| Field | Type | Description | Value(s) |
|---|---|---|---|
| `version` | string | Indicates the schema used to decode the contents. | `v1alpha1` |
| `debug` | bool | Enable verbose logging to the console. All system containers logs will flow into serial console. **Note:** To avoid breaking Talos bootstrap flow enable this option only if serial console can handle high message throughput. |
`true` `yes` `false` `no` |
| `machine` | MachineConfig | Provides machine specific configuration options. | |
| `cluster` | ClusterConfig | Provides cluster specific configuration options. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `type` | string | Defines the role of the machine within the cluster. **Control Plane** Control Plane node type designates the node as a control plane member. This means it will host etcd along with the Kubernetes controlplane components such as API Server, Controller Manager, Scheduler. **Worker** Worker node type designates the node as a worker node. This means it will be an available compute node for scheduling workloads. This node type was previously known as "join"; that value is still supported but deprecated. |
`controlplane` `worker` |
| `token` | string | The `token` is used by a machine to join the PKI of the cluster. Using this token, a machine will create a certificate signing request (CSR), and request a certificate that will be used as its' identity. |
|
| `ca` | PEMEncodedCertificateAndKey | The root certificate authority of the PKI. It is composed of a base64 encoded `crt` and `key`. |
|
| `acceptedCAs` | \[]PEMEncodedCertificate | The certificates issued by certificate authorities are accepted in addition to issuing 'ca'. It is composed of a base64 encoded \`crt\`\`. |
|
| `certSANs` | \[]string | Extra certificate subject alternative names for the machine's certificate. By default, all non-loopback interface IPs are automatically added to the certificate's SANs. |
|
| `controlPlane` | MachineControlPlaneConfig | Provides machine specific control plane configuration options. | |
| `kubelet` | KubeletConfig | Used to provide additional options to the kubelet. | |
| `pods` | \[]Unstructured | Used to provide static pod definitions to be run by the kubelet directly bypassing the kube-apiserver. Static pods can be used to run components which should be started before the Kubernetes control plane is up. Talos doesn't validate the pod definition. Updates to this field can be applied without a reboot. See [https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/](https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/). |
|
| `install` | InstallConfig | Used to provide instructions for installations. Note that this configuration section gets silently ignored by Talos images that are considered pre-installed. To make sure Talos installs according to the provided configuration, Talos should be booted with ISO or PXE-booted. |
|
| `files` | MachineFile | Allows the addition of user specified files. The value of `op` can be `create`, `overwrite`, or `append`. In the case of `create`, `path` must not exist. In the case of `overwrite`, and `append`, `path` must be a valid file. If an `op` value of `append` is used, the existing file will be appended. Note that the file contents are not required to be base64 encoded. |
|
| `sysctls` | map\[string]string | Used to configure the machine's sysctls. | |
| `sysfs` | map\[string]string | Used to configure the machine's sysfs. | |
| `features` | FeaturesConfig | Features describe individual Talos features that can be switched on or off. | |
| `udev` | UdevConfig | Configures the udev system. | |
| `logging` | LoggingConfig | Configures the logging system. | |
| `kernel` | KernelConfig | Configures the kernel. | |
| `seccompProfiles` | MachineSeccompProfile | Configures the seccomp profiles for the machine. | |
| `baseRuntimeSpecOverrides` | Unstructured | Override (patch) settings in the default OCI runtime spec for CRI containers. It can be used to set some default container settings which are not configurable in Kubernetes, for example default ulimits. Note: this change applies to all newly created containers, and it requires a reboot to take effect. |
|
| `nodeLabels` | map\[string]string | Configures the node labels for the machine. Note: In the default Kubernetes configuration, worker nodes are restricted to set labels with some prefixes (see [NodeRestriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) admission plugin). |
|
| `nodeAnnotations` | map\[string]string | Configures the node annotations for the machine. | |
| `nodeTaints` | map\[string]string | Configures the node taints for the machine. Effect is optional. Note: In the default Kubernetes configuration, worker nodes are not allowed to modify the taints (see [NodeRestriction](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction) admission plugin). |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `controllerManager` | MachineControllerManagerConfig | Controller manager machine specific configuration options. | |
| `scheduler` | MachineSchedulerConfig | Scheduler machine specific configuration options. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `disabled` | bool | Disable kube-controller-manager on the node. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `disabled` | bool | Disable kube-scheduler on the node. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `image` | string | The `image` field is an optional reference to an alternative kubelet image. | |
| `clusterDNS` | \[]string | The `ClusterDNS` field is an optional reference to an alternative kubelet clusterDNS ip list. | |
| `extraArgs` | Args | The `extraArgs` field is used to provide additional flags to the kubelet. | |
| `extraMounts` | ExtraMount | The `extraMounts` field is used to add additional mounts to the kubelet container. Note that either `bind` or `rbind` are required in the `options`. |
|
| `extraConfig` | Unstructured | The `extraConfig` field is used to provide kubelet configuration overrides. Some fields are not allowed to be overridden: authentication and authorization, cgroups configuration, ports, etc. |
|
| `credentialProviderConfig` | Unstructured | The `KubeletCredentialProviderConfig` field is used to provide kubelet credential configuration. | |
| `defaultRuntimeSeccompProfileEnabled` | bool | Enable container runtime default Seccomp profile. | `true` `yes` `false` `no` |
| `registerWithFQDN` | bool | The `registerWithFQDN` field is used to force kubelet to use the node FQDN for registration. This is required in clouds like AWS. |
`true` `yes` `false` `no` |
| `nodeIP` | KubeletNodeIPConfig | The `nodeIP` field is used to configure `--node-ip` flag for the kubelet. This is used when a node has multiple addresses to choose from. |
|
| `skipNodeRegistration` | bool | The `skipNodeRegistration` is used to run the kubelet without registering with the apiserver. This runs kubelet as standalone and only runs static pods. |
`true` `yes` `false` `no` |
| `disableManifestsDirectory` | bool | The `disableManifestsDirectory` field configures the kubelet to get static pod manifests from the /etc/kubernetes/manifests directory. It's recommended to configure static pods with the "pods" key instead. |
`true` `yes` `false` `no` |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `destination` | string | Destination is the absolute path where the mount will be placed in the container. | |
| `type` | string | Type specifies the mount kind. | |
| `source` | string | Source specifies the source path of the mount. | |
| `options` | \[]string | Options are fstab style mount options. | |
| `uidMappings` | LinuxIDMapping | UID/GID mappings used for changing file owners w/o calling chown, fs should support it. Every mount point could have its own mapping. |
|
| `gidMappings` | LinuxIDMapping | UID/GID mappings used for changing file owners w/o calling chown, fs should support it. Every mount point could have its own mapping. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `containerID` | uint32 | ContainerID is the starting UID/GID in the container. | |
| `hostID` | uint32 | HostID is the starting UID/GID on the host to be mapped to 'ContainerID'. | |
| `size` | uint32 | Size is the number of IDs to be mapped. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `containerID` | uint32 | ContainerID is the starting UID/GID in the container. | |
| `hostID` | uint32 | HostID is the starting UID/GID on the host to be mapped to 'ContainerID'. | |
| `size` | uint32 | Size is the number of IDs to be mapped. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `validSubnets` | \[]string | The `validSubnets` field configures the networks to pick kubelet node IP from. For dual stack configuration, there should be two subnets: one for IPv4, another for IPv6. IPs can be excluded from the list by using negative match with `!`, e.g `!10.0.0.0/8`. Negative subnet matches should be specified last to filter out IPs picked by positive matches. If not specified, node IP is picked based on cluster podCIDRs: IPv4/IPv6 address or both. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `disk` | string | The disk used for installations. | |
| `diskSelector` | InstallDiskSelector | Look up disk using disk attributes like model, size, serial and others. Always has priority over `disk`. |
|
| `image` | string | Allows for supplying the image used to perform the installation. Image reference for each Talos release can be found on [GitHub releases page](https://github.com/siderolabs/talos/releases). |
|
| `wipe` | bool | Indicates if the installation disk should be wiped at installation time. Defaults to `true`. |
`true` `yes` `false` `no` |
| `legacyBIOSSupport` | bool | Indicates if MBR partition should be marked as bootable (active). Should be enabled only for the systems with legacy BIOS that doesn't support GPT partitioning scheme. |
|
| `grubUseUKICmdline` | bool | Indicates if legacy GRUB bootloader should use kernel cmdline from the UKI instead of building it on the host. This changes the way cmdline is managed with GRUB bootloader to be more consistent with UKI/systemd-boot. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `size` | InstallDiskSizeMatcher | Disk size. | |
| `name` | string | Disk name `/sys/block/ |
|
| `model` | string | Disk model `/sys/block/ |
|
| `serial` | string | Disk serial number `/sys/block/ |
|
| `modalias` | string | Disk modalias `/sys/block/ |
|
| `uuid` | string | Disk UUID `/sys/block/ |
|
| `wwid` | string | Disk WWID `/sys/block/ |
|
| `type` | InstallDiskType | Disk Type. | `ssd` `hdd` `nvme` `sd` |
| `busPath` | string | Disk bus path. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `content` | string | The contents of the file. | |
| `permissions` | FileMode | The file's permissions in octal. | |
| `path` | string | The path of the file. | |
| `op` | string | The operation to use | `create` `append` `overwrite` |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `kubernetesTalosAPIAccess` | KubernetesTalosAPIAccessConfig | Configure Talos API access from Kubernetes pods. This feature is disabled if the feature config is not specified. |
|
| `diskQuotaSupport` | bool | Enable XFS project quota support for EPHEMERAL partition and user disks. Also enables kubelet tracking of ephemeral disk usage in the kubelet via quota. |
|
| `kubePrism` | KubePrism | KubePrism - local proxy/load balancer on defined port that will distribute requests to all API servers in the cluster. |
|
| `hostDNS` | HostDNSConfig | Configures host DNS caching resolver. | |
| `imageCache` | ImageCacheConfig | Enable Image Cache feature. | |
| `nodeAddressSortAlgorithm` | string | Select the node address sort algorithm. The 'v1' algorithm sorts addresses by the address itself. The 'v2' algorithm prefers more specific prefixes. If unset, defaults to 'v1'. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `enabled` | bool | Enable Talos API access from Kubernetes pods. | |
| `allowedRoles` | \[]string | The list of Talos API roles which can be granted for access from Kubernetes pods. Empty list means that no roles can be granted, so access is blocked. |
|
| `allowedKubernetesNamespaces` | \[]string | The list of Kubernetes namespaces Talos API access is available from. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `enabled` | bool | Enable KubePrism support - will start local load balancing proxy. | |
| `port` | int | KubePrism port. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `enabled` | bool | Enable host DNS caching resolver. | |
| `forwardKubeDNSToHost` | bool | Use the host DNS resolver as upstream for Kubernetes CoreDNS pods. When enabled, CoreDNS pods use host DNS server as the upstream DNS (instead of using configured upstream DNS resolvers directly). |
|
| `resolveMemberNames` | bool | Resolve member hostnames using the host DNS resolver. When enabled, cluster member hostnames and node names are resolved using the host DNS resolver. This requires service discovery to be enabled. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `localEnabled` | bool | Enable local image cache. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `rules` | \[]string | List of udev rules to apply to the udev system |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `destinations` | LoggingDestination | Logging destination. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `endpoint` | Endpoint | Where to send logs. Supported protocols are "tcp" and "udp". | |
| `format` | string | Logs format. | `json_lines` |
| `extraTags` | map\[string]string | Extra tags (key-value) pairs to attach to every log message sent. |
| Field | Type | Description | Value(s) |
|---|
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `modules` | KernelModuleConfig | Kernel modules to load. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `name` | string | Module name. | |
| `parameters` | \[]string | Module parameters, changes applied after reboot. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `name` | string | The `name` field is used to provide the file name of the seccomp profile. | |
| `value` | Unstructured | The `value` field is used to provide the seccomp profile. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `id` | string | Globally unique identifier for this cluster (base64 encoded random 32 bytes). | |
| `secret` | string | Shared secret of cluster (base64 encoded random 32 bytes). This secret is shared among cluster members but should never be sent over the network. |
|
| `controlPlane` | ControlPlaneConfig | Provides control plane specific configuration options. | |
| `clusterName` | string | Configures the cluster's name. | |
| `network` | ClusterNetworkConfig | Provides cluster specific network configuration options. | |
| `token` | string | The [bootstrap token](https://kubernetes.io/docs/reference/access-authn-authz/bootstrap-tokens/) used to join the cluster. | |
| `aescbcEncryptionSecret` | string | A key used for the [encryption of secret data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). Enables encryption with AESCBC. |
|
| `secretboxEncryptionSecret` | string | A key used for the [encryption of secret data at rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). Enables encryption with secretbox. Secretbox has precedence over AESCBC. |
|
| `ca` | PEMEncodedCertificateAndKey | The base64 encoded root certificate authority used by Kubernetes. | |
| `acceptedCAs` | \[]PEMEncodedCertificate | The list of base64 encoded accepted certificate authorities used by Kubernetes. | |
| `aggregatorCA` | PEMEncodedCertificateAndKey | The base64 encoded aggregator certificate authority used by Kubernetes for front-proxy certificate generation. This CA can be self-signed. |
|
| `serviceAccount` | PEMEncodedKey | The base64 encoded private key for service account token generation. | |
| `apiServer` | APIServerConfig | API server specific configuration options. | |
| `controllerManager` | ControllerManagerConfig | Controller manager server specific configuration options. | |
| `proxy` | ProxyConfig | Kube-proxy server-specific configuration options | |
| `scheduler` | SchedulerConfig | Scheduler server specific configuration options. | |
| `discovery` | ClusterDiscoveryConfig | Configures cluster member discovery. | |
| `etcd` | EtcdConfig | Etcd specific configuration options. | |
| `coreDNS` | CoreDNS | Core DNS specific configuration options. | |
| `externalCloudProvider` | ExternalCloudProviderConfig | External cloud provider configuration. | |
| `extraManifests` | \[]string | A list of urls that point to additional manifests. These will get automatically deployed as part of the bootstrap. |
|
| `extraManifestHeaders` | map\[string]string | A map of key value pairs that will be added while fetching the extraManifests. | |
| `inlineManifests` | ClusterInlineManifest | A list of inline Kubernetes manifests. These will get automatically deployed as part of the bootstrap. |
|
| `adminKubeconfig` | AdminKubeconfigConfig | Settings for admin kubeconfig generation. Certificate lifetime can be configured. |
|
| `allowSchedulingOnControlPlanes` | bool | Allows running workload on control-plane nodes. | `true` `yes` `false` `no` |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `endpoint` | Endpoint | Endpoint is the canonical controlplane endpoint, which can be an IP address or a DNS hostname. It is single-valued, and may optionally include a port number. |
|
| `localAPIServerPort` | int | The port that the API server listens on internally. This may be different than the port portion listed in the endpoint field above. The default is `6443`. |
| Field | Type | Description | Value(s) |
|---|
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `cni` | CNIConfig | The CNI used. Composed of "name" and "urls". The "name" key supports the following options: "flannel", "custom", and "none". "flannel" uses Talos-managed Flannel CNI, and that's the default option. "custom" uses custom manifests that should be provided in "urls". "none" indicates that Talos will not manage any CNI installation. |
|
| `dnsDomain` | string | The domain used by Kubernetes DNS. The default is `cluster.local` |
|
| `podSubnets` | \[]string | The pod subnet CIDR. | |
| `serviceSubnets` | \[]string | The service subnet CIDR. |
| Field | Type | Description | Value(s) | |
|---|---|---|---|---|
| `name` | string | Name of CNI to use. | `flannel` `custom` `none` |
|
| `urls` | \[]string | URLs containing manifests to apply for the CNI. Should be present for "custom", must be empty for "flannel" and "none". |
||
| `flannel` | FlannelCNIConfig | description: | Flannel configuration options. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `extraArgs` | \[]string | Extra arguments for 'flanneld'. | |
| `kubeNetworkPoliciesEnabled` | bool | Deploys kube-network-policies along with Flannel. This enables Kubernetes Network Policies support in the cluster. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `image` | string | The container image used in the API server manifest. | |
| `extraArgs` | Args | Extra arguments to supply to the API server. | |
| `extraVolumes` | VolumeMountConfig | Extra volumes to mount to the API server static pod. | |
| `env` | Env | The `env` field allows for the addition of environment variables for the control plane component. | |
| `certSANs` | \[]string | Extra certificate subject alternative names for the API server's certificate. | |
| `admissionControl` | AdmissionPluginConfig | Configure the API server admission plugins. | |
| `auditPolicy` | Unstructured | Configure the API server audit policy. | |
| `resources` | ResourcesConfig | Configure the API server resources. | |
| `authorizationConfig` | AuthorizationConfigAuthorizerConfig | Configure the API server authorization config. Node and RBAC authorizers are always added irrespective of the configuration. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `hostPath` | string | Path on the host. | |
| `mountPath` | string | Path in the container. | |
| `readonly` | bool | Mount the volume read only. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `name` | string | Name is the name of the admission controller. It must match the registered admission plugin name. |
|
| `configuration` | Unstructured | Configuration is an embedded configuration object to be used as the plugin's configuration. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `requests` | Unstructured | Requests configures the reserved cpu/memory resources. | |
| `limits` | Unstructured | Limits configures the maximum cpu/memory resources a container can use. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `type` | string | Type is the name of the authorizer. Allowed values are `Node`, `RBAC`, and `Webhook`. | |
| `name` | string | Name is used to describe the authorizer. | |
| `webhook` | Unstructured | webhook is the configuration for the webhook authorizer. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `image` | string | The container image used in the controller manager manifest. | |
| `extraArgs` | Args | Extra arguments to supply to the controller manager. | |
| `extraVolumes` | VolumeMountConfig | Extra volumes to mount to the controller manager static pod. | |
| `env` | Env | The `env` field allows for the addition of environment variables for the control plane component. | |
| `resources` | ResourcesConfig | Configure the controller manager resources. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `hostPath` | string | Path on the host. | |
| `mountPath` | string | Path in the container. | |
| `readonly` | bool | Mount the volume read only. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `requests` | Unstructured | Requests configures the reserved cpu/memory resources. | |
| `limits` | Unstructured | Limits configures the maximum cpu/memory resources a container can use. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `disabled` | bool | Disable kube-proxy deployment on cluster bootstrap. | |
| `image` | string | The container image used in the kube-proxy manifest. | |
| `mode` | string | proxy mode of kube-proxy. The default is 'iptables'. |
|
| `extraArgs` | Args | Extra arguments to supply to kube-proxy. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `image` | string | The container image used in the scheduler manifest. | |
| `extraArgs` | Args | Extra arguments to supply to the scheduler. | |
| `extraVolumes` | VolumeMountConfig | Extra volumes to mount to the scheduler static pod. | |
| `env` | Env | The `env` field allows for the addition of environment variables for the control plane component. | |
| `resources` | ResourcesConfig | Configure the scheduler resources. | |
| `config` | Unstructured | Specify custom kube-scheduler configuration. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `hostPath` | string | Path on the host. | |
| `mountPath` | string | Path in the container. | |
| `readonly` | bool | Mount the volume read only. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `requests` | Unstructured | Requests configures the reserved cpu/memory resources. | |
| `limits` | Unstructured | Limits configures the maximum cpu/memory resources a container can use. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `enabled` | bool | Enable the cluster membership discovery feature. Cluster discovery is based on individual registries which are configured under the registries field. |
|
| `registries` | DiscoveryRegistriesConfig | Configure registries used for cluster member discovery. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `kubernetes` | RegistryKubernetesConfig | Kubernetes registry uses Kubernetes API server to discover cluster members and stores additional information as annotations on the Node resources. This feature is deprecated as it is not compatible with Kubernetes 1.32+. See [https://github.com/siderolabs/talos/issues/9980](https://github.com/siderolabs/talos/issues/9980) for more information. |
|
| `service` | RegistryServiceConfig | Service registry is using an external service to push and pull information about cluster members. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `disabled` | bool | Disable Kubernetes discovery registry. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `disabled` | bool | Disable external service discovery registry. | |
| `endpoint` | string | External service endpoint. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `image` | string | The container image used to create the etcd service. | |
| `ca` | PEMEncodedCertificateAndKey | The `ca` is the root certificate authority of the PKI. It is composed of a base64 encoded `crt` and `key`. |
|
| `extraArgs` | Args | Extra arguments to supply to etcd. Note that the following args are not allowed: - `name` - `data-dir` - `initial-cluster-state` - `listen-peer-urls` - `listen-client-urls` - `cert-file` - `key-file` - `trusted-ca-file` - `peer-client-cert-auth` - `peer-cert-file` - `peer-trusted-ca-file` - `peer-key-file` |
|
| `advertisedSubnets` | \[]string | The `advertisedSubnets` field configures the networks to pick etcd advertised IP from. IPs can be excluded from the list by using negative match with `!`, e.g `!10.0.0.0/8`. Negative subnet matches should be specified last to filter out IPs picked by positive matches. If not specified, advertised IP is selected as the first routable address of the node. |
|
| `listenSubnets` | \[]string | The `listenSubnets` field configures the networks for the etcd to listen for peer and client connections. If `listenSubnets` is not set, but `advertisedSubnets` is set, `listenSubnets` defaults to `advertisedSubnets`. If neither `advertisedSubnets` nor `listenSubnets` is set, `listenSubnets` defaults to listen on all addresses. IPs can be excluded from the list by using negative match with `!`, e.g `!10.0.0.0/8`. Negative subnet matches should be specified last to filter out IPs picked by positive matches. If not specified, advertised IP is selected as the first routable address of the node. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `disabled` | bool | Disable coredns deployment on cluster bootstrap. | |
| `image` | string | The `image` field is an override to the default coredns image. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `enabled` | bool | Enable external cloud provider. | `true` `yes` `false` `no` |
| `manifests` | \[]string | A list of urls that point to additional manifests for an external cloud provider. These will get automatically deployed as part of the bootstrap. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `name` | string | Name of the manifest. Name should be unique. |
|
| `contents` | string | Manifest contents as a string. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `certLifetime` | Duration | Admin kubeconfig certificate lifetime (default is 1 year). Field format accepts any Go time.Duration format ('1h' for one hour, '10m' for ten minutes). |