v1alpha1

type AdditionalUserData struct {
	// In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/
	// NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp".
	// +optional
	// Deprecated: Data is reserved for the arbitrary cloud-init data
	Config string `json:"config,omitempty"`

	// Data allows to pass arbitrary set of key/value pairs consistent with
	// https://cloudinit.readthedocs.io/en/latest/reference/modules.html
	// to extend existing cloud-init configuration
	Data map[string]string `json:"data,omitempty"`

	// Strict controls if Config should be strictly parsed. If so, warnings are treated as errors.
	// +optional
	Strict bool `json:"strict,omitempty"`
}

type CISProfile string

type ComponentConfig struct {
	// ExtraEnv is a map of environment variables to pass on to a Kubernetes Component command.
	//+optional
	ExtraEnv map[string]string `json:"extraEnv,omitempty"`

	// ExtraArgs is a list of command line arguments (format: flag=value) to pass to a Kubernetes Component command.
	//+optional
	ExtraArgs []string `json:"extraArgs,omitempty"`

	// ExtraMounts is a map of volume mounts to be added for the Kubernetes component StaticPod
	//+optional
	ExtraMounts map[string]string `json:"extraMounts,omitempty"`

	// OverrideImage is a string that references a container image to override the default one for the Kubernetes Component
	//+optional
	OverrideImage string `json:"overrideImage,omitempty"`
}

type Encoding string

type File struct {
	// Path specifies the full path on disk where to store the file.
	Path string `json:"path"`

	// Owner specifies the ownership of the file, e.g. "root:root".
	//+optional
	Owner string `json:"owner,omitempty"`

	// Permissions specifies the permissions to assign to the file, e.g. "0640".
	//+optional
	Permissions string `json:"permissions,omitempty"`

	// Encoding specifies the encoding of the file contents.
	// +kubebuilder:validation:Enum=base64;gzip;gzip+base64
	//+optional
	Encoding Encoding `json:"encoding,omitempty"`

	// Content is the actual content of the file.
	//+optional
	Content string `json:"content,omitempty"`

	// ContentFrom is a referenced source of content to populate the file.
	//+optional
	ContentFrom *FileSource `json:"contentFrom,omitempty"`
}

type FileSource struct {
	// SecretFileSource represents a secret that should populate this file.
	Secret SecretFileSource `json:"secret"`
}

type Format string

type Mirror struct {
	// Endpoints are endpoints for a namespace. CRI plugin will try the endpoints
	// one by one until a working one is found. The endpoint must be a valid url
	// with host specified.
	// The scheme, host and path from the endpoint URL will be used.
	//+optional
	Endpoint []string `json:"endpoint,omitempty"`

	// Rewrites are repository rewrite rules for a namespace. When fetching image resources
	// from an endpoint and a key matches the repository via regular expression matching
	// it will be replaced with the corresponding value from the map in the resource request.
	//+optional
	Rewrite map[string]string `json:"rewrite,omitempty"`
}

type NTP struct {
	// Servers specifies which NTP servers to use
	// +optional
	Servers []string `json:"servers,omitempty"`

	// Enabled specifies whether NTP should be enabled
	// +optional
	Enabled *bool `json:"enabled,omitempty"`
}

type RKE2AgentConfig struct {
	// DataDir Folder to hold state.
	//+optional
	DataDir string `json:"dataDir,omitempty"`

	// NodeLabels  Registering and starting kubelet with set of labels.
	//+optional
	NodeLabels []string `json:"nodeLabels,omitempty"`

	// NodeAnnotations  are annotations that are created on nodes post bootstrap phase.
	// Unfortunately it is not possible to apply annotations via kubelet
	// using current bootstrap configurations.
	// Issue: https://github.com/kubernetes/kubernetes/issues/108046
	//+optional
	NodeAnnotations map[string]string `json:"nodeAnnotations,omitempty"`

	// NodeTaints Registering kubelet with set of taints.
	//+optional
	NodeTaints []string `json:"nodeTaints,omitempty"`

	// NodeNamePrefix Prefix to the Node Name that CAPI will generate.
	//+optional
	NodeNamePrefix string `json:"nodeName,omitempty"`

	// NTP specifies NTP configuration
	// +optional
	NTP *NTP `json:"ntp,omitempty"`

	// ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config
	// The config map should contain a key "credential-config.yaml" with YAML file content and
	// a key "credential-provider-binaries" with the a path to the binaries for the credential provider.
	//+optional
	ImageCredentialProviderConfigMap *corev1.ObjectReference `json:"imageCredentialProviderConfigMap,omitempty"`

	// ContainerRuntimeEndpoint Disable embedded containerd and use alternative CRI implementation.
	//+optional
	ContainerRuntimeEndpoint string `json:"containerRuntimeEndpoint,omitempty"`

	// Snapshotter override default containerd snapshotter (default: "overlayfs").
	//+optional
	Snapshotter string `json:"snapshotter,omitempty"`

	// CISProfile activates CIS compliance of RKE2 for a certain profile
	// +kubebuilder:validation:Enum=cis-1.23;cis-1.5;cis-1.6
	//+optional
	CISProfile CISProfile `json:"cisProfile,omitempty"`

	// ResolvConf is a reference to a ConfigMap containing resolv.conf content for the node.
	//+optional
	ResolvConf *corev1.ObjectReference `json:"resolvConf,omitempty"`

	// ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
	// if false, kernel tunable can be different from kubelet defaults
	//+optional
	ProtectKernelDefaults bool `json:"protectKernelDefaults,omitempty"`

	// SystemDefaultRegistry Private registry to be used for all system images.
	//+optional
	SystemDefaultRegistry string `json:"systemDefaultRegistry,omitempty"`

	// EnableContainerdSElinux defines the policy for enabling SELinux for Containerd
	// if value is true, Containerd will run with selinux-enabled=true flag
	// if value is false, Containerd will run without the above flag
	//+optional
	EnableContainerdSElinux bool `json:"enableContainerdSElinux,omitempty"`

	// KubeletPath Override kubelet binary path.
	//+optional
	KubeletPath string `json:"kubeletPath,omitempty"`

	// KubeletArgs Customized flag for kubelet process.
	//+optional
	Kubelet *ComponentConfig `json:"kubelet,omitempty"`

	// KubeProxyArgs Customized flag for kube-proxy process.
	//+optional
	KubeProxy *ComponentConfig `json:"kubeProxy,omitempty"`

	// RuntimeImage override image to use for runtime binaries (containerd, kubectl, crictl, etc).
	//+optional
	RuntimeImage string `json:"runtimeImage,omitempty"`

	// LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are
	// not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444).
	//+optional
	LoadBalancerPort int `json:"loadBalancerPort,omitempty"`

	// Version specifies the rke2 version.
	//+optional
	Version string `json:"version,omitempty"`

	// AirGapped is a boolean value to define if the bootstrapping should be air-gapped,
	// basically supposing that online container registries and RKE2 install scripts are not reachable.
	AirGapped bool `json:"airGapped,omitempty"`

	// Format specifies the output format of the bootstrap data. Defaults to cloud-config.
	// +optional
	Format Format `json:"format,omitempty"`

	// AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the
	// generated cloud-init/ignition script.
	//+optional
	AdditionalUserData AdditionalUserData `json:"additionalUserData,omitempty"`
}

type RKE2Config struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   RKE2ConfigSpec   `json:"spec,omitempty"`
	Status RKE2ConfigStatus `json:"status,omitempty"`
}

type RKE2ConfigList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RKE2Config `json:"items"`
}

type RKE2ConfigSpec struct {
	// Files specifies extra files to be passed to user_data upon creation.
	//+optional
	Files []File `json:"files,omitempty"`

	// PreRKE2Commands specifies extra commands to run before rke2 setup runs.
	//+optional
	PreRKE2Commands []string `json:"preRKE2Commands,omitempty"`

	// PostRKE2Commands specifies extra commands to run after rke2 setup runs.
	//+optional
	PostRKE2Commands []string `json:"postRKE2Commands,omitempty"`

	// AgentConfig specifies configuration for the agent nodes.
	//+optional
	AgentConfig RKE2AgentConfig `json:"agentConfig,omitempty"`

	// PrivateRegistriesConfig defines the containerd configuration for private registries and local registry mirrors.
	//+optional
	PrivateRegistriesConfig Registry `json:"privateRegistriesConfig,omitempty"`
}

type RKE2ConfigStatus struct {
	// Ready indicates the BootstrapData field is ready to be consumed.
	Ready bool `json:"ready,omitempty"`

	// DataSecretName is the name of the secret that stores the bootstrap data script.
	//+optional
	DataSecretName *string `json:"dataSecretName,omitempty"`

	// FailureReason will be set on non-retryable errors.
	//+optional
	FailureReason string `json:"failureReason,omitempty"`

	// FailureMessage will be set on non-retryable errors.
	//+optional
	FailureMessage string `json:"failureMessage,omitempty"`

	// ObservedGeneration is the latest generation observed by the controller.
	//+optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty"`

	// Conditions defines current service state of the RKE2Config.
	//+optional
	Conditions clusterv1.Conditions `json:"conditions,omitempty"`
}

type RKE2ConfigTemplate struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	// Spec details the RKE2ConfigTemplate specification.
	Spec RKE2ConfigTemplateSpec `json:"spec"`
}

type RKE2ConfigTemplateList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []RKE2ConfigTemplate `json:"items"`
}

type RKE2ConfigTemplateResource struct {
	// Spec is the RKE2ConfigSpec that should be used for the template.
	Spec RKE2ConfigSpec `json:"spec"`
}

type RKE2ConfigTemplateSpec struct {
	// Template references a RKE2ConfigTemplate, which is used to include an RKE2ConfigSpec struct.
	//	This is used to include a desired RKE2ConfigSpec configuration when an RKE2Config resource is generated by a MachineDeployment resource.
	Template RKE2ConfigTemplateResource `json:"template"`
}

type Registry struct {
	// Mirrors are namespace to mirror mapping for all namespaces.
	//+optional
	Mirrors map[string]Mirror `json:"mirrors,omitempty"`

	// Configs are configs for each registry.
	// The key is the FDQN or IP of the registry.
	//+optional
	Configs map[string]RegistryConfig `json:"configs,omitempty"`
}

type RegistryConfig struct {
	// Auth si a reference to a Secret containing information to authenticate to the registry.
	// The Secret must provite a username and a password data entry.
	//+optional
	AuthSecret corev1.ObjectReference `json:"authSecret,omitempty"`
	// TLS is a pair of CA/Cert/Key which then are used when creating the transport
	// that communicates with the registry.
	//+optional
	TLS TLSConfig `json:"tls,omitempty"`
}

type SecretFileSource struct {
	// Name of the secret in the RKE2BootstrapConfig's namespace to use.
	Name string `json:"name"`

	// Key is the key in the secret's data map for this value.
	Key string `json:"key"`
}

type TLSConfig struct {
	// TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt
	// which describe the TLS configuration necessary to connect to the registry.
	// +optional
	TLSConfigSecret corev1.ObjectReference `json:"tlsConfigSecret,omitempty"`

	// InsecureSkipVerify may be set to false to skip verifying the registry's certificate, default is true.
	//+optional
	InsecureSkipVerify bool `json:"insecureSkipVerify,omitempty"`
}