look up disk using disk attributes like model, size, serial and others. - // Always has priority over `disk`. - // examples: - // - value: machineInstallDiskSelectorExample() - InstallDiskSelector *InstallDiskSelector `yaml:"diskSelector,omitempty"` - // description: | - // Allows for supplying extra kernel args via the bootloader. - // Existing kernel args can be removed by prefixing the argument with a `-`. - // For example `-console` removes all `console=` arguments, whereas `-console=tty0` removes the `console=tty0` default argument. - // examples: - // - value: '[]string{"talos.platform=metal", "reboot=k"}' - InstallExtraKernelArgs []string `yaml:"extraKernelArgs,omitempty"` - // description: | - // Allows for supplying the image used to perform the installation. - // Image reference for each Talos release can be found on - // [GitHub releases page](https://github.com/siderolabs/talos/releases). - // examples: - // - value: '"ghcr.io/siderolabs/installer:latest"' - InstallImage string `yaml:"image,omitempty"` - // description: | - // Allows for supplying additional system extension images to install on top of base Talos image. - // examples: - // - value: installExtensionsExample() - InstallExtensions []InstallExtensionConfig `yaml:"extensions,omitempty"` - // docgen:nodoc - // - // Deprecated: It never worked. - InstallBootloader *bool `yaml:"bootloader,omitempty"` - // description: | - // Indicates if the installation disk should be wiped at installation time. - // Defaults to `true`. - // values: - // - true - // - yes - // - false - // - no - InstallWipe *bool `yaml:"wipe"` - // description: | - // Indicates if MBR partition should be marked as bootable (active). - // Should be enabled only for the systems with legacy BIOS that doesn't support GPT partitioning scheme. - InstallLegacyBIOSSupport *bool `yaml:"legacyBIOSSupport,omitempty"` + // Specifies the disk used for installations. + InstallDisk string `yaml:"disk,omitempty" docgen:"{'in':'1.5'}"` + + // Allows for disk lookup using disk attributes such as model, size, serial, etc. + InstallDiskSelector *InstallDiskSelector `yaml:"diskSelector,omitempty" docgen:"{'in':'1.5'}"` + + // Supplies extra kernel arguments via the bootloader. + InstallExtraKernelArgs []string `yaml:"extraKernelArgs,omitempty" docgen:"{'in':'1.5'}"` + + // Supplies the image used for the installation. + InstallImage string `yaml:"image,omitempty" docgen:"{'in':'1.5'}"` + + // Supplies additional system extension images to install on top of the base Talos image. + InstallExtensions []InstallExtensionConfig `yaml:"extensions,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies if a bootloader should be installed. + InstallBootloader *bool `yaml:"bootloader,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies if the installation disk should be wiped at installation time. + InstallWipe *bool `yaml:"wipe" docgen:"{'in':'1.5'}"` + + // Specifies if the MBR partition should be marked as bootable (active). + InstallLegacyBIOSSupport *bool `yaml:"legacyBIOSSupport,omitempty" docgen:"{'in':'1.5'}"` } // InstallDiskSizeMatcher disk size condition parser. -// docgen:nodoc type InstallDiskSizeMatcher struct { MatchData InstallDiskSizeMatchData condition string @@ -879,8 +524,6 @@ func (m *InstallDiskSizeMatcher) Matcher(d *disk.Disk) bool { } // InstallDiskSizeMatchData contains data for comparison - Op and Size. -// -//docgen:nodoc type InstallDiskSizeMatchData struct { Op string Size uint64 @@ -934,123 +577,70 @@ func (it *InstallDiskType) UnmarshalYAML(unmarshal func(interface{}) error) erro return nil } -// InstallDiskSelector represents a disk query parameters for the install disk lookup. +// InstallDiskSelector represents disk query parameters for the install disk lookup. type InstallDiskSelector struct { - // description: Disk size. - // examples: - // - name: Select a disk which size is equal to 4GB. - // value: machineInstallDiskSizeMatcherExamples0() - // - name: Select a disk which size is greater than 1TB. - // value: machineInstallDiskSizeMatcherExamples1() - // - name: Select a disk which size is less or equal than 2TB. - // value: machineInstallDiskSizeMatcherExamples2() - // schema: - // type: string - Size *InstallDiskSizeMatcher `yaml:"size,omitempty"` - // description: Disk name `/sys/block//device/name`. - Name string `yaml:"name,omitempty"` - // description: Disk model `/sys/block//device/model`. - Model string `yaml:"model,omitempty"` - // description: Disk serial number `/sys/block//serial`. - Serial string `yaml:"serial,omitempty"` - // description: Disk modalias `/sys/block//device/modalias`. - Modalias string `yaml:"modalias,omitempty"` - // description: Disk UUID `/sys/block//uuid`. - UUID string `yaml:"uuid,omitempty"` - // description: Disk WWID `/sys/block//wwid`. - WWID string `yaml:"wwid,omitempty"` - // description: Disk Type. - // values: - // - ssd - // - hdd - // - nvme - // - sd - Type InstallDiskType `yaml:"type,omitempty"` - // description: Disk bus path. - // examples: - // - value: '"/pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0"' - // - value: '"/pci0000:00/*"' - BusPath string `yaml:"busPath,omitempty"` + // Specifies the disk size. + Size *InstallDiskSizeMatcher `yaml:"size,omitempty" docgen:"{'in':'1.5'}"` + + // Refers to the disk name `/sys/block//device/name`. + Name string `yaml:"name,omitempty" docgen:"{'in':'1.5'}"` + + // Refers to the disk model `/sys/block//device/model`. + Model string `yaml:"model,omitempty" docgen:"{'in':'1.5'}"` + + // Refers to the disk serial number `/sys/block//serial`. + Serial string `yaml:"serial,omitempty" docgen:"{'in':'1.5'}"` + + // Refers to the disk modalias `/sys/block//device/modalias`. + Modalias string `yaml:"modalias,omitempty" docgen:"{'in':'1.5'}"` + + // Refers to the disk UUID `/sys/block//uuid`. + UUID string `yaml:"uuid,omitempty" docgen:"{'in':'1.5'}"` + + // Refers to the disk WWID `/sys/block//wwid`. + WWID string `yaml:"wwid,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the disk type. + Type InstallDiskType `yaml:"type,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the disk bus path. + BusPath string `yaml:"busPath,omitempty" docgen:"{'in':'1.5'}"` } // InstallExtensionConfig represents a configuration for a system extension. type InstallExtensionConfig struct { - // description: System extension image. - ExtensionImage string `yaml:"image"` + // Specifies the system extension image. + ExtensionImage string `yaml:"image" docgen:"{'in':'1.5'}"` } // TimeConfig represents the options for configuring time on a machine. type TimeConfig struct { - // description: | - // Indicates if the time service is disabled for the machine. - // Defaults to `false`. - TimeDisabled *bool `yaml:"disabled,omitempty"` - // description: | - // Specifies time (NTP) servers to use for setting the system time. - // Defaults to `time.cloudflare.com`. - // - // Talos can also sync to the PTP time source (e.g provided by the hypervisor), - // provide the path to the PTP device as "/dev/ptp0" or "/dev/ptp_kvm". - TimeServers []string `yaml:"servers,omitempty"` - // description: | - // Specifies the timeout when the node time is considered to be in sync unlocking the boot sequence. - // NTP sync will be still running in the background. - // Defaults to "infinity" (waiting forever for time sync) - // schema: - // type: string - // pattern: ^[-+]?(((\d+(\.\d*)?|\d*(\.\d+)+)([nuµm]?s|m|h))|0)+$ - TimeBootTimeout time.Duration `yaml:"bootTimeout,omitempty"` + // Indicates if the time service is disabled for the machine. + TimeDisabled *bool `yaml:"disabled,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies time (NTP) servers to use for setting the system time. + TimeServers []string `yaml:"servers,omitempty" docgen:"{'in':'1.5', 'default': '[time.cloudflare.com]'}"` + + // Specifies the timeout when the node time is considered to be in sync unlocking the boot sequence. + TimeBootTimeout time.Duration `yaml:"bootTimeout,omitempty" docgen:"{'in':'1.5'}"` } // RegistriesConfig represents the image pull options. type RegistriesConfig struct { - // description: | - // Specifies mirror configuration for each registry host namespace. - // This setting allows to configure local pull-through caching registires, - // air-gapped installations, etc. - // - // For example, when pulling an image with the reference `example.com:123/image:v1`, - // the `example.com:123` key will be used to lookup the mirror configuration. - // - // Optionally the `*` key can be used to configure a fallback mirror. - // - // Registry name is the first segment of image identifier, with 'docker.io' - // being default one. - // examples: - // - value: machineConfigRegistryMirrorsExample() - RegistryMirrors map[string]*RegistryMirrorConfig `yaml:"mirrors,omitempty"` - // description: | - // Specifies TLS & auth configuration for HTTPS image registries. - // Mutual TLS can be enabled with 'clientIdentity' option. - // - // The full hostname and port (if not using a default port 443) - // should be used as the key. - // The fallback key `*` can't be used for TLS configuration. - // - // TLS configuration can be skipped if registry has trusted - // server certificate. - // examples: - // - value: machineConfigRegistryConfigExample() - RegistryConfig map[string]*RegistryConfig `yaml:"config,omitempty"` -} + // Provides mirror configuration for each registry host namespace. + RegistryMirrors map[string]*RegistryMirrorConfig `yaml:"mirrors,omitempty" docgen:"{'in':'1.5'}"` -// PodCheckpointer represents the pod-checkpointer config values. -// -//docgen:nodoc -type PodCheckpointer struct { - // description: | - // The `image` field is an override to the default pod-checkpointer image. - PodCheckpointerImage string `yaml:"image,omitempty"` + // Provides TLS & auth configuration for HTTPS image registries. + RegistryConfig map[string]*RegistryConfig `yaml:"config,omitempty" docgen:"{'in':'1.5'}"` } // CoreDNS represents the CoreDNS config values. type CoreDNS struct { - // description: | - // Disable coredns deployment on cluster bootstrap. - CoreDNSDisabled *bool `yaml:"disabled,omitempty"` - // description: | - // The `image` field is an override to the default coredns image. - CoreDNSImage string `yaml:"image,omitempty"` + // Indicates if coredns deployment is disabled on cluster bootstrap. + CoreDNSDisabled *bool `yaml:"disabled,omitempty" docgen:"{'in':'1.5'}"` + + // Overrides the default coredns image. + CoreDNSImage string `yaml:"image,omitempty" docgen:"{'in':'1.5'}"` } // Endpoint represents the endpoint URL parsed out of the machine config. @@ -1106,75 +696,46 @@ func (e *Endpoint) DeepCopy() *Endpoint { // ControlPlaneConfig represents the control plane configuration options. type ControlPlaneConfig struct { - // description: | - // Endpoint is the canonical controlplane endpoint, which can be an IP address or a DNS hostname. - // It is single-valued, and may optionally include a port number. - // examples: - // - value: clusterEndpointExample1() - // - value: clusterEndpointExample2() - // schema: - // type: string - // format: uri - // pattern: "^https://" - Endpoint *Endpoint `yaml:"endpoint"` - // description: | - // The port that the API server listens on internally. - // This may be different than the port portion listed in the endpoint field above. - // The default is `6443`. - LocalAPIServerPort int `yaml:"localAPIServerPort,omitempty"` + // Specifies the canonical controlplane endpoint, which can be an IP address or a DNS hostname. + Endpoint *Endpoint `yaml:"endpoint" docgen:"{'in':'1.5'}"` + + // Specifies the port that the API server listens on internally. + LocalAPIServerPort int `yaml:"localAPIServerPort,omitempty" docgen:"{'in':'1.5'}"` } var _ config.APIServer = (*APIServerConfig)(nil) // APIServerConfig represents the kube apiserver configuration options. type APIServerConfig struct { - // description: | - // The container image used in the API server manifest. - // examples: - // - value: clusterAPIServerImageExample() - ContainerImage string `yaml:"image,omitempty"` - // description: | - // Extra arguments to supply to the API server. - ExtraArgsConfig map[string]string `yaml:"extraArgs,omitempty"` - // description: | - // Extra volumes to mount to the API server static pod. - ExtraVolumesConfig []VolumeMountConfig `yaml:"extraVolumes,omitempty"` - // description: | - // The `env` field allows for the addition of environment variables for the control plane component. - // schema: - // type: object - // patternProperties: - // ".*": - // type: string - EnvConfig Env `yaml:"env,omitempty"` - // description: | - // Extra certificate subject alternative names for the API server's certificate. - CertSANs []string `yaml:"certSANs,omitempty"` - // description: | - // Disable PodSecurityPolicy in the API server and default manifests. - DisablePodSecurityPolicyConfig *bool `yaml:"disablePodSecurityPolicy,omitempty"` - // description: | - // Configure the API server admission plugins. - // examples: - // - value: admissionControlConfigExample() - AdmissionControlConfig AdmissionPluginConfigList `yaml:"admissionControl,omitempty"` - // description: | - // Configure the API server audit policy. - // examples: - // - value: APIServerDefaultAuditPolicy - // schema: - // type: object - AuditPolicyConfig Unstructured `yaml:"auditPolicy,omitempty" merge:"replace"` - // description: | - // Configure the API server resources. - // schema: - // type: object - ResourcesConfig *ResourcesConfig `yaml:"resources,omitempty"` + // Specifies the container image used in the API server manifest. + ContainerImage string `yaml:"image,omitempty" docgen:"{'in':'1.5'}"` + + // Provides extra arguments to the API server. + ExtraArgsConfig map[string]string `yaml:"extraArgs,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies extra volumes to mount to the API server static pod. + ExtraVolumesConfig []VolumeMountConfig `yaml:"extraVolumes,omitempty" docgen:"{'in':'1.5'}"` + + // Allows for the addition of environment variables for the control plane component. + EnvConfig Env `yaml:"env,omitempty" docgen:"{'in':'1.5'}"` + + // Provides extra certificate subject alternative names for the API server's certificate. + CertSANs []string `yaml:"certSANs,omitempty" docgen:"{'in':'1.5'}"` + + // Indicates if PodSecurityPolicy is disabled in the API server and default manifests. + DisablePodSecurityPolicyConfig *bool `yaml:"disablePodSecurityPolicy,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the API server admission plugins. + AdmissionControlConfig AdmissionPluginConfigList `yaml:"admissionControl,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the API server audit policy. + AuditPolicyConfig Unstructured `yaml:"auditPolicy,omitempty" merge:"replace" docgen:"{'in':'1.5'}"` + + // Configures the API server resources. + ResourcesConfig *ResourcesConfig `yaml:"resources,omitempty" docgen:"{'in':'1.5'}"` } // AdmissionPluginConfigList represents the admission plugin configuration list. -// -//docgen:alias type AdmissionPluginConfigList []*AdmissionPluginConfig // Merge the admission plugin configuration intelligently. @@ -1215,280 +776,147 @@ func (configs *AdmissionPluginConfigList) mergeConfig(config *AdmissionPluginCon // AdmissionPluginConfig represents the API server admission plugin configuration. type AdmissionPluginConfig struct { - // description: | - // Name is the name of the admission controller. - // It must match the registered admission plugin name. - PluginName string `yaml:"name"` - // description: | - // Configuration is an embedded configuration object to be used as the plugin's - // configuration. - // schema: - // type: object - PluginConfiguration Unstructured `yaml:"configuration"` + // Specifies the name of the admission controller. + PluginName string `yaml:"name" docgen:"{'in':'1.5'}"` + + // Specifies an embedded configuration object to be used as the plugin's configuration. + PluginConfiguration Unstructured `yaml:"configuration" docgen:"{'in':'1.5'}"` } var _ config.ControllerManager = (*ControllerManagerConfig)(nil) // ControllerManagerConfig represents the kube controller manager configuration options. type ControllerManagerConfig struct { - // description: | - // The container image used in the controller manager manifest. - // examples: - // - value: clusterControllerManagerImageExample() - ContainerImage string `yaml:"image,omitempty"` - // description: | - // Extra arguments to supply to the controller manager. - ExtraArgsConfig map[string]string `yaml:"extraArgs,omitempty"` - // description: | - // Extra volumes to mount to the controller manager static pod. - ExtraVolumesConfig []VolumeMountConfig `yaml:"extraVolumes,omitempty"` - // description: | - // The `env` field allows for the addition of environment variables for the control plane component. - // schema: - // type: object - // patternProperties: - // ".*": - // type: string - EnvConfig Env `yaml:"env,omitempty"` - // description: | - // Configure the controller manager resources. - // schema: - // type: object - ResourcesConfig *ResourcesConfig `yaml:"resources,omitempty"` + // Specifies the container image used in the controller manager manifest. + ContainerImage string `yaml:"image,omitempty" docgen:"{'in':'1.5'}"` + + // Provides extra arguments to the controller manager. + ExtraArgsConfig map[string]string `yaml:"extraArgs,omitempty" docgen:"{'in':'1.5'}"` + + // Lists extra volumes to mount to the controller manager static pod. + ExtraVolumesConfig []VolumeMountConfig `yaml:"extraVolumes,omitempty" docgen:"{'in':'1.5'}"` + + // Allows the addition of environment variables for the control plane component. + EnvConfig Env `yaml:"env,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the controller manager resources. + ResourcesConfig *ResourcesConfig `yaml:"resources,omitempty" docgen:"{'in':'1.5'}"` } // ProxyConfig represents the kube proxy configuration options. type ProxyConfig struct { - // description: | - // Disable kube-proxy deployment on cluster bootstrap. - // examples: - // - value: pointer.To(false) - Disabled *bool `yaml:"disabled,omitempty"` - // description: | - // The container image used in the kube-proxy manifest. - // examples: - // - value: clusterProxyImageExample() - ContainerImage string `yaml:"image,omitempty"` - // description: | - // proxy mode of kube-proxy. - // The default is 'iptables'. - ModeConfig string `yaml:"mode,omitempty"` - // description: | - // Extra arguments to supply to kube-proxy. - ExtraArgsConfig map[string]string `yaml:"extraArgs,omitempty"` -} + // Indicates if the kube-proxy deployment on cluster bootstrap is disabled. + Disabled *bool `yaml:"disabled,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the container image used in the kube-proxy manifest. + ContainerImage string `yaml:"image,omitempty" docgen:"{'in':'1.5'}"` -var _ config.Scheduler = (*SchedulerConfig)(nil) + // Specifies the proxy mode of kube-proxy. The default is 'iptables'. + ModeConfig string `yaml:"mode,omitempty" docgen:"{'in':'1.5'}"` + + // Provides extra arguments to kube-proxy. + ExtraArgsConfig map[string]string `yaml:"extraArgs,omitempty" docgen:"{'in':'1.5'}"` +} // SchedulerConfig represents the kube scheduler configuration options. type SchedulerConfig struct { - // description: | - // The container image used in the scheduler manifest. - // examples: - // - value: clusterSchedulerImageExample() - ContainerImage string `yaml:"image,omitempty"` - // description: | - // Extra arguments to supply to the scheduler. - ExtraArgsConfig map[string]string `yaml:"extraArgs,omitempty"` - // description: | - // Extra volumes to mount to the scheduler static pod. - ExtraVolumesConfig []VolumeMountConfig `yaml:"extraVolumes,omitempty"` - // description: | - // The `env` field allows for the addition of environment variables for the control plane component. - // schema: - // type: object - // patternProperties: - // ".*": - // type: string - EnvConfig Env `yaml:"env,omitempty"` - // description: | - // Configure the scheduler resources. - // schema: - // type: object - ResourcesConfig *ResourcesConfig `yaml:"resources,omitempty"` - // description: | - // Specify custom kube-scheduler configuration. - // schema: - // type: object - SchedulerConfig Unstructured `yaml:"config,omitempty"` -} + // Specifies the container image used in the scheduler manifest. + ContainerImage string `yaml:"image,omitempty" docgen:"{'in':'1.5'}"` + + // Provides extra arguments to the scheduler. + ExtraArgsConfig map[string]string `yaml:"extraArgs,omitempty" docgen:"{'in':'1.5'}"` -var _ config.Etcd = (*EtcdConfig)(nil) + // Lists extra volumes to mount to the scheduler static pod. + ExtraVolumesConfig []VolumeMountConfig `yaml:"extraVolumes,omitempty" docgen:"{'in':'1.5'}"` -// EtcdConfig represents the etcd configuration options. + // Allows the addition of environment variables for the control plane component. + EnvConfig Env `yaml:"env,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the scheduler resources. + ResourcesConfig *ResourcesConfig `yaml:"resources,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies custom kube-scheduler configuration. + SchedulerConfig Unstructured `yaml:"config,omitempty" docgen:"{'in':'1.6'}"` +} + +// Represents the etcd configuration options. type EtcdConfig struct { - // description: | - // The container image used to create the etcd service. - // examples: - // - value: clusterEtcdImageExample() - ContainerImage string `yaml:"image,omitempty"` - // description: | - // The `ca` is the root certificate authority of the PKI. - // It is composed of a base64 encoded `crt` and `key`. - // examples: - // - value: pemEncodedCertificateExample() - // schema: - // type: object - // additionalProperties: false - // properties: - // crt: - // type: string - // key: - // type: string - RootCA *x509.PEMEncodedCertificateAndKey `yaml:"ca"` - // description: | - // Extra arguments to supply to etcd. - // Note that the following args are not allowed: - // - // - `name` - // - `data-dir` - // - `initial-cluster-state` - // - `listen-peer-urls` - // - `listen-client-urls` - // - `cert-file` - // - `key-file` - // - `trusted-ca-file` - // - `peer-client-cert-auth` - // - `peer-cert-file` - // - `peer-trusted-ca-file` - // - `peer-key-file` - // examples: - // - values: > - // map[string]string{ - // "initial-cluster": "https://1.2.3.4:2380", - // "advertise-client-urls": "https://1.2.3.4:2379", - // } - EtcdExtraArgs map[string]string `yaml:"extraArgs,omitempty"` - // docgen:nodoc - // - // Deprecated: use EtcdAdvertistedSubnets - EtcdSubnet string `yaml:"subnet,omitempty"` - // description: | - // The `advertisedSubnets` field configures the networks to pick etcd advertised IP from. - // - // IPs can be excluded from the list by using negative match with `!`, e.g `!10.0.0.0/8`. - // Negative subnet matches should be specified last to filter out IPs picked by positive matches. - // If not specified, advertised IP is selected as the first routable address of the node. - // - // examples: - // - value: clusterEtcdAdvertisedSubnetsExample() - EtcdAdvertisedSubnets []string `yaml:"advertisedSubnets,omitempty"` - // description: | - // The `listenSubnets` field configures the networks for the etcd to listen for peer and client connections. - // - // If `listenSubnets` is not set, but `advertisedSubnets` is set, `listenSubnets` defaults to - // `advertisedSubnets`. - // - // If neither `advertisedSubnets` nor `listenSubnets` is set, `listenSubnets` defaults to listen on all addresses. - // - // IPs can be excluded from the list by using negative match with `!`, e.g `!10.0.0.0/8`. - // Negative subnet matches should be specified last to filter out IPs picked by positive matches. - // If not specified, advertised IP is selected as the first routable address of the node. - EtcdListenSubnets []string `yaml:"listenSubnets,omitempty"` + // Specifies the container image for the etcd service. + ContainerImage string `yaml:"image,omitempty" docgen:"{'in':'1.5'}"` + + // Denotes the root certificate authority of the PKI, comprised of a base64 encoded `crt` and `key`. + RootCA *x509.PEMEncodedCertificateAndKey `yaml:"ca" docgen:"{'in':'1.5'}"` + + // Defines additional arguments for etcd, with certain args prohibited. + EtcdExtraArgs map[string]string `yaml:"extraArgs,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the network from which to select etcd advertised IP. + EtcdSubnet string `yaml:"subnet,omitempty" docgen:"{'in':'1.5', 'deprecated':'1.6'}"` + + // Configures the networks from which to select etcd advertised IP. + EtcdAdvertisedSubnets []string `yaml:"advertisedSubnets,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the networks for etcd to listen for peer and client connections. + // If not specified, defaults are applied based on `advertisedSubnets`. + EtcdListenSubnets []string `yaml:"listenSubnets,omitempty" docgen:"{'in':'1.5'}"` } // ClusterNetworkConfig represents kube networking configuration options. type ClusterNetworkConfig struct { - // description: | - // The CNI used. - // Composed of "name" and "urls". - // The "name" key supports the following options: "flannel", "custom", and "none". - // "flannel" uses Talos-managed Flannel CNI, and that's the default option. - // "custom" uses custom manifests that should be provided in "urls". - // "none" indicates that Talos will not manage any CNI installation. - // examples: - // - value: clusterCustomCNIExample() - CNI *CNIConfig `yaml:"cni,omitempty"` - // description: | - // The domain used by Kubernetes DNS. - // The default is `cluster.local` - // examples: - // - value: '"cluser.local"' - DNSDomain string `yaml:"dnsDomain"` - // description: | - // The pod subnet CIDR. - // examples: - // - value: > - // []string{"10.244.0.0/16"} - PodSubnet []string `yaml:"podSubnets" merge:"replace"` - // description: | - // The service subnet CIDR. - // examples: - // - value: > - // []string{"10.96.0.0/12"} - ServiceSubnet []string `yaml:"serviceSubnets" merge:"replace"` + // Specifies the CNI used. + CNI *CNIConfig `yaml:"cni,omitempty" docgen:"{'in':'1.5'}"` + + // Defines the domain used by Kubernetes DNS. + DNSDomain string `yaml:"dnsDomain" docgen:"{'in':'1.5'}"` + + // Indicates the pod subnet CIDR. + PodSubnet []string `yaml:"podSubnets" merge:"replace" docgen:"{'in':'1.5'}"` + + // Indicates the service subnet CIDR. + ServiceSubnet []string `yaml:"serviceSubnets" merge:"replace" docgen:"{'in':'1.5'}"` } // CNIConfig represents the CNI configuration options. type CNIConfig struct { - // description: | - // Name of CNI to use. - // values: - // - flannel - // - custom - // - none - CNIName string `yaml:"name,omitempty"` - // description: | - // URLs containing manifests to apply for the CNI. - // Should be present for "custom", must be empty for "flannel" and "none". - CNIUrls []string `yaml:"urls,omitempty"` - // description: | - // Flannel configuration options. - CNIFlannel *FlannelCNIConfig `yaml:"flannel,omitempty"` + // Specifies the name of CNI to use. + CNIName string `yaml:"name,omitempty" docgen:"{'in':'1.5'}"` + + // Lists URLs containing manifests to apply for the CNI. + CNIUrls []string `yaml:"urls,omitempty" docgen:"{'in':'1.5'}"` + + // Flannel configuration options. + CNIFlannel *FlannelCNIConfig `yaml:"flannel,omitempty" docgen:"{'in':'1.6'}"` } // FlannelCNIConfig represents the Flannel CNI configuration options. type FlannelCNIConfig struct { - // description: | - // Extra arguments for 'flanneld'. - // examples: - // - value: > - // []string{"--iface-can-reach=192.168.1.1"} - FlanneldExtraArgs []string `yaml:"extraArgs,omitempty"` + // Extra arguments for `flanneld`. + FlanneldExtraArgs []string `yaml:"extraArgs,omitempty" docgen:"{'in':'1.6'}"` } -var _ config.ExternalCloudProvider = (*ExternalCloudProviderConfig)(nil) - // ExternalCloudProviderConfig contains external cloud provider configuration. type ExternalCloudProviderConfig struct { - // description: | - // Enable external cloud provider. - // values: - // - true - // - yes - // - false - // - no - ExternalEnabled *bool `yaml:"enabled,omitempty"` - // description: | - // A list of urls that point to additional manifests for an external cloud provider. - // These will get automatically deployed as part of the bootstrap. - // examples: - // - value: > - // []string{ - // "https://raw.githubusercontent.com/kubernetes/cloud-provider-aws/v1.20.0-alpha.0/manifests/rbac.yaml", - // "https://raw.githubusercontent.com/kubernetes/cloud-provider-aws/v1.20.0-alpha.0/manifests/aws-cloud-controller-manager-daemonset.yaml", - // } - ExternalManifests []string `yaml:"manifests,omitempty"` + // Indicates if the external cloud provider is enabled. + ExternalEnabled *bool `yaml:"enabled,omitempty" docgen:"{'in':'1.5'}"` + + // Lists URLs that point to additional manifests for an external cloud provider. + ExternalManifests []string `yaml:"manifests,omitempty" docgen:"{'in':'1.5'}"` } // AdminKubeconfigConfig contains admin kubeconfig settings. type AdminKubeconfigConfig struct { - // description: | - // Admin kubeconfig certificate lifetime (default is 1 year). - // Field format accepts any Go time.Duration format ('1h' for one hour, '10m' for ten minutes). - // schema: - // type: string - // pattern: ^[-+]?(((\d+(\.\d*)?|\d*(\.\d+)+)([nuµm]?s|m|h))|0)+$ - AdminKubeconfigCertLifetime time.Duration `yaml:"certLifetime,omitempty"` + // Specifies the admin kubeconfig certificate lifetime. + AdminKubeconfigCertLifetime time.Duration `yaml:"certLifetime,omitempty" docgen:"{'in':'1.5'}"` } // MachineDisk represents the options available for partitioning, formatting, and // mounting extra disks. type MachineDisk struct { - // description: The name of the disk to use. - DeviceName string `yaml:"device,omitempty"` - // description: A list of partitions to create on the disk. - DiskPartitions []*DiskPartition `yaml:"partitions,omitempty"` + // Specifies the name of the disk to use. + DeviceName string `yaml:"device,omitempty" docgen:"{'in':'1.5'}"` + + // Lists partitions to create on the disk. + DiskPartitions []*DiskPartition `yaml:"partitions,omitempty" docgen:"{'in':'1.5'}"` } // DiskSize partition size in bytes. @@ -1529,95 +957,62 @@ func (ds *DiskSize) UnmarshalYAML(unmarshal func(interface{}) error) error { // DiskPartition represents the options for a disk partition. type DiskPartition struct { - // description: > - // The size of partition: either bytes or human readable representation. If `size:` - // is omitted, the partition is sized to occupy the full disk. - // examples: - // - name: Human readable representation. - // value: DiskSize(100000000) - // - name: Precise value in bytes. - // value: 1024 * 1024 * 1024 - // schema: - // type: integer - DiskSize DiskSize `yaml:"size,omitempty"` - // description: - // Where to mount the partition. - DiskMountPoint string `yaml:"mountpoint,omitempty"` + // Specifies the size of the partition. + DiskSize DiskSize `yaml:"size,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies where to mount the partition. + DiskMountPoint string `yaml:"mountpoint,omitempty" docgen:"{'in':'1.5'}"` } // EncryptionConfig represents partition encryption settings. type EncryptionConfig struct { - // description: > - // Encryption provider to use for the encryption. - // examples: - // - value: '"luks2"' - EncryptionProvider string `yaml:"provider"` - // description: > - // Defines the encryption keys generation and storage method. - EncryptionKeys []*EncryptionKey `yaml:"keys"` - // description: > - // Cipher kind to use for the encryption. - // Depends on the encryption provider. - // values: - // - aes-xts-plain64 - // - xchacha12,aes-adiantum-plain64 - // - xchacha20,aes-adiantum-plain64 - // examples: - // - value: '"aes-xts-plain64"' - EncryptionCipher string `yaml:"cipher,omitempty"` - // description: > - // Defines the encryption key length. - EncryptionKeySize uint `yaml:"keySize,omitempty"` - // description: > - // Defines the encryption sector size. - // examples: - // - value: '4096' - EncryptionBlockSize uint64 `yaml:"blockSize,omitempty"` - // description: > - // Additional --perf parameters for the LUKS2 encryption. - // values: - // - no_read_workqueue - // - no_write_workqueue - // - same_cpu_crypt - // examples: - // - value: > - // []string{"no_read_workqueue","no_write_workqueue"} - EncryptionPerfOptions []string `yaml:"options,omitempty"` + // Specifies the encryption provider to use. + EncryptionProvider string `yaml:"provider" docgen:"{'in':'1.5'}"` + + // Defines the encryption keys generation and storage method. + EncryptionKeys []*EncryptionKey `yaml:"keys" docgen:"{'in':'1.5'}"` + + // Specifies the cipher kind to use for the encryption. + EncryptionCipher string `yaml:"cipher,omitempty" docgen:"{'in':'1.5'}"` + + // Defines the encryption key length. + EncryptionKeySize uint `yaml:"keySize,omitempty" docgen:"{'in':'1.5'}"` + + // Defines the encryption sector size. + EncryptionBlockSize uint64 `yaml:"blockSize,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies additional --perf parameters for the LUKS2 encryption. + EncryptionPerfOptions []string `yaml:"options,omitempty" docgen:"{'in':'1.5'}"` } // EncryptionKey represents configuration for disk encryption key. type EncryptionKey struct { - // description: > - // Key which value is stored in the configuration file. - KeyStatic *EncryptionKeyStatic `yaml:"static,omitempty"` - // description: > - // Deterministically generated key from the node UUID and PartitionLabel. - KeyNodeID *EncryptionKeyNodeID `yaml:"nodeID,omitempty"` - // description: > - // KMS managed encryption key. - // examples: - // - value: kmsKeyExample() - KeyKMS *EncryptionKeyKMS `yaml:"kms,omitempty"` - // description: > - // Key slot number for LUKS2 encryption. - KeySlot int `yaml:"slot"` - // description: > - // Enable TPM based disk encryption. - KeyTPM *EncryptionKeyTPM `yaml:"tpm,omitempty"` + // Specifies the key which value is stored in the configuration file. + KeyStatic *EncryptionKeyStatic `yaml:"static,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies deterministically generated key from the node UUID and PartitionLabel. + KeyNodeID *EncryptionKeyNodeID `yaml:"nodeID,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies KMS managed encryption key. + KeyKMS *EncryptionKeyKMS `yaml:"kms,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies key slot number for LUKS2 encryption. + KeySlot int `yaml:"slot" docgen:"{'in':'1.5'}"` + + // Specifies if TPM based disk encryption is enabled. + KeyTPM *EncryptionKeyTPM `yaml:"tpm,omitempty" docgen:"{'in':'1.5'}"` } // EncryptionKeyStatic represents throw away key type. type EncryptionKeyStatic struct { - // description: > - // Defines the static passphrase value. - KeyData string `yaml:"passphrase,omitempty"` + // Defines the static passphrase value. + KeyData string `yaml:"passphrase,omitempty" docgen:"{'in':'1.5'}"` } // EncryptionKeyKMS represents a key that is generated and then sealed/unsealed by the KMS server. type EncryptionKeyKMS struct { - // description: > - // KMS endpoint to Seal/Unseal the key. - KMSEndpoint string `yaml:"endpoint"` + // Specifies the KMS endpoint to Seal/Unseal the key. + KMSEndpoint string `yaml:"endpoint" docgen:"{'in':'1.5'}"` } // EncryptionKeyTPM represents a key that is generated and then sealed/unsealed by the TPM. @@ -1631,22 +1026,11 @@ type Env = map[string]string // ResourcesConfig represents the pod resources. type ResourcesConfig struct { - // description: | - // Requests configures the reserved cpu/memory resources. - // examples: - // - name: resources requests. - // value: resourcesConfigRequestsExample() - // schema: - // type: object - Requests Unstructured `yaml:"requests,omitempty"` - // description: | - // Limits configures the maximum cpu/memory resources a container can use. - // examples: - // - name: resources requests. - // value: resourcesConfigLimitsExample() - // schema: - // type: object - Limits Unstructured `yaml:"limits,omitempty"` + // Configures the reserved cpu/memory resources. + Requests Unstructured `yaml:"requests,omitempty" docgen:"{'in':'1.5'}"` + + // Configures the maximum cpu/memory resources a container can use. + Limits Unstructured `yaml:"limits,omitempty" docgen:"{'in':'1.5'}"` } // FileMode represents file's permissions. @@ -1668,322 +1052,247 @@ func (fm FileMode) MarshalYAML() (interface{}, error) { // MachineFile represents a file to write to disk. type MachineFile struct { - // description: The contents of the file. - FileContent string `yaml:"content"` - // description: The file's permissions in octal. - // schema: - // type: integer - FilePermissions FileMode `yaml:"permissions"` - // description: The path of the file. - FilePath string `yaml:"path"` - // description: The operation to use - // values: - // - create - // - append - // - overwrite - FileOp string `yaml:"op"` + // Specifies the contents of the file. + FileContent string `yaml:"content" docgen:"{'in':'1.5'}"` + + // Specifies the file's permissions in octal. + FilePermissions FileMode `yaml:"permissions" docgen:"{'in':'1.5'}"` + + // Specifies the path of the file. + FilePath string `yaml:"path" docgen:"{'in':'1.5'}"` + + // Specifies the operation to use. + FileOp string `yaml:"op" docgen:"{'in':'1.5'}"` } // ExtraHost represents a host entry in /etc/hosts. type ExtraHost struct { - // description: The IP of the host. - HostIP string `yaml:"ip"` - // description: The host alias. - HostAliases []string `yaml:"aliases"` + // Specifies the IP of the host. + HostIP string `yaml:"ip" docgen:"{'in':'1.5'}"` + + // Specifies the host alias. + HostAliases []string `yaml:"aliases" docgen:"{'in':'1.5'}"` } -// Device represents a network interface. +// Represents a network interface. type Device struct { - // description: | - // The interface name. - // Mutually exclusive with `deviceSelector`. - // examples: - // - value: '"enp0s3"' - DeviceInterface string `yaml:"interface,omitempty"` - // description: | - // Picks a network device using the selector. - // Mutually exclusive with `interface`. - // Supports partial match using wildcard syntax. - // examples: - // - name: select a device with bus prefix 00:*. - // value: networkDeviceSelectorExamples()[0] - // - name: select a device with mac address matching `*:f0:ab` and `virtio` kernel driver. - // value: networkDeviceSelectorExamples()[1] - DeviceSelector *NetworkDeviceSelector `yaml:"deviceSelector,omitempty"` - // description: | - // Assigns static IP addresses to the interface. - // An address can be specified either in proper CIDR notation or as a standalone address (netmask of all ones is assumed). - // examples: - // - value: '[]string{"10.5.0.0/16", "192.168.3.7"}' - DeviceAddresses []string `yaml:"addresses,omitempty"` - // docgen:nodoc - DeviceCIDR string `yaml:"cidr,omitempty"` - // description: | - // A list of routes associated with the interface. - // If used in combination with DHCP, these routes will be appended to routes returned by DHCP server. - // examples: - // - value: networkConfigRoutesExample() - DeviceRoutes []*Route `yaml:"routes,omitempty"` - // description: Bond specific options. - // examples: - // - value: networkConfigBondExample() - DeviceBond *Bond `yaml:"bond,omitempty"` - // description: Bridge specific options. - // examples: - // - value: networkConfigBridgeExample() - DeviceBridge *Bridge `yaml:"bridge,omitempty"` - // description: VLAN specific options. - DeviceVlans VlanList `yaml:"vlans,omitempty"` - // description: | - // The interface's MTU. - // If used in combination with DHCP, this will override any MTU settings returned from DHCP server. - DeviceMTU int `yaml:"mtu,omitempty"` - // description: | - // Indicates if DHCP should be used to configure the interface. - // The following DHCP options are supported: - // - // - `OptionClasslessStaticRoute` - // - `OptionDomainNameServer` - // - `OptionDNSDomainSearchList` - // - `OptionHostName` - // - // examples: - // - value: true - DeviceDHCP *bool `yaml:"dhcp,omitempty"` - // description: Indicates if the interface should be ignored (skips configuration). - DeviceIgnore *bool `yaml:"ignore,omitempty"` - // description: | - // Indicates if the interface is a dummy interface. - // `dummy` is used to specify that this interface should be a virtual-only, dummy interface. - DeviceDummy *bool `yaml:"dummy,omitempty"` - // description: | - // DHCP specific options. - // `dhcp` *must* be set to true for these to take effect. - // examples: - // - value: networkConfigDHCPOptionsExample() - DeviceDHCPOptions *DHCPOptions `yaml:"dhcpOptions,omitempty"` - // description: | - // Wireguard specific configuration. - // Includes things like private key, listen port, peers. - // examples: - // - name: wireguard server example - // value: networkConfigWireguardHostExample() - // - name: wireguard peer example - // value: networkConfigWireguardPeerExample() - DeviceWireguardConfig *DeviceWireguardConfig `yaml:"wireguard,omitempty"` - // description: Virtual (shared) IP address configuration. - // examples: - // - name: layer2 vip example - // value: networkConfigVIPLayer2Example() - DeviceVIPConfig *DeviceVIPConfig `yaml:"vip,omitempty"` + // Specifies the interface name, mutually exclusive with `deviceSelector`. + DeviceInterface string `yaml:"interface,omitempty" docgen:"{'in':'1.5'}"` + + // Selects a network device using the selector, mutually exclusive with `interface`. + DeviceSelector *NetworkDeviceSelector `yaml:"deviceSelector,omitempty" docgen:"{'in':'1.5'}"` + + // Assigns static IP addresses to the interface in CIDR notation or as a standalone address. + DeviceAddresses []string `yaml:"addresses,omitempty" docgen:"{'in':'1.5'}"` + + DeviceCIDR string `yaml:"cidr,omitempty" docgen:"{'in':'1.5'}"` + + // Defines a list of routes associated with the interface, appended to routes returned by DHCP if used. + DeviceRoutes []*Route `yaml:"routes,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies bond specific options. + DeviceBond *Bond `yaml:"bond,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies bridge specific options. + DeviceBridge *Bridge `yaml:"bridge,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies VLAN specific options. + DeviceVlans VlanList `yaml:"vlans,omitempty" docgen:"{'in':'1.5'}"` + + // Defines the interface's MTU, overwrites any MTU settings returned from DHCP if used. + DeviceMTU int `yaml:"mtu,omitempty" docgen:"{'in':'1.5'}"` + + // Indicates if DHCP should be used to configure the interface. + DeviceDHCP *bool `yaml:"dhcp,omitempty" docgen:"{'in':'1.5'}"` + + // Indicates if the interface configuration should be ignored. + DeviceIgnore *bool `yaml:"ignore,omitempty" docgen:"{'in':'1.5'}"` + + // Indicates if the interface is a virtual-only, dummy interface. + DeviceDummy *bool `yaml:"dummy,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies DHCP specific options, effective only when `dhcp` is true. + DeviceDHCPOptions *DHCPOptions `yaml:"dhcpOptions,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies Wireguard specific configuration. + DeviceWireguardConfig *DeviceWireguardConfig `yaml:"wireguard,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies virtual (shared) IP address configuration. + DeviceVIPConfig *DeviceVIPConfig `yaml:"vip,omitempty" docgen:"{'in':'1.5'}"` } // DHCPOptions contains options for configuring the DHCP settings for a given interface. type DHCPOptions struct { - // description: The priority of all routes received via DHCP. - DHCPRouteMetric uint32 `yaml:"routeMetric"` - // description: Enables DHCPv4 protocol for the interface (default is enabled). - DHCPIPv4 *bool `yaml:"ipv4,omitempty"` - // description: Enables DHCPv6 protocol for the interface (default is disabled). - DHCPIPv6 *bool `yaml:"ipv6,omitempty"` - // description: Set client DUID (hex string). - DHCPDUIDv6 string `yaml:"duidv6,omitempty"` + // Specifies the priority of all routes received via DHCP. + DHCPRouteMetric uint32 `yaml:"routeMetric" docgen:"{'in':'1.5'}"` + + // Enables DHCPv4 protocol for the interface (default is enabled). + DHCPIPv4 *bool `yaml:"ipv4,omitempty" docgen:"{'in':'1.5'}"` + + // Enables DHCPv6 protocol for the interface (default is disabled). + DHCPIPv6 *bool `yaml:"ipv6,omitempty" docgen:"{'in':'1.5'}"` + + // Set client DUID (hex string). + DHCPDUIDv6 string `yaml:"duidv6,omitempty" docgen:"{'in':'1.5'}"` } // DeviceWireguardConfig contains settings for configuring Wireguard network interface. type DeviceWireguardConfig struct { - // description: | - // Specifies a private key configuration (base64 encoded). - // Can be generated by `wg genkey`. - WireguardPrivateKey string `yaml:"privateKey,omitempty"` - // description: Specifies a device's listening port. - WireguardListenPort int `yaml:"listenPort,omitempty"` - // description: Specifies a device's firewall mark. - WireguardFirewallMark int `yaml:"firewallMark,omitempty"` - // description: Specifies a list of peer configurations to apply to a device. - WireguardPeers []*DeviceWireguardPeer `yaml:"peers,omitempty"` + // Specifies a private key configuration (base64 encoded). + WireguardPrivateKey string `yaml:"privateKey,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a device's listening port. + WireguardListenPort int `yaml:"listenPort,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a device's firewall mark. + WireguardFirewallMark int `yaml:"firewallMark,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a list of peer configurations to apply to a device. + WireguardPeers []*DeviceWireguardPeer `yaml:"peers,omitempty" docgen:"{'in':'1.5'}"` } // DeviceWireguardPeer a WireGuard device peer configuration. type DeviceWireguardPeer struct { - // description: | - // Specifies the public key of this peer. - // Can be extracted from private key by running `wg pubkey < private.key > public.key && cat public.key`. - WireguardPublicKey string `yaml:"publicKey,omitempty"` - // description: Specifies the endpoint of this peer entry. - WireguardEndpoint string `yaml:"endpoint,omitempty"` - // description: | - // Specifies the persistent keepalive interval for this peer. - // Field format accepts any Go time.Duration format ('1h' for one hour, '10m' for ten minutes). - // schema: - // type: string - // pattern: ^[-+]?(((\d+(\.\d*)?|\d*(\.\d+)+)([nuµm]?s|m|h))|0)+$ - WireguardPersistentKeepaliveInterval time.Duration `yaml:"persistentKeepaliveInterval,omitempty"` - // description: AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer. - WireguardAllowedIPs []string `yaml:"allowedIPs,omitempty"` + // Specifies the public key of this peer. + WireguardPublicKey string `yaml:"publicKey,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the endpoint of this peer entry. + WireguardEndpoint string `yaml:"endpoint,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the persistent keepalive interval for this peer. + WireguardPersistentKeepaliveInterval time.Duration `yaml:"persistentKeepaliveInterval,omitempty" docgen:"{'in':'1.5'}"` + + // AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer. + WireguardAllowedIPs []string `yaml:"allowedIPs,omitempty" docgen:"{'in':'1.5'}"` } // DeviceVIPConfig contains settings for configuring a Virtual Shared IP on an interface. type DeviceVIPConfig struct { - // description: Specifies the IP address to be used. - SharedIP string `yaml:"ip,omitempty"` - // description: Specifies the Equinix Metal API settings to assign VIP to the node. - EquinixMetalConfig *VIPEquinixMetalConfig `yaml:"equinixMetal,omitempty"` - // description: Specifies the Hetzner Cloud API settings to assign VIP to the node. - HCloudConfig *VIPHCloudConfig `yaml:"hcloud,omitempty"` + // Specifies the IP address to be used. + SharedIP string `yaml:"ip,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the Equinix Metal API settings to assign VIP to the node. + EquinixMetalConfig *VIPEquinixMetalConfig `yaml:"equinixMetal,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the Hetzner Cloud API settings to assign VIP to the node. + HCloudConfig *VIPHCloudConfig `yaml:"hcloud,omitempty" docgen:"{'in':'1.5'}"` } // VIPEquinixMetalConfig contains settings for Equinix Metal VIP management. type VIPEquinixMetalConfig struct { - // description: Specifies the Equinix Metal API Token. - EquinixMetalAPIToken string `yaml:"apiToken"` + // Specifies the Equinix Metal API Token. + EquinixMetalAPIToken string `yaml:"apiToken" docgen:"{'in':'1.5'}"` } // VIPHCloudConfig contains settings for Hetzner Cloud VIP management. type VIPHCloudConfig struct { - // description: Specifies the Hetzner Cloud API Token. - HCloudAPIToken string `yaml:"apiToken"` + // Specifies the Hetzner Cloud API Token. + HCloudAPIToken string `yaml:"apiToken" docgen:"{'in':'1.5'}"` } -// Bond contains the various options for configuring a bonded interface. +// Represents options for configuring a bonded interface. type Bond struct { - // description: The interfaces that make up the bond. - BondInterfaces []string `yaml:"interfaces"` - // description: | - // Picks a network device using the selector. - // Mutually exclusive with `interfaces`. - // Supports partial match using wildcard syntax. - // examples: - // - name: select a device with bus prefix 00:*, a device with mac address matching `*:f0:ab` and `virtio` kernel driver. - // value: networkDeviceSelectorExamples() - BondDeviceSelectors []NetworkDeviceSelector `yaml:"deviceSelectors,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - // Not supported at the moment. - BondARPIPTarget []string `yaml:"arpIPTarget,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondMode string `yaml:"mode"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondHashPolicy string `yaml:"xmitHashPolicy,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondLACPRate string `yaml:"lacpRate,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - // Not supported at the moment. - BondADActorSystem string `yaml:"adActorSystem,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondARPValidate string `yaml:"arpValidate,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondARPAllTargets string `yaml:"arpAllTargets,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondPrimary string `yaml:"primary,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondPrimaryReselect string `yaml:"primaryReselect,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondFailOverMac string `yaml:"failOverMac,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondADSelect string `yaml:"adSelect,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondMIIMon uint32 `yaml:"miimon,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondUpDelay uint32 `yaml:"updelay,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondDownDelay uint32 `yaml:"downdelay,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondARPInterval uint32 `yaml:"arpInterval,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondResendIGMP uint32 `yaml:"resendIgmp,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondMinLinks uint32 `yaml:"minLinks,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondLPInterval uint32 `yaml:"lpInterval,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondPacketsPerSlave uint32 `yaml:"packetsPerSlave,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondNumPeerNotif uint8 `yaml:"numPeerNotif,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondTLBDynamicLB uint8 `yaml:"tlbDynamicLb,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondAllSlavesActive uint8 `yaml:"allSlavesActive,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondUseCarrier *bool `yaml:"useCarrier,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondADActorSysPrio uint16 `yaml:"adActorSysPrio,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondADUserPortKey uint16 `yaml:"adUserPortKey,omitempty"` - // description: | - // A bond option. - // Please see the official kernel documentation. - BondPeerNotifyDelay uint32 `yaml:"peerNotifyDelay,omitempty"` + // Comprises the interfaces making up the bond. + BondInterfaces []string `yaml:"interfaces" docgen:"{'in':'1.5'}"` + + // Selects a network device using the selector, mutually exclusive with `interfaces`. + BondDeviceSelectors []NetworkDeviceSelector `yaml:"deviceSelectors,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). Not supported currently. + BondARPIPTarget []string `yaml:"arpIPTarget,omitempty" docgen:"{'in':'1.5'}"` + + // Defines a bond mode (see official kernel documentation). + BondMode string `yaml:"mode" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondHashPolicy string `yaml:"xmitHashPolicy,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondLACPRate string `yaml:"lacpRate,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). Not supported currently. + BondADActorSystem string `yaml:"adActorSystem,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondARPValidate string `yaml:"arpValidate,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondARPAllTargets string `yaml:"arpAllTargets,omitempty" docgen:"{'in':'1.5'}"` + + // Defines a primary bond (see official kernel documentation). + BondPrimary string `yaml:"primary,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondPrimaryReselect string `yaml:"primaryReselect,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondFailOverMac string `yaml:"failOverMac,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondADSelect string `yaml:"adSelect,omitempty" docgen:"{'in':'1.5'}"` + + // Defines an MII monitor bond option (see official kernel documentation). + BondMIIMon uint32 `yaml:"miimon,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondUpDelay uint32 `yaml:"updelay,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondDownDelay uint32 `yaml:"downdelay,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondARPInterval uint32 `yaml:"arpInterval,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondResendIGMP uint32 `yaml:"resendIgmp,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondMinLinks uint32 `yaml:"minLinks,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondLPInterval uint32 `yaml:"lpInterval,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondPacketsPerSlave uint32 `yaml:"packetsPerSlave,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondNumPeerNotif uint8 `yaml:"numPeerNotif,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondTLBDynamicLB uint8 `yaml:"tlbDynamicLb,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondAllSlavesActive uint8 `yaml:"allSlavesActive,omitempty" docgen:"{'in':'1.5'}"` + + // Indicates if a bond option should use a carrier (see official kernel documentation). + BondUseCarrier *bool `yaml:"useCarrier,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondADActorSysPrio uint16 `yaml:"adActorSysPrio,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondADUserPortKey uint16 `yaml:"adUserPortKey,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies a bond option (see official kernel documentation). + BondPeerNotifyDelay uint32 `yaml:"peerNotifyDelay,omitempty" docgen:"{'in':'1.5'}"` } // STP contains the various options for configuring the STP properties of a bridge interface. type STP struct { - // description: Whether Spanning Tree Protocol (STP) is enabled. - STPEnabled *bool `yaml:"enabled,omitempty"` + // Specifies whether Spanning Tree Protocol (STP) is enabled. + STPEnabled *bool `yaml:"enabled,omitempty" docgen:"{'in':'1.5'}"` } // Bridge contains the various options for configuring a bridge interface. type Bridge struct { - // description: The interfaces that make up the bridge. - BridgedInterfaces []string `yaml:"interfaces"` - // description: | - // A bridge option. - // Please see the official kernel documentation. - BridgeSTP *STP `yaml:"stp,omitempty"` + // Lists the interfaces that make up the bridge. + BridgedInterfaces []string `yaml:"interfaces" docgen:"{'in':'1.5'}"` + + // A bridge option. + BridgeSTP *STP `yaml:"stp,omitempty" docgen:"{'in':'1.5'}"` } // VlanList is a list of *Vlan structures with overridden merge process. -// -//docgen:alias type VlanList []*Vlan // Merge the network interface configuration intelligently. @@ -2022,185 +1331,150 @@ func (vlans *VlanList) mergeVlan(vlan *Vlan) error { return nil } -// Vlan represents vlan settings for a device. +// Represents VLAN settings for a device. type Vlan struct { - // description: The addresses in CIDR notation or as plain IPs to use. - VlanAddresses []string `yaml:"addresses,omitempty"` - // docgen:nodoc - VlanCIDR string `yaml:"cidr,omitempty"` - // description: A list of routes associated with the VLAN. - VlanRoutes []*Route `yaml:"routes"` - // description: Indicates if DHCP should be used. - VlanDHCP *bool `yaml:"dhcp,omitempty"` - // description: The VLAN's ID. - VlanID uint16 `yaml:"vlanId"` - // description: The VLAN's MTU. - VlanMTU uint32 `yaml:"mtu,omitempty"` - // description: The VLAN's virtual IP address configuration. - VlanVIP *DeviceVIPConfig `yaml:"vip,omitempty"` - // description: | - // DHCP specific options. - // `dhcp` *must* be set to true for these to take effect. - VlanDHCPOptions *DHCPOptions `yaml:"dhcpOptions,omitempty"` + // Specifies the addresses in CIDR notation or as plain IPs. + VlanAddresses []string `yaml:"addresses,omitempty" docgen:"{'in':'1.5'}"` + + VlanCIDR string `yaml:"cidr,omitempty" docgen:"{'in':'1.5'}"` + + // Provides a list of routes associated with the VLAN. + VlanRoutes []*Route `yaml:"routes" docgen:"{'in':'1.5'}"` + + // Indicates whether DHCP should be used. + VlanDHCP *bool `yaml:"dhcp,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the VLAN's ID. + VlanID uint16 `yaml:"vlanId" docgen:"{'in':'1.5'}"` + + // Specifies the VLAN's MTU. + VlanMTU uint32 `yaml:"mtu,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the VLAN's virtual IP address configuration. + VlanVIP *DeviceVIPConfig `yaml:"vip,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies DHCP specific options, effective only when `dhcp` is true. + VlanDHCPOptions *DHCPOptions `yaml:"dhcpOptions,omitempty" docgen:"{'in':'1.5'}"` } // Route represents a network route. type Route struct { - // description: The route's network (destination). - RouteNetwork string `yaml:"network"` - // description: The route's gateway (if empty, creates link scope route). - RouteGateway string `yaml:"gateway"` - // description: The route's source address (optional). - RouteSource string `yaml:"source,omitempty"` - // description: The optional metric for the route. - RouteMetric uint32 `yaml:"metric,omitempty"` - // description: The optional MTU for the route. - RouteMTU uint32 `yaml:"mtu,omitempty"` + // The route's network (destination). + RouteNetwork string `yaml:"network" docgen:"{'in':'1.5'}"` + + // The route's gateway. + RouteGateway string `yaml:"gateway" docgen:"{'in':'1.5'}"` + + // The route's source address. + RouteSource string `yaml:"source,omitempty" docgen:"{'in':'1.5'}"` + + // The optional metric for the route. + RouteMetric uint32 `yaml:"metric,omitempty" docgen:"{'optional':true, 'in':'1.5'}"` + + // The optional MTU for the route. + RouteMTU uint32 `yaml:"mtu,omitempty" docgen:"{'optional':true, 'in':'1.5'}"` } // RegistryMirrorConfig represents mirror configuration for a registry. type RegistryMirrorConfig struct { - // description: | - // List of endpoints (URLs) for registry mirrors to use. - // Endpoint configures HTTP/HTTPS access mode, host name, - // port and path (if path is not set, it defaults to `/v2`). - MirrorEndpoints []string `yaml:"endpoints"` - // description: | - // Use the exact path specified for the endpoint (don't append /v2/). - // This setting is often required for setting up multiple mirrors - // on a single instance of a registry. - MirrorOverridePath *bool `yaml:"overridePath,omitempty"` + // List of endpoints for registry mirrors to use. + MirrorEndpoints []string `yaml:"endpoints" docgen:"{'in':'1.5'}"` + + // Use the exact path specified for the endpoint. + MirrorOverridePath *bool `yaml:"overridePath,omitempty" docgen:"{'in':'1.5'}"` } // RegistryConfig specifies auth & TLS config per registry. type RegistryConfig struct { - // description: | - // The TLS configuration for the registry. - // examples: - // - value: machineConfigRegistryTLSConfigExample1() - // - value: machineConfigRegistryTLSConfigExample2() - RegistryTLS *RegistryTLSConfig `yaml:"tls,omitempty"` - // description: | - // The auth configuration for this registry. - // Note: changes to the registry auth will not be picked up by the CRI containerd plugin without a reboot. - // examples: - // - value: machineConfigRegistryAuthConfigExample() - RegistryAuth *RegistryAuthConfig `yaml:"auth,omitempty"` + // The TLS configuration for the registry. + RegistryTLS *RegistryTLSConfig `yaml:"tls,omitempty" docgen:"{'in':'1.5'}"` + + // The auth configuration for this registry. + RegistryAuth *RegistryAuthConfig `yaml:"auth,omitempty" docgen:"{'optional':true, 'in':'1.5'}"` } // RegistryAuthConfig specifies authentication configuration for a registry. type RegistryAuthConfig struct { - // description: | - // Optional registry authentication. - // The meaning of each field is the same with the corresponding field in [`.docker/config.json`](https://docs.docker.com/engine/api/v1.41/#section/Authentication). - RegistryUsername string `yaml:"username,omitempty"` - // description: | - // Optional registry authentication. - // The meaning of each field is the same with the corresponding field in [`.docker/config.json`](https://docs.docker.com/engine/api/v1.41/#section/Authentication). - RegistryPassword string `yaml:"password,omitempty"` - // description: | - // Optional registry authentication. - // The meaning of each field is the same with the corresponding field in [`.docker/config.json`](https://docs.docker.com/engine/api/v1.41/#section/Authentication). - RegistryAuth string `yaml:"auth,omitempty"` - // description: | - // Optional registry authentication. - // The meaning of each field is the same with the corresponding field in [`.docker/config.json`](https://docs.docker.com/engine/api/v1.41/#section/Authentication). - RegistryIdentityToken string `yaml:"identityToken,omitempty"` + // Optional registry authentication. + RegistryUsername string `yaml:"username,omitempty" docgen:"{'in':'1.5'}"` + + // Optional registry authentication. + RegistryPassword string `yaml:"password,omitempty" docgen:"{'in':'1.5'}"` + + // Optional registry authentication. + RegistryAuth string `yaml:"auth,omitempty" docgen:"{'in':'1.5'}"` + + // Optional registry authentication. + RegistryIdentityToken string `yaml:"identityToken,omitempty" docgen:"{'in':'1.5'}"` } // RegistryTLSConfig specifies TLS config for HTTPS registries. type RegistryTLSConfig struct { - // description: | - // Enable mutual TLS authentication with the registry. - // Client certificate and key should be base64-encoded. - // examples: - // - value: pemEncodedCertificateExample() - // schema: - // type: object - // additionalProperties: false - // properties: - // crt: - // type: string - // key: - // type: string - TLSClientIdentity *x509.PEMEncodedCertificateAndKey `yaml:"clientIdentity,omitempty"` - // description: | - // CA registry certificate to add the list of trusted certificates. - // Certificate should be base64-encoded. - // schema: - // type: string - TLSCA Base64Bytes `yaml:"ca,omitempty"` - // description: | - // Skip TLS server certificate verification (not recommended). - TLSInsecureSkipVerify *bool `yaml:"insecureSkipVerify,omitempty"` + // Enable mutual TLS authentication with the registry. + TLSClientIdentity *x509.PEMEncodedCertificateAndKey `yaml:"clientIdentity,omitempty" docgen:"{'in':'1.5'}"` + + // CA registry certificate to add the list of trusted certificates. + TLSCA Base64Bytes `yaml:"ca,omitempty" docgen:"{'in':'1.5'}"` + + // Skip TLS server certificate verification. + TLSInsecureSkipVerify *bool `yaml:"insecureSkipVerify,omitempty" docgen:"{'in':'1.5'}"` } // SystemDiskEncryptionConfig specifies system disk partitions encryption settings. type SystemDiskEncryptionConfig struct { - // description: | - // State partition encryption. - StatePartition *EncryptionConfig `yaml:"state,omitempty"` - // description: | - // Ephemeral partition encryption. - EphemeralPartition *EncryptionConfig `yaml:"ephemeral,omitempty"` + // State partition encryption. + StatePartition *EncryptionConfig `yaml:"state,omitempty" docgen:"{'in':'1.5'}"` + + // Ephemeral partition encryption. + EphemeralPartition *EncryptionConfig `yaml:"ephemeral,omitempty" docgen:"{'in':'1.5'}"` } var _ config.Features = (*FeaturesConfig)(nil) // FeaturesConfig describes individual Talos features that can be switched on or off. type FeaturesConfig struct { - // description: | - // Enable role-based access control (RBAC). - RBAC *bool `yaml:"rbac,omitempty"` - // description: | - // Enable stable default hostname. - StableHostname *bool `yaml:"stableHostname,omitempty"` - // description: | - // Configure Talos API access from Kubernetes pods. - // - // This feature is disabled if the feature config is not specified. - // examples: - // - value: kubernetesTalosAPIAccessConfigExample() - KubernetesTalosAPIAccessConfig *KubernetesTalosAPIAccessConfig `yaml:"kubernetesTalosAPIAccess,omitempty"` - // description: | - // Enable checks for extended key usage of client certificates in apid. - ApidCheckExtKeyUsage *bool `yaml:"apidCheckExtKeyUsage,omitempty"` - // description: | - // Enable XFS project quota support for EPHEMERAL partition and user disks. - // Also enables kubelet tracking of ephemeral disk usage in the kubelet via quota. - DiskQuotaSupport *bool `yaml:"diskQuotaSupport,omitempty"` - // description: | - // KubePrism - local proxy/load balancer on defined port that will distribute - // requests to all API servers in the cluster. - KubePrismSupport *KubePrism `yaml:"kubePrism,omitempty"` - // description: | - // Configures host DNS caching resolver. - HostDNSSupport *HostDNSConfig `yaml:"hostDNS,omitempty"` + // Enable role-based access control (RBAC). + RBAC *bool `yaml:"rbac,omitempty" docgen:"{'in':'1.5'}"` + + // Enable stable default hostname. + StableHostname *bool `yaml:"stableHostname,omitempty" docgen:"{'in':'1.5'}"` + + // Configure Talos API access from Kubernetes pods. + KubernetesTalosAPIAccessConfig *KubernetesTalosAPIAccessConfig `yaml:"kubernetesTalosAPIAccess,omitempty" docgen:"{'in':'1.5'}"` + + // Enable checks for extended key usage of client certificates in apid. + ApidCheckExtKeyUsage *bool `yaml:"apidCheckExtKeyUsage,omitempty" docgen:"{'in':'1.5'}"` + + // Enable XFS project quota support for EPHEMERAL partition and user disks. + DiskQuotaSupport *bool `yaml:"diskQuotaSupport,omitempty" docgen:"{'in':'1.5'}"` + + // KubePrism - local proxy/load balancer on defined port that will distribute + // requests to all API servers in the cluster. + KubePrismSupport *KubePrism `yaml:"kubePrism,omitempty" docgen:"{'in':'1.5'}"` + + // Configures host DNS caching resolver. + HostDNSSupport *HostDNSConfig `yaml:"hostDNS,omitempty" docgen:"{'in':'1.7'}"` } // KubePrism describes the configuration for the KubePrism load balancer. type KubePrism struct { - // description: | - // Enable KubePrism support - will start local load balancing proxy. - ServerEnabled *bool `yaml:"enabled,omitempty"` - // description: | - // KubePrism port. - ServerPort int `yaml:"port,omitempty"` + // Enable KubePrism support - will start local load balancing proxy. + ServerEnabled *bool `yaml:"enabled,omitempty" docgen:"{'in':'1.5'}"` + + // KubePrism port. + ServerPort int `yaml:"port,omitempty" docgen:"{'in':'1.5'}"` } // KubernetesTalosAPIAccessConfig describes the configuration for the Talos API access from Kubernetes pods. type KubernetesTalosAPIAccessConfig struct { - // description: | - // Enable Talos API access from Kubernetes pods. - AccessEnabled *bool `yaml:"enabled,omitempty"` - // description: | - // The list of Talos API roles which can be granted for access from Kubernetes pods. - // - // Empty list means that no roles can be granted, so access is blocked. - AccessAllowedRoles []string `yaml:"allowedRoles,omitempty"` - // description: | - // The list of Kubernetes namespaces Talos API access is available from. - AccessAllowedKubernetesNamespaces []string `yaml:"allowedKubernetesNamespaces,omitempty"` + // Enable Talos API access from Kubernetes pods. + AccessEnabled *bool `yaml:"enabled,omitempty" docgen:"{'in':'1.5'}"` + + // The list of Talos API roles which can be granted for access from Kubernetes pods. + AccessAllowedRoles []string `yaml:"allowedRoles,omitempty" docgen:"{'in':'1.5'}"` + + // The list of Kubernetes namespaces Talos API access is available from. + AccessAllowedKubernetesNamespaces []string `yaml:"allowedKubernetesNamespaces,omitempty" docgen:"{'in':'1.5'}"` } // HostDNSConfig describes the configuration for the host DNS resolver. @@ -2224,26 +1498,17 @@ type HostDNSConfig struct { // VolumeMountConfig struct describes extra volume mount for the static pods. type VolumeMountConfig struct { - // description: | - // Path on the host. - // examples: - // - value: '"/var/lib/auth"' - VolumeHostPath string `yaml:"hostPath"` - // description: | - // Path in the container. - // examples: - // - value: '"/etc/kubernetes/auth"' - VolumeMountPath string `yaml:"mountPath"` - // description: | - // Mount the volume read only. - // examples: - // - value: true - VolumeReadOnly bool `yaml:"readonly,omitempty"` + // Path on the host. + VolumeHostPath string `yaml:"hostPath" docgen:"{'in':'1.5'}"` + + // Path in the container. + VolumeMountPath string `yaml:"mountPath" docgen:"{'in':'1.5'}"` + + // Mount the volume read-only. + VolumeReadOnly bool `yaml:"readonly,omitempty" docgen:"{'in':'1.5'}"` } // ClusterInlineManifests is a list of ClusterInlineManifest. -// -//docgen:alias type ClusterInlineManifests []ClusterInlineManifest // UnmarshalYAML implements yaml.Unmarshaler. @@ -2265,170 +1530,127 @@ func (manifests *ClusterInlineManifests) UnmarshalYAML(value *yaml.Node) error { // ClusterInlineManifest struct describes inline bootstrap manifests for the user. type ClusterInlineManifest struct { - // description: | - // Name of the manifest. - // Name should be unique. - // examples: - // - value: '"csi"' - InlineManifestName string `yaml:"name"` - // description: | - // Manifest contents as a string. - // examples: - // - value: '"/etc/kubernetes/auth"' - InlineManifestContents string `yaml:"contents"` + // Specifies the name of the manifest. Name should be unique. + InlineManifestName string `yaml:"name" docgen:"{'in':'1.5'}"` + + // Manifest contents as a string. + InlineManifestContents string `yaml:"contents" docgen:"{'in':'1.5'}"` } // NetworkKubeSpan struct describes KubeSpan configuration. type NetworkKubeSpan struct { + // Determines whether to enable the KubeSpan feature. + KubeSpanEnabled *bool `yaml:"enabled,omitempty" docgen:"{'in':'1.5'}"` + + // Controls whether Kubernetes pod CIDRs are announced over KubeSpan from the node. + KubeSpanAdvertiseKubernetesNetworks *bool `yaml:"advertiseKubernetesNetworks,omitempty" docgen:"{'in':'1.5'}"` + + // Determines whether to skip sending traffic via KubeSpan if the peer connection state is not up. + KubeSpanAllowDownPeerBypass *bool `yaml:"allowDownPeerBypass,omitempty" docgen:"{'in':'1.5'}"` // description: | - // Enable the KubeSpan feature. - // Cluster discovery should be enabled with .cluster.discovery.enabled for KubeSpan to be enabled. - KubeSpanEnabled *bool `yaml:"enabled,omitempty"` - // description: | - // Control whether Kubernetes pod CIDRs are announced over KubeSpan from the node. - // If disabled, CNI handles encapsulating pod-to-pod traffic into some node-to-node tunnel, - // and KubeSpan handles the node-to-node traffic. - // If enabled, KubeSpan will take over pod-to-pod traffic and send it over KubeSpan directly. - // When enabled, KubeSpan should have a way to detect complete pod CIDRs of the node which - // is not always the case with CNIs not relying on Kubernetes for IPAM. - KubeSpanAdvertiseKubernetesNetworks *bool `yaml:"advertiseKubernetesNetworks,omitempty"` - // description: | - // Skip sending traffic via KubeSpan if the peer connection state is not up. - // This provides configurable choice between connectivity and security: either traffic is always - // forced to go via KubeSpan (even if Wireguard peer connection is not up), or traffic can go directly - // to the peer if Wireguard connection can't be established. - KubeSpanAllowDownPeerBypass *bool `yaml:"allowDownPeerBypass,omitempty"` - // description: | - // KubeSpan can collect and publish extra endpoints for each member of the cluster - // based on Wireguard endpoint information for each peer. - // This feature is disabled by default, don't enable it - // with high number of peers (>50) in the KubeSpan network (performance issues). - KubeSpanHarvestExtraEndpoints *bool `yaml:"harvestExtraEndpoints,omitempty"` - // description: | - // KubeSpan link MTU size. - // Default value is 1420. - KubeSpanMTU *uint32 `yaml:"mtu,omitempty"` - // description: | - // KubeSpan advanced filtering of network addresses . - // - // Settings in this section are optional, and settings apply only to the node. - KubeSpanFilters *KubeSpanFilters `yaml:"filters,omitempty"` + + // FIXME!!! + KubeSpanHarvestExtraEndpoints *bool `yaml:"harvestExtraEndpoints,omitempty" docgen:"{'in':'1.6'}"` + + // KubeSpan link MTU size. + KubeSpanMTU *uint32 `yaml:"mtu,omitempty" docgen:"{'in':'1.5'}"` + + // KubeSpan advanced filtering of network addresses. + KubeSpanFilters *KubeSpanFilters `yaml:"filters,omitempty" docgen:"{'in':'1.5'}"` } // KubeSpanFilters struct describes KubeSpan advanced network addresses filtering. type KubeSpanFilters struct { - // description: | - // Filter node addresses which will be advertised as KubeSpan endpoints for peer-to-peer Wireguard connections. - // - // By default, all addresses are advertised, and KubeSpan cycles through all endpoints until it finds one that works. - // - // Default value: no filtering. - // examples: - // - name: Exclude addresses in 192.168.0.0/16 subnet. - // value: '[]string{"0.0.0.0/0", "!192.168.0.0/16", "::/0"}' - KubeSpanFiltersEndpoints []string `yaml:"endpoints,omitempty"` + // Filters node addresses which will be advertised as KubeSpan endpoints for peer-to-peer Wireguard connections. + KubeSpanFiltersEndpoints []string `yaml:"endpoints,omitempty" docgen:"{'in':'1.5'}"` } // NetworkDeviceSelector struct describes network device selector. type NetworkDeviceSelector struct { - // description: PCI, USB bus prefix, supports matching by wildcard. - NetworkDeviceBus string `yaml:"busPath,omitempty"` - // description: Device hardware address, supports matching by wildcard. - NetworkDeviceHardwareAddress string `yaml:"hardwareAddr,omitempty"` - // description: PCI ID (vendor ID, product ID), supports matching by wildcard. - NetworkDevicePCIID string `yaml:"pciID,omitempty"` - // description: Kernel driver, supports matching by wildcard. - NetworkDeviceKernelDriver string `yaml:"driver,omitempty"` - // description: Select only physical devices. - NetworkDevicePhysical *bool `yaml:"physical,omitempty"` + // PCI, USB bus prefix, supports matching by wildcard. + NetworkDeviceBus string `yaml:"busPath,omitempty" docgen:"{'in':'1.5'}"` + + // Device hardware address, supports matching by wildcard. + NetworkDeviceHardwareAddress string `yaml:"hardwareAddr,omitempty" docgen:"{'in':'1.5'}"` + + // PCI ID (vendor ID, product ID), supports matching by wildcard. + NetworkDevicePCIID string `yaml:"pciID,omitempty" docgen:"{'in':'1.5'}"` + + // Kernel driver, supports matching by wildcard. + NetworkDeviceKernelDriver string `yaml:"driver,omitempty" docgen:"{'in':'1.5'}"` + + // Select only physical devices. + NetworkDevicePhysical *bool `yaml:"physical,omitempty" docgen:"{'in':'1.6'}"` } // ClusterDiscoveryConfig struct configures cluster membership discovery. type ClusterDiscoveryConfig struct { - // description: | - // Enable the cluster membership discovery feature. - // Cluster discovery is based on individual registries which are configured under the registries field. - DiscoveryEnabled *bool `yaml:"enabled,omitempty"` - // description: | - // Configure registries used for cluster member discovery. - DiscoveryRegistries DiscoveryRegistriesConfig `yaml:"registries"` + // Enables the cluster membership discovery feature. + DiscoveryEnabled *bool `yaml:"enabled,omitempty" docgen:"{'in':'1.5'}"` + + // Configures registries used for cluster member discovery. + DiscoveryRegistries DiscoveryRegistriesConfig `yaml:"registries" docgen:"{'in':'1.5'}"` } // DiscoveryRegistriesConfig struct configures cluster membership discovery. type DiscoveryRegistriesConfig struct { - // description: | - // Kubernetes registry uses Kubernetes API server to discover cluster members and stores additional information - // as annotations on the Node resources. - RegistryKubernetes RegistryKubernetesConfig `yaml:"kubernetes"` - // description: | - // Service registry is using an external service to push and pull information about cluster members. - RegistryService RegistryServiceConfig `yaml:"service"` + // Configures the Kubernetes discovery registry. + RegistryKubernetes RegistryKubernetesConfig `yaml:"kubernetes" docgen:"{'in':'1.5'}"` + + // Configures the external service discovery registry. + RegistryService RegistryServiceConfig `yaml:"service" docgen:"{'in':'1.5'}"` } // RegistryKubernetesConfig struct configures Kubernetes discovery registry. type RegistryKubernetesConfig struct { - // description: | - // Disable Kubernetes discovery registry. - RegistryDisabled *bool `yaml:"disabled,omitempty"` + // Disables the Kubernetes discovery registry. + RegistryDisabled *bool `yaml:"disabled,omitempty" docgen:"{'in':'1.5'}"` } // RegistryServiceConfig struct configures Kubernetes discovery registry. type RegistryServiceConfig struct { - // description: | - // Disable external service discovery registry. - RegistryDisabled *bool `yaml:"disabled,omitempty"` - // description: | - // External service endpoint. - // examples: - // - value: constants.DefaultDiscoveryServiceEndpoint - RegistryEndpoint string `yaml:"endpoint,omitempty"` + // Disables the external service discovery registry. + RegistryDisabled *bool `yaml:"disabled,omitempty" docgen:"{'in':'1.5'}"` + + // Specifies the external service endpoint. + RegistryEndpoint string `yaml:"endpoint,omitempty" docgen:"{'in':'1.5'}"` } // UdevConfig describes how the udev system should be configured. type UdevConfig struct { - // description: | - // List of udev rules to apply to the udev system - UdevRules []string `yaml:"rules,omitempty"` + // Lists udev rules to apply to the udev system. + UdevRules []string `yaml:"rules,omitempty" docgen:"{'in':'1.5'}"` } // LoggingConfig struct configures Talos logging. type LoggingConfig struct { - // description: | - // Logging destination. - LoggingDestinations []LoggingDestination `yaml:"destinations"` + // Specifies logging destinations. + LoggingDestinations []LoggingDestination `yaml:"destinations" docgen:"{'in':'1.5'}"` } // LoggingDestination struct configures Talos logging destination. type LoggingDestination struct { - // description: | - // Where to send logs. Supported protocols are "tcp" and "udp". - // examples: - // - value: loggingEndpointExample1() - // - value: loggingEndpointExample2() - LoggingEndpoint *Endpoint `yaml:"endpoint"` - // description: | - // Logs format. - // values: - // - json_lines - LoggingFormat string `yaml:"format"` - // description: | - // Extra tags (key-value) pairs to attach to every log message sent. - LoggingExtraTags map[string]string `yaml:"extraTags,omitempty"` + // Determines where to send logs. + LoggingEndpoint *Endpoint `yaml:"endpoint" docgen:"{'in':'1.5'}"` + + // Specifies the logs format. + LoggingFormat string `yaml:"format" docgen:"{'in':'1.5'}"` + + // Specifies exta tags (key-value) pairs to attach to every log message sent. + LoggingExtraTags map[string]string `yaml:"extraTags,omitempty" docgen:"{'in':'1.7'}"` } // KernelConfig struct configures Talos Linux kernel. type KernelConfig struct { - // description: | - // Kernel modules to load. - KernelModules []*KernelModuleConfig `yaml:"modules,omitempty"` + // Lists kernel modules to load. + KernelModules []*KernelModuleConfig `yaml:"modules,omitempty" docgen:"{'in':'1.5'}"` } // KernelModuleConfig struct configures Linux kernel modules to load. type KernelModuleConfig struct { - // description: | - // Module name. - ModuleName string `yaml:"name"` - // description: | - // Module parameters, changes applied after reboot. - ModuleParameters []string `yaml:"parameters,omitempty"` + // Specifies the module name. + ModuleName string `yaml:"name" docgen:"{'in':'1.5'}"` + + // Lists module parameters, changes applied after reboot. + ModuleParameters []string `yaml:"parameters,omitempty" docgen:"{'in':'1.5'}"` } diff --git a/pkg/machinery/config/types/v1alpha1/zz_generated.deepcopy.go b/pkg/machinery/config/types/v1alpha1/zz_generated.deepcopy.go index 027e512def9..0af39fd95b1 100644 --- a/pkg/machinery/config/types/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/machinery/config/types/v1alpha1/zz_generated.deepcopy.go @@ -1989,22 +1989,6 @@ func (in *NetworkKubeSpan) DeepCopy() *NetworkKubeSpan { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PodCheckpointer) DeepCopyInto(out *PodCheckpointer) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodCheckpointer. -func (in *PodCheckpointer) DeepCopy() *PodCheckpointer { - if in == nil { - return nil - } - out := new(PodCheckpointer) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ProxyConfig) DeepCopyInto(out *ProxyConfig) { *out = *in