Packages:
- ami.aws.infrastructure.cluster.x-k8s.io/v1beta1
- bootstrap.aws.infrastructure.cluster.x-k8s.io/v1alpha1
- bootstrap.aws.infrastructure.cluster.x-k8s.io/v1beta1
- bootstrap.cluster.x-k8s.io/v1beta1
- bootstrap.cluster.x-k8s.io/v1beta2
- controlplane.cluster.x-k8s.io/v1beta1
- controlplane.cluster.x-k8s.io/v1beta2
- infrastructure.cluster.x-k8s.io/v1beta1
- infrastructure.cluster.x-k8s.io/v1beta2
ami.aws.infrastructure.cluster.x-k8s.io/v1beta1
Package v1beta1 contains API Schema definitions for the AMI v1beta1 API group
Resource Types:AWSAMI
AWSAMI defines an AMI.
Field | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||
spec AWSAMISpec |
|
AWSAMISpec
(Appears on:AWSAMI)
AWSAMISpec defines an AMI.
Field | Description |
---|---|
os string |
|
region string |
|
imageID string |
|
kubernetesVersion string |
bootstrap.aws.infrastructure.cluster.x-k8s.io/v1alpha1
Package v1alpha1 contains API Schema definitions for the bootstrap v1alpha1 API group
Resource Types:AWSIAMConfiguration
AWSIAMConfiguration controls the creation of AWS Identity and Access Management (IAM) resources for use by Kubernetes clusters and Kubernetes Cluster API Provider AWS.
Field | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
spec AWSIAMConfigurationSpec |
|
AWSIAMConfigurationSpec
(Appears on:AWSIAMConfiguration)
AWSIAMConfigurationSpec defines the specification of the AWSIAMConfiguration.
Field | Description |
---|---|
namePrefix string |
NamePrefix will be prepended to every AWS IAM role, user and policy created by clusterawsadm. Defaults to “”. |
nameSuffix string |
NameSuffix will be appended to every AWS IAM role, user and policy created by clusterawsadm. Defaults to “.cluster-api-provider-aws.sigs.k8s.io”. |
controlPlane ControlPlane |
ControlPlane controls the configuration of the AWS IAM role for a Kubernetes cluster’s control plane nodes. |
clusterAPIControllers ClusterAPIControllers |
ClusterAPIControllers controls the configuration of an IAM role and policy specifically for Kubernetes Cluster API Provider AWS. |
nodes Nodes |
Nodes controls the configuration of the AWS IAM role for all nodes in a Kubernetes cluster. |
bootstrapUser BootstrapUser |
BootstrapUser contains a list of elements that is specific to the configuration and enablement of an IAM user. |
stackName string |
StackName defines the name of the AWS CloudFormation stack. |
region string |
Region controls which region the control-plane is created in if not specified on the command line or via environment variables. |
eks EKSConfig |
EKS controls the configuration related to EKS. Settings in here affect the control plane and nodes roles |
eventBridge EventBridgeConfig |
EventBridge controls configuration for consuming EventBridge events |
partition string |
Partition is the AWS security partition being used. Defaults to “aws” |
secureSecretBackends []SecretBackend |
SecureSecretsBackend, when set to parameter-store will create AWS Systems Manager Parameter Storage policies. By default or with the value of secrets-manager, will generate AWS Secrets Manager policies instead. |
AWSIAMRoleSpec
(Appears on:ClusterAPIControllers, ControlPlane, EKSConfig, Nodes)
AWSIAMRoleSpec defines common configuration for AWS IAM roles created by Kubernetes Cluster API Provider AWS.
Field | Description |
---|---|
disable bool |
Disable if set to true will not create the AWS IAM role. Defaults to false. |
extraPolicyAttachments []string |
ExtraPolicyAttachments is a list of additional policies to be attached to the IAM role. |
extraStatements []Cluster API AWS iam/api/v1beta1.StatementEntry |
ExtraStatements are additional IAM statements to be included inline for the role. |
trustStatements []Cluster API AWS iam/api/v1beta1.StatementEntry |
TrustStatements is an IAM PolicyDocument defining what identities are allowed to assume this role. See “sigs.k8s.io/cluster-api-provider-aws/v2/cmd/clusterawsadm/api/iam/v1beta1” for more documentation. |
tags Tags |
Tags is a map of tags to be applied to the AWS IAM role. |
BootstrapUser
(Appears on:AWSIAMConfigurationSpec)
BootstrapUser contains a list of elements that is specific to the configuration and enablement of an IAM user.
Field | Description |
---|---|
enable bool |
Enable controls whether or not a bootstrap AWS IAM user will be created. This can be used to scope down the initial credentials used to bootstrap the cluster. Defaults to false. |
userName string |
UserName controls the username of the bootstrap user. Defaults to “bootstrapper.cluster-api-provider-aws.sigs.k8s.io” |
groupName string |
GroupName controls the group the user will belong to. Defaults to “bootstrapper.cluster-api-provider-aws.sigs.k8s.io” |
extraPolicyAttachments []string |
ExtraPolicyAttachments is a list of additional policies to be attached to the IAM user. |
extraGroups []string |
ExtraGroups is a list of groups to add this user to. |
extraStatements []Cluster API AWS iam/api/v1beta1.StatementEntry |
ExtraStatements are additional AWS IAM policy document statements to be included inline for the user. |
tags Tags |
Tags is a map of tags to be applied to the AWS IAM user. |
ClusterAPIControllers
(Appears on:AWSIAMConfigurationSpec)
ClusterAPIControllers controls the configuration of the AWS IAM role for the Kubernetes Cluster API Provider AWS controller.
Field | Description |
---|---|
AWSIAMRoleSpec AWSIAMRoleSpec |
(Members of |
allowedEC2InstanceProfiles []string |
AllowedEC2InstanceProfiles controls which EC2 roles are allowed to be
consumed by Cluster API when creating an ec2 instance. Defaults to
*. |
ControlPlane
(Appears on:AWSIAMConfigurationSpec)
ControlPlane controls the configuration of the AWS IAM role for the control plane of provisioned Kubernetes clusters.
Field | Description |
---|---|
AWSIAMRoleSpec AWSIAMRoleSpec |
(Members of |
disableClusterAPIControllerPolicyAttachment bool |
DisableClusterAPIControllerPolicyAttachment, if set to true, will not attach the AWS IAM policy for Cluster API Provider AWS to the control plane role. Defaults to false. |
disableCloudProviderPolicy bool |
DisableCloudProviderPolicy if set to true, will not generate and attach the AWS IAM policy for the AWS Cloud Provider. |
enableCSIPolicy bool |
EnableCSIPolicy if set to true, will generate and attach the AWS IAM policy for the EBS CSI Driver. |
EKSConfig
(Appears on:AWSIAMConfigurationSpec)
EKSConfig represents the EKS related configuration config.
Field | Description |
---|---|
disable bool |
Disable controls whether EKS-related permissions are granted |
iamRoleCreation bool |
AllowIAMRoleCreation controls whether the EKS controllers have permissions for creating IAM roles per cluster |
enableUserEKSConsolePolicy bool |
EnableUserEKSConsolePolicy controls the creation of the policy to view EKS nodes and workloads. |
defaultControlPlaneRole AWSIAMRoleSpec |
DefaultControlPlaneRole controls the configuration of the AWS IAM role for the EKS control plane. This is the default role that will be used if no role is included in the spec and automatic creation of the role isn’t enabled |
managedMachinePool AWSIAMRoleSpec |
ManagedMachinePool controls the configuration of the AWS IAM role for used by EKS managed machine pools. |
fargate AWSIAMRoleSpec |
Fargate controls the configuration of the AWS IAM role for used by EKS managed machine pools. |
kmsAliasPrefix string |
KMSAliasPrefix is prefix to use to restrict permission to KMS keys to only those that have an alias name that is prefixed by this. Defaults to cluster-api-provider-aws-* |
EventBridgeConfig
(Appears on:AWSIAMConfigurationSpec)
EventBridgeConfig represents configuration for enabling experimental feature to consume EventBridge EC2 events.
Field | Description |
---|---|
enable bool |
Enable controls whether permissions are granted to consume EC2 events |
Nodes
(Appears on:AWSIAMConfigurationSpec)
Nodes controls the configuration of the AWS IAM role for worker nodes in a cluster created by Kubernetes Cluster API Provider AWS.
Field | Description |
---|---|
AWSIAMRoleSpec AWSIAMRoleSpec |
(Members of |
disableCloudProviderPolicy bool |
DisableCloudProviderPolicy if set to true, will not generate and attach the policy for the AWS Cloud Provider. Defaults to false. |
ec2ContainerRegistryReadOnly bool |
EC2ContainerRegistryReadOnly controls whether the node has read-only access to the EC2 container registry |
bootstrap.aws.infrastructure.cluster.x-k8s.io/v1beta1
Package v1beta1 contains API Schema definitions for the bootstrap v1beta1 API group
Resource Types:AWSIAMConfiguration
AWSIAMConfiguration controls the creation of AWS Identity and Access Management (IAM) resources for use by Kubernetes clusters and Kubernetes Cluster API Provider AWS.
Field | Description | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
spec AWSIAMConfigurationSpec |
|
AWSIAMConfigurationSpec
(Appears on:AWSIAMConfiguration)
AWSIAMConfigurationSpec defines the specification of the AWSIAMConfiguration.
Field | Description |
---|---|
namePrefix string |
NamePrefix will be prepended to every AWS IAM role, user and policy created by clusterawsadm. Defaults to “”. |
nameSuffix string |
NameSuffix will be appended to every AWS IAM role, user and policy created by clusterawsadm. Defaults to “.cluster-api-provider-aws.sigs.k8s.io”. |
controlPlane ControlPlane |
ControlPlane controls the configuration of the AWS IAM role for a Kubernetes cluster’s control plane nodes. |
clusterAPIControllers ClusterAPIControllers |
ClusterAPIControllers controls the configuration of an IAM role and policy specifically for Kubernetes Cluster API Provider AWS. |
nodes Nodes |
Nodes controls the configuration of the AWS IAM role for all nodes in a Kubernetes cluster. |
bootstrapUser BootstrapUser |
BootstrapUser contains a list of elements that is specific to the configuration and enablement of an IAM user. |
stackName string |
StackName defines the name of the AWS CloudFormation stack. |
stackTags map[string]string |
(Optional)
StackTags defines the tags of the AWS CloudFormation stack. |
region string |
Region controls which region the control-plane is created in if not specified on the command line or via environment variables. |
eks EKSConfig |
EKS controls the configuration related to EKS. Settings in here affect the control plane and nodes roles |
eventBridge EventBridgeConfig |
EventBridge controls configuration for consuming EventBridge events |
partition string |
Partition is the AWS security partition being used. Defaults to “aws” |
secureSecretBackends []SecretBackend |
SecureSecretsBackend, when set to parameter-store will create AWS Systems Manager Parameter Storage policies. By default or with the value of secrets-manager, will generate AWS Secrets Manager policies instead. |
s3Buckets S3Buckets |
(Optional)
S3Buckets, when enabled, will add controller nodes permissions to create S3 Buckets for workload clusters. TODO: This field could be a pointer, but it seems it breaks setting default values? |
allowAssumeRole bool |
AllowAssumeRole enables the sts:AssumeRole permission within the CAPA policies |
AWSIAMRoleSpec
(Appears on:ClusterAPIControllers, ControlPlane, EKSConfig, Nodes)
AWSIAMRoleSpec defines common configuration for AWS IAM roles created by Kubernetes Cluster API Provider AWS.
Field | Description |
---|---|
disable bool |
Disable if set to true will not create the AWS IAM role. Defaults to false. |
extraPolicyAttachments []string |
ExtraPolicyAttachments is a list of additional policies to be attached to the IAM role. |
extraStatements []Cluster API AWS iam/api/v1beta1.StatementEntry |
ExtraStatements are additional IAM statements to be included inline for the role. |
trustStatements []Cluster API AWS iam/api/v1beta1.StatementEntry |
TrustStatements is an IAM PolicyDocument defining what identities are allowed to assume this role. See “sigs.k8s.io/cluster-api-provider-aws/v2/cmd/clusterawsadm/api/iam/v1beta1” for more documentation. |
tags Tags |
Tags is a map of tags to be applied to the AWS IAM role. |
BootstrapUser
(Appears on:AWSIAMConfigurationSpec)
BootstrapUser contains a list of elements that is specific to the configuration and enablement of an IAM user.
Field | Description |
---|---|
enable bool |
Enable controls whether or not a bootstrap AWS IAM user will be created. This can be used to scope down the initial credentials used to bootstrap the cluster. Defaults to false. |
userName string |
UserName controls the username of the bootstrap user. Defaults to “bootstrapper.cluster-api-provider-aws.sigs.k8s.io” |
groupName string |
GroupName controls the group the user will belong to. Defaults to “bootstrapper.cluster-api-provider-aws.sigs.k8s.io” |
extraPolicyAttachments []string |
ExtraPolicyAttachments is a list of additional policies to be attached to the IAM user. |
extraGroups []string |
ExtraGroups is a list of groups to add this user to. |
extraStatements []Cluster API AWS iam/api/v1beta1.StatementEntry |
ExtraStatements are additional AWS IAM policy document statements to be included inline for the user. |
tags Tags |
Tags is a map of tags to be applied to the AWS IAM user. |
ClusterAPIControllers
(Appears on:AWSIAMConfigurationSpec)
ClusterAPIControllers controls the configuration of the AWS IAM role for the Kubernetes Cluster API Provider AWS controller.
Field | Description |
---|---|
AWSIAMRoleSpec AWSIAMRoleSpec |
(Members of |
allowedEC2InstanceProfiles []string |
AllowedEC2InstanceProfiles controls which EC2 roles are allowed to be
consumed by Cluster API when creating an ec2 instance. Defaults to
*. |
ControlPlane
(Appears on:AWSIAMConfigurationSpec)
ControlPlane controls the configuration of the AWS IAM role for the control plane of provisioned Kubernetes clusters.
Field | Description |
---|---|
AWSIAMRoleSpec AWSIAMRoleSpec |
(Members of |
disableClusterAPIControllerPolicyAttachment bool |
DisableClusterAPIControllerPolicyAttachment, if set to true, will not attach the AWS IAM policy for Cluster API Provider AWS to the control plane role. Defaults to false. |
disableCloudProviderPolicy bool |
DisableCloudProviderPolicy if set to true, will not generate and attach the AWS IAM policy for the AWS Cloud Provider. |
enableCSIPolicy bool |
EnableCSIPolicy if set to true, will generate and attach the AWS IAM policy for the EBS CSI Driver. |
EKSConfig
(Appears on:AWSIAMConfigurationSpec)
EKSConfig represents the EKS related configuration config.
Field | Description |
---|---|
disable bool |
Disable controls whether EKS-related permissions are granted |
iamRoleCreation bool |
AllowIAMRoleCreation controls whether the EKS controllers have permissions for creating IAM roles per cluster |
enableUserEKSConsolePolicy bool |
EnableUserEKSConsolePolicy controls the creation of the policy to view EKS nodes and workloads. |
defaultControlPlaneRole AWSIAMRoleSpec |
DefaultControlPlaneRole controls the configuration of the AWS IAM role for the EKS control plane. This is the default role that will be used if no role is included in the spec and automatic creation of the role isn’t enabled |
managedMachinePool AWSIAMRoleSpec |
ManagedMachinePool controls the configuration of the AWS IAM role for used by EKS managed machine pools. |
fargate AWSIAMRoleSpec |
Fargate controls the configuration of the AWS IAM role for used by EKS managed machine pools. |
kmsAliasPrefix string |
KMSAliasPrefix is prefix to use to restrict permission to KMS keys to only those that have an alias name that is prefixed by this. Defaults to cluster-api-provider-aws-* |
EventBridgeConfig
(Appears on:AWSIAMConfigurationSpec)
EventBridgeConfig represents configuration for enabling experimental feature to consume EventBridge EC2 events.
Field | Description |
---|---|
enable bool |
Enable controls whether permissions are granted to consume EC2 events |
Nodes
(Appears on:AWSIAMConfigurationSpec)
Nodes controls the configuration of the AWS IAM role for worker nodes in a cluster created by Kubernetes Cluster API Provider AWS.
Field | Description |
---|---|
AWSIAMRoleSpec AWSIAMRoleSpec |
(Members of |
disableCloudProviderPolicy bool |
DisableCloudProviderPolicy if set to true, will not generate and attach the policy for the AWS Cloud Provider. Defaults to false. |
ec2ContainerRegistryReadOnly bool |
EC2ContainerRegistryReadOnly controls whether the node has read-only access to the EC2 container registry |
S3Buckets
(Appears on:AWSIAMConfigurationSpec)
S3Buckets controls the configuration of the AWS IAM role for S3 buckets which can be created for storing bootstrap data for nodes requiring it.
Field | Description |
---|---|
enable bool |
Enable controls whether permissions are granted to manage S3 buckets. |
namePrefix string |
NamePrefix will be prepended to every AWS IAM role bucket name. Defaults to “cluster-api-provider-aws-”. AWSCluster S3 Bucket name must be prefixed with the same prefix. |
bootstrap.cluster.x-k8s.io/v1beta1
Resource Types:EKSConfig
EKSConfig is the schema for the Amazon EKS Machine Bootstrap Configuration API.
Field | Description | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||
spec EKSConfigSpec |
|
||||||||||||||||
status EKSConfigStatus |
EKSConfigSpec
(Appears on:EKSConfig, EKSConfigTemplateResource)
EKSConfigSpec defines the desired state of Amazon EKS Bootstrap Configuration.
Field | Description |
---|---|
kubeletExtraArgs map[string]string |
(Optional)
KubeletExtraArgs passes the specified kubelet args into the Amazon EKS machine bootstrap script |
containerRuntime string |
(Optional)
ContainerRuntime specify the container runtime to use when bootstrapping EKS. |
dnsClusterIP string |
(Optional)
DNSClusterIP overrides the IP address to use for DNS queries within the cluster. |
dockerConfigJson string |
(Optional)
DockerConfigJson is used for the contents of the /etc/docker/daemon.json file. Useful if you want a custom config differing from the default one in the AMI. This is expected to be a json string. |
apiRetryAttempts int |
(Optional)
APIRetryAttempts is the number of retry attempts for AWS API call. |
pauseContainer PauseContainer |
(Optional)
PauseContainer allows customization of the pause container to use. |
useMaxPods bool |
(Optional)
UseMaxPods sets –max-pods for the kubelet when true. |
serviceIPV6Cidr string |
(Optional)
ServiceIPV6Cidr is the ipv6 cidr range of the cluster. If this is specified then the ip family will be set to ipv6. |
EKSConfigStatus
(Appears on:EKSConfig)
EKSConfigStatus defines the observed state of the Amazon EKS Bootstrap Configuration.
Field | Description |
---|---|
ready bool |
Ready indicates the BootstrapData secret is ready to be consumed |
dataSecretName string |
(Optional)
DataSecretName is the name of the secret that stores the bootstrap data script. |
failureReason string |
(Optional)
FailureReason will be set on non-retryable errors |
failureMessage string |
(Optional)
FailureMessage will be set on non-retryable errors |
observedGeneration int64 |
(Optional)
ObservedGeneration is the latest generation observed by the controller. |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current service state of the EKSConfig. |
EKSConfigTemplate
EKSConfigTemplate is the Amazon EKS Bootstrap Configuration Template API.
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec EKSConfigTemplateSpec |
|
EKSConfigTemplateResource
(Appears on:EKSConfigTemplateSpec)
EKSConfigTemplateResource defines the Template structure.
Field | Description | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
spec EKSConfigSpec |
|
EKSConfigTemplateSpec
(Appears on:EKSConfigTemplate)
EKSConfigTemplateSpec defines the desired state of templated EKSConfig Amazon EKS Bootstrap Configuration resources.
Field | Description |
---|---|
template EKSConfigTemplateResource |
PauseContainer
(Appears on:EKSConfigSpec)
PauseContainer contains details of pause container.
Field | Description |
---|---|
accountNumber string |
AccountNumber is the AWS account number to pull the pause container from. |
version string |
Version is the tag of the pause container to use. |
bootstrap.cluster.x-k8s.io/v1beta2
Package v1beta2 contains API Schema definitions for the Amazon EKS Bootstrap v1beta2 API group.
Resource Types:DiskSetup
(Appears on:EKSConfigSpec)
DiskSetup defines input for generated disk_setup and fs_setup in cloud-init.
Field | Description |
---|---|
partitions []Partition |
(Optional)
Partitions specifies the list of the partitions to setup. |
filesystems []Filesystem |
(Optional)
Filesystems specifies the list of file systems to setup. |
EKSConfig
EKSConfig is the schema for the Amazon EKS Machine Bootstrap Configuration API.
Field | Description | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||
spec EKSConfigSpec |
|
||||||||||||||||||||||||||||||||
status EKSConfigStatus |
EKSConfigSpec
(Appears on:EKSConfig, EKSConfigTemplateResource)
EKSConfigSpec defines the desired state of Amazon EKS Bootstrap Configuration.
Field | Description |
---|---|
kubeletExtraArgs map[string]string |
(Optional)
KubeletExtraArgs passes the specified kubelet args into the Amazon EKS machine bootstrap script |
containerRuntime string |
(Optional)
ContainerRuntime specify the container runtime to use when bootstrapping EKS. |
dnsClusterIP string |
(Optional)
DNSClusterIP overrides the IP address to use for DNS queries within the cluster. |
dockerConfigJson string |
(Optional)
DockerConfigJson is used for the contents of the /etc/docker/daemon.json file. Useful if you want a custom config differing from the default one in the AMI. This is expected to be a json string. |
apiRetryAttempts int |
(Optional)
APIRetryAttempts is the number of retry attempts for AWS API call. |
pauseContainer PauseContainer |
(Optional)
PauseContainer allows customization of the pause container to use. |
useMaxPods bool |
(Optional)
UseMaxPods sets –max-pods for the kubelet when true. |
serviceIPV6Cidr string |
(Optional)
ServiceIPV6Cidr is the ipv6 cidr range of the cluster. If this is specified then the ip family will be set to ipv6. |
preBootstrapCommands []string |
(Optional)
PreBootstrapCommands specifies extra commands to run before bootstrapping nodes to the cluster |
postBootstrapCommands []string |
(Optional)
PostBootstrapCommands specifies extra commands to run after bootstrapping nodes to the cluster |
boostrapCommandOverride string |
(Optional)
BootstrapCommandOverride allows you to override the bootstrap command to use for EKS nodes. |
files []File |
(Optional)
Files specifies extra files to be passed to user_data upon creation. |
diskSetup DiskSetup |
(Optional)
DiskSetup specifies options for the creation of partition tables and file systems on devices. |
mounts []MountPoints |
(Optional)
Mounts specifies a list of mount points to be setup. |
users []User |
(Optional)
Users specifies extra users to add |
ntp NTP |
(Optional)
NTP specifies NTP configuration |
EKSConfigStatus
(Appears on:EKSConfig)
EKSConfigStatus defines the observed state of the Amazon EKS Bootstrap Configuration.
Field | Description |
---|---|
ready bool |
Ready indicates the BootstrapData secret is ready to be consumed |
dataSecretName string |
(Optional)
DataSecretName is the name of the secret that stores the bootstrap data script. |
failureReason string |
(Optional)
FailureReason will be set on non-retryable errors |
failureMessage string |
(Optional)
FailureMessage will be set on non-retryable errors |
observedGeneration int64 |
(Optional)
ObservedGeneration is the latest generation observed by the controller. |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current service state of the EKSConfig. |
EKSConfigTemplate
EKSConfigTemplate is the Amazon EKS Bootstrap Configuration Template API.
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec EKSConfigTemplateSpec |
|
EKSConfigTemplateResource
(Appears on:EKSConfigTemplateSpec)
EKSConfigTemplateResource defines the Template structure.
Field | Description | ||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
spec EKSConfigSpec |
|
EKSConfigTemplateSpec
(Appears on:EKSConfigTemplate)
EKSConfigTemplateSpec defines the desired state of templated EKSConfig Amazon EKS Bootstrap Configuration resources.
Field | Description |
---|---|
template EKSConfigTemplateResource |
Encoding
(string
alias)
(Appears on:File)
Encoding specifies the cloud-init file encoding.
Value | Description |
---|---|
"base64" |
Base64 implies the contents of the file are encoded as base64. |
"gzip" |
Gzip implies the contents of the file are encoded with gzip. |
"gzip+base64" |
GzipBase64 implies the contents of the file are first base64 encoded and then gzip encoded. |
File
(Appears on:EKSConfigSpec)
File defines the input for generating write_files in cloud-init.
Field | Description |
---|---|
path string |
Path specifies the full path on disk where to store the file. |
owner string |
(Optional)
Owner specifies the ownership of the file, e.g. “root:root”. |
permissions string |
(Optional)
Permissions specifies the permissions to assign to the file, e.g. “0640”. |
encoding Encoding |
(Optional)
Encoding specifies the encoding of the file contents. |
append bool |
(Optional)
Append specifies whether to append Content to existing file if Path exists. |
content string |
(Optional)
Content is the actual content of the file. |
contentFrom FileSource |
(Optional)
ContentFrom is a referenced source of content to populate the file. |
FileSource
(Appears on:File)
FileSource is a union of all possible external source types for file data. Only one field may be populated in any given instance. Developers adding new sources of data for target systems should add them here.
Field | Description |
---|---|
secret SecretFileSource |
Secret represents a secret that should populate this file. |
Filesystem
(Appears on:DiskSetup)
Filesystem defines the file systems to be created.
Field | Description |
---|---|
device string |
Device specifies the device name |
filesystem string |
Filesystem specifies the file system type. |
label string |
Label specifies the file system label to be used. If set to None, no label is used. |
partition string |
(Optional)
Partition specifies the partition to use. The valid options are: “auto|any”, “auto”, “any”, “none”, and |
overwrite bool |
(Optional)
Overwrite defines whether or not to overwrite any existing filesystem. If true, any pre-existing file system will be destroyed. Use with Caution. |
extraOpts []string |
(Optional)
ExtraOpts defined extra options to add to the command for creating the file system. |
MountPoints
([]string
alias)
(Appears on:EKSConfigSpec)
MountPoints defines input for generated mounts in cloud-init.
NTP
(Appears on:EKSConfigSpec)
NTP defines input for generated ntp in cloud-init.
Field | Description |
---|---|
servers []string |
(Optional)
Servers specifies which NTP servers to use |
enabled bool |
(Optional)
Enabled specifies whether NTP should be enabled |
Partition
(Appears on:DiskSetup)
Partition defines how to create and layout a partition.
Field | Description |
---|---|
device string |
Device is the name of the device. |
layout bool |
Layout specifies the device layout. If it is true, a single partition will be created for the entire device. When layout is false, it means don’t partition or ignore existing partitioning. |
overwrite bool |
(Optional)
Overwrite describes whether to skip checks and create the partition if a partition or filesystem is found on the device. Use with caution. Default is ‘false’. |
tableType string |
(Optional)
TableType specifies the tupe of partition table. The following are supported: ‘mbr’: default and setups a MS-DOS partition table ‘gpt’: setups a GPT partition table |
PasswdSource
(Appears on:User)
PasswdSource is a union of all possible external source types for passwd data. Only one field may be populated in any given instance. Developers adding new sources of data for target systems should add them here.
Field | Description |
---|---|
secret SecretPasswdSource |
Secret represents a secret that should populate this password. |
PauseContainer
(Appears on:EKSConfigSpec)
PauseContainer contains details of pause container.
Field | Description |
---|---|
accountNumber string |
AccountNumber is the AWS account number to pull the pause container from. |
version string |
Version is the tag of the pause container to use. |
SecretFileSource
(Appears on:FileSource)
SecretFileSource adapts a Secret into a FileSource.
The contents of the target Secret’s Data field will be presented as files using the keys in the Data field as the file names.
Field | Description |
---|---|
name string |
Name of the secret in the KubeadmBootstrapConfig’s namespace to use. |
key string |
Key is the key in the secret’s data map for this value. |
SecretPasswdSource
(Appears on:PasswdSource)
SecretPasswdSource adapts a Secret into a PasswdSource.
The contents of the target Secret’s Data field will be presented as passwd using the keys in the Data field as the file names.
Field | Description |
---|---|
name string |
Name of the secret in the KubeadmBootstrapConfig’s namespace to use. |
key string |
Key is the key in the secret’s data map for this value. |
User
(Appears on:EKSConfigSpec)
User defines the input for a generated user in cloud-init.
Field | Description |
---|---|
name string |
Name specifies the username |
gecos string |
(Optional)
Gecos specifies the gecos to use for the user |
groups string |
(Optional)
Groups specifies the additional groups for the user |
homeDir string |
(Optional)
HomeDir specifies the home directory to use for the user |
inactive bool |
(Optional)
Inactive specifies whether to mark the user as inactive |
shell string |
(Optional)
Shell specifies the user’s shell |
passwd string |
(Optional)
Passwd specifies a hashed password for the user |
passwdFrom PasswdSource |
(Optional)
PasswdFrom is a referenced source of passwd to populate the passwd. |
primaryGroup string |
(Optional)
PrimaryGroup specifies the primary group for the user |
lockPassword bool |
(Optional)
LockPassword specifies if password login should be disabled |
sudo string |
(Optional)
Sudo specifies a sudo role for the user |
sshAuthorizedKeys []string |
(Optional)
SSHAuthorizedKeys specifies a list of ssh authorized keys for the user |
controlplane.cluster.x-k8s.io/v1beta1
Package v1beta1 contains API Schema definitions for the controlplane v1beta1 API group
Resource Types:AWSManagedControlPlane
AWSManagedControlPlane is the schema for the Amazon EKS Managed Control Plane API.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
spec AWSManagedControlPlaneSpec |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
status AWSManagedControlPlaneStatus |
AWSManagedControlPlaneSpec
(Appears on:AWSManagedControlPlane)
AWSManagedControlPlaneSpec defines the desired state of an Amazon EKS Cluster.
Field | Description |
---|---|
eksClusterName string |
(Optional)
EKSClusterName allows you to specify the name of the EKS cluster in AWS. If you don’t specify a name then a default name will be created based on the namespace and name of the managed control plane. |
identityRef AWSIdentityReference |
IdentityRef is a reference to an identity to be used when reconciling the managed control plane. If no identity is specified, the default identity for this controller will be used. |
network NetworkSpec |
NetworkSpec encapsulates all things related to AWS network. |
secondaryCidrBlock string |
(Optional)
SecondaryCidrBlock is the additional CIDR range to use for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. |
region string |
The AWS Region the cluster lives in. |
sshKeyName string |
(Optional)
SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) |
version string |
(Optional)
Version defines the desired Kubernetes version. If no version number is supplied then the latest version of Kubernetes that EKS supports will be used. |
roleName string |
(Optional)
RoleName specifies the name of IAM role that gives EKS permission to make API calls. If the role is pre-existing we will treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM feature flag is true and no name is supplied then a role is created. |
roleAdditionalPolicies []string |
(Optional)
RoleAdditionalPolicies allows you to attach additional polices to the control plane role. You must enable the EKSAllowAddRoles feature flag to incorporate these into the created role. |
logging ControlPlaneLoggingSpec |
(Optional)
Logging specifies which EKS Cluster logs should be enabled. Entries for each of the enabled logs will be sent to CloudWatch |
encryptionConfig EncryptionConfig |
(Optional)
EncryptionConfig specifies the encryption configuration for the cluster |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the ones added by default. |
iamAuthenticatorConfig IAMAuthenticatorConfig |
(Optional)
IAMAuthenticatorConfig allows the specification of any additional user or role mappings for use when generating the aws-iam-authenticator configuration. If this is nil the default configuration is still generated for the cluster. |
endpointAccess EndpointAccess |
(Optional)
Endpoints specifies access to this cluster’s control plane endpoints |
controlPlaneEndpoint Cluster API api/v1beta1.APIEndpoint |
(Optional)
ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. |
imageLookupFormat string |
(Optional)
ImageLookupFormat is the AMI naming format to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ |
imageLookupOrg string |
(Optional)
ImageLookupOrg is the AWS Organization ID to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. |
imageLookupBaseOS string |
ImageLookupBaseOS is the name of the base operating system used to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupBaseOS. |
bastion Bastion |
(Optional)
Bastion contains options to configure the bastion host. |
tokenMethod EKSTokenMethod |
TokenMethod is used to specify the method for obtaining a client token for communicating with EKS iam-authenticator - obtains a client token using iam-authentictor aws-cli - obtains a client token using the AWS CLI Defaults to iam-authenticator |
associateOIDCProvider bool |
AssociateOIDCProvider can be enabled to automatically create an identity provider for the controller for use with IAM roles for service accounts |
addons []sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta1.Addon |
(Optional)
Addons defines the EKS addons to enable with the EKS cluster. |
oidcIdentityProviderConfig OIDCIdentityProviderConfig |
(Optional)
IdentityProviderconfig is used to specify the oidc provider config to be attached with this eks cluster |
disableVPCCNI bool |
DisableVPCCNI indicates that the Amazon VPC CNI should be disabled. With EKS clusters the Amazon VPC CNI is automatically installed into the cluster. For clusters where you want to use an alternate CNI this option provides a way to specify that the Amazon VPC CNI should be deleted. You cannot set this to true if you are using the Amazon VPC CNI addon. |
vpcCni VpcCni |
(Optional)
VpcCni is used to set configuration options for the VPC CNI plugin |
kubeProxy KubeProxy |
KubeProxy defines managed attributes of the kube-proxy daemonset |
AWSManagedControlPlaneStatus
(Appears on:AWSManagedControlPlane)
AWSManagedControlPlaneStatus defines the observed state of an Amazon EKS Cluster.
Field | Description |
---|---|
networkStatus NetworkStatus |
(Optional)
Networks holds details about the AWS networking resources used by the control plane |
failureDomains Cluster API api/v1beta1.FailureDomains |
(Optional)
FailureDomains specifies a list fo available availability zones that can be used |
bastion Instance |
(Optional)
Bastion holds details of the instance that is used as a bastion jump box |
oidcProvider OIDCProviderStatus |
(Optional)
OIDCProvider holds the status of the identity provider for this cluster |
externalManagedControlPlane bool |
ExternalManagedControlPlane indicates to cluster-api that the control plane is managed by an external service such as AKS, EKS, GKE, etc. |
initialized bool |
(Optional)
Initialized denotes whether or not the control plane has the uploaded kubernetes config-map. |
ready bool |
Ready denotes that the AWSManagedControlPlane API Server is ready to receive requests and that the VPC infra is ready. |
failureMessage string |
(Optional)
ErrorMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message. |
conditions Cluster API api/v1beta1.Conditions |
Conditions specifies the cpnditions for the managed control plane |
addons []AddonState |
(Optional)
Addons holds the current status of the EKS addons |
identityProviderStatus IdentityProviderStatus |
(Optional)
IdentityProviderStatus holds the status for associated identity provider |
Addon
Addon represents a EKS addon.
Field | Description |
---|---|
name string |
Name is the name of the addon |
version string |
Version is the version of the addon to use |
configuration string |
(Optional)
Configuration of the EKS addon |
conflictResolution AddonResolution |
ConflictResolution is used to declare what should happen if there are parameter conflicts. Defaults to none |
serviceAccountRoleARN string |
(Optional)
ServiceAccountRoleArn is the ARN of an IAM role to bind to the addons service account |
AddonIssue
(Appears on:AddonState)
AddonIssue represents an issue with an addon.
Field | Description |
---|---|
code string |
Code is the issue code |
message string |
Message is the textual description of the issue |
resourceIds []string |
ResourceIDs is a list of resource ids for the issue |
AddonResolution
(string
alias)
(Appears on:Addon)
AddonResolution defines the method for resolving parameter conflicts.
AddonState
(Appears on:AWSManagedControlPlaneStatus)
AddonState represents the state of an addon.
Field | Description |
---|---|
name string |
Name is the name of the addon |
version string |
Version is the version of the addon to use |
arn string |
ARN is the AWS ARN of the addon |
serviceAccountRoleARN string |
ServiceAccountRoleArn is the ARN of the IAM role used for the service account |
createdAt Kubernetes meta/v1.Time |
CreatedAt is the date and time the addon was created at |
modifiedAt Kubernetes meta/v1.Time |
ModifiedAt is the date and time the addon was last modified |
status string |
Status is the status of the addon |
issues []AddonIssue |
Issues is a list of issue associated with the addon |
AddonStatus
(string
alias)
AddonStatus defines the status for an addon.
ControlPlaneLoggingSpec
(Appears on:AWSManagedControlPlaneSpec)
ControlPlaneLoggingSpec defines what EKS control plane logs that should be enabled.
Field | Description |
---|---|
apiServer bool |
APIServer indicates if the Kubernetes API Server log (kube-apiserver) shoulkd be enabled |
audit bool |
Audit indicates if the Kubernetes API audit log should be enabled |
authenticator bool |
Authenticator indicates if the iam authenticator log should be enabled |
controllerManager bool |
ControllerManager indicates if the controller manager (kube-controller-manager) log should be enabled |
scheduler bool |
Scheduler indicates if the Kubernetes scheduler (kube-scheduler) log should be enabled |
EKSTokenMethod
(string
alias)
(Appears on:AWSManagedControlPlaneSpec)
EKSTokenMethod defines the method for obtaining a client token to use when connecting to EKS.
EncryptionConfig
(Appears on:AWSManagedControlPlaneSpec)
EncryptionConfig specifies the encryption configuration for the EKS clsuter.
Field | Description |
---|---|
provider string |
Provider specifies the ARN or alias of the CMK (in AWS KMS) |
resources []*string |
Resources specifies the resources to be encrypted |
EndpointAccess
(Appears on:AWSManagedControlPlaneSpec)
EndpointAccess specifies how control plane endpoints are accessible.
Field | Description |
---|---|
public bool |
(Optional)
Public controls whether control plane endpoints are publicly accessible |
publicCIDRs []*string |
(Optional)
PublicCIDRs specifies which blocks can access the public endpoint |
private bool |
(Optional)
Private points VPC-internal control plane access to the private endpoint |
IAMAuthenticatorConfig
(Appears on:AWSManagedControlPlaneSpec)
IAMAuthenticatorConfig represents an aws-iam-authenticator configuration.
Field | Description |
---|---|
mapRoles []RoleMapping |
(Optional)
RoleMappings is a list of role mappings |
mapUsers []UserMapping |
(Optional)
UserMappings is a list of user mappings |
IdentityProviderStatus
(Appears on:AWSManagedControlPlaneStatus)
IdentityProviderStatus holds the status for associated identity provider
Field | Description |
---|---|
arn string |
ARN holds the ARN of associated identity provider |
status string |
Status holds current status of associated identity provider |
KubeProxy
(Appears on:AWSManagedControlPlaneSpec)
KubeProxy specifies how the kube-proxy daemonset is managed.
Field | Description |
---|---|
disable bool |
Disable set to true indicates that kube-proxy should be disabled. With EKS clusters kube-proxy is automatically installed into the cluster. For clusters where you want to use kube-proxy functionality that is provided with an alternate CNI, this option provides a way to specify that the kube-proxy daemonset should be deleted. You cannot set this to true if you are using the Amazon kube-proxy addon. |
KubernetesMapping
(Appears on:RoleMapping, UserMapping)
KubernetesMapping represents the kubernetes RBAC mapping.
Field | Description |
---|---|
username string |
UserName is a kubernetes RBAC user subject |
groups []string |
Groups is a list of kubernetes RBAC groups |
OIDCIdentityProviderConfig
(Appears on:AWSManagedControlPlaneSpec)
OIDCIdentityProviderConfig defines the configuration for an OIDC identity provider.
Field | Description |
---|---|
clientId string |
This is also known as audience. The ID for the client application that makes authentication requests to the OpenID identity provider. |
groupsClaim string |
(Optional)
The JWT claim that the provider uses to return your groups. |
groupsPrefix string |
(Optional)
The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the valueoidc: will create group names like oidc:engineering and oidc:infra. |
identityProviderConfigName string |
The name of the OIDC provider configuration. IdentityProviderConfigName is a required field |
issuerUrl string |
The URL of the OpenID identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin with https:// and should correspond to the iss claim in the provider’s OIDC ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. This URL should point to the level below .well-known/openid-configuration and must be publicly accessible over the internet. |
requiredClaims map[string]string |
(Optional)
The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. For the maximum number of claims that you can require, see Amazon EKS service quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) in the Amazon EKS User Guide. |
usernameClaim string |
(Optional)
The JSON Web Token (JWT) claim to use as the username. The default is sub, which is expected to be a unique identifier of the end user. You can choose other claims, such as email or name, depending on the OpenID identity provider. Claims other than email are prefixed with the issuer URL to prevent naming clashes with other plug-ins. |
usernamePrefix string |
(Optional)
The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, and username is a value other than email, the prefix defaults to issuerurl#. You can use the value - to disable all prefixing. |
tags Tags |
(Optional)
tags to apply to oidc identity provider association |
OIDCProviderStatus
(Appears on:AWSManagedControlPlaneStatus)
OIDCProviderStatus holds the status of the AWS OIDC identity provider.
Field | Description |
---|---|
arn string |
ARN holds the ARN of the provider |
trustPolicy string |
TrustPolicy contains the boilerplate IAM trust policy to use for IRSA |
RoleMapping
(Appears on:IAMAuthenticatorConfig)
RoleMapping represents a mapping from a IAM role to Kubernetes users and groups.
Field | Description |
---|---|
rolearn string |
RoleARN is the AWS ARN for the role to map |
KubernetesMapping KubernetesMapping |
(Members of KubernetesMapping holds the RBAC details for the mapping |
UserMapping
(Appears on:IAMAuthenticatorConfig)
UserMapping represents a mapping from an IAM user to Kubernetes users and groups.
Field | Description |
---|---|
userarn string |
UserARN is the AWS ARN for the user to map |
KubernetesMapping KubernetesMapping |
(Members of KubernetesMapping holds the RBAC details for the mapping |
VpcCni
(Appears on:AWSManagedControlPlaneSpec)
VpcCni specifies configuration related to the VPC CNI.
Field | Description |
---|---|
env []Kubernetes core/v1.EnvVar |
(Optional)
Env defines a list of environment variables to apply to the |
controlplane.cluster.x-k8s.io/v1beta2
Package v1beta2 contains API Schema definitions for the controlplane v1beta2 API group
Resource Types:AWSManagedControlPlane
AWSManagedControlPlane is the schema for the Amazon EKS Managed Control Plane API.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
spec AWSManagedControlPlaneSpec |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
status AWSManagedControlPlaneStatus |
AWSManagedControlPlaneSpec
(Appears on:AWSManagedControlPlane)
AWSManagedControlPlaneSpec defines the desired state of an Amazon EKS Cluster.
Field | Description |
---|---|
eksClusterName string |
(Optional)
EKSClusterName allows you to specify the name of the EKS cluster in AWS. If you don’t specify a name then a default name will be created based on the namespace and name of the managed control plane. |
identityRef AWSIdentityReference |
IdentityRef is a reference to an identity to be used when reconciling the managed control plane. If no identity is specified, the default identity for this controller will be used. |
network NetworkSpec |
NetworkSpec encapsulates all things related to AWS network. |
secondaryCidrBlock string |
(Optional)
SecondaryCidrBlock is the additional CIDR range to use for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. |
region string |
The AWS Region the cluster lives in. |
partition string |
(Optional)
Partition is the AWS security partition being used. Defaults to “aws” |
sshKeyName string |
(Optional)
SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) |
version string |
(Optional)
Version defines the desired Kubernetes version. If no version number is supplied then the latest version of Kubernetes that EKS supports will be used. |
roleName string |
(Optional)
RoleName specifies the name of IAM role that gives EKS permission to make API calls. If the role is pre-existing we will treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM feature flag is true and no name is supplied then a role is created. |
roleAdditionalPolicies []string |
(Optional)
RoleAdditionalPolicies allows you to attach additional polices to the control plane role. You must enable the EKSAllowAddRoles feature flag to incorporate these into the created role. |
logging ControlPlaneLoggingSpec |
(Optional)
Logging specifies which EKS Cluster logs should be enabled. Entries for each of the enabled logs will be sent to CloudWatch |
encryptionConfig EncryptionConfig |
(Optional)
EncryptionConfig specifies the encryption configuration for the cluster |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the ones added by default. |
iamAuthenticatorConfig IAMAuthenticatorConfig |
(Optional)
IAMAuthenticatorConfig allows the specification of any additional user or role mappings for use when generating the aws-iam-authenticator configuration. If this is nil the default configuration is still generated for the cluster. |
endpointAccess EndpointAccess |
(Optional)
Endpoints specifies access to this cluster’s control plane endpoints |
controlPlaneEndpoint Cluster API api/v1beta1.APIEndpoint |
(Optional)
ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. |
imageLookupFormat string |
(Optional)
ImageLookupFormat is the AMI naming format to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ |
imageLookupOrg string |
(Optional)
ImageLookupOrg is the AWS Organization ID to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. |
imageLookupBaseOS string |
ImageLookupBaseOS is the name of the base operating system used to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupBaseOS. |
bastion Bastion |
(Optional)
Bastion contains options to configure the bastion host. |
tokenMethod EKSTokenMethod |
TokenMethod is used to specify the method for obtaining a client token for communicating with EKS iam-authenticator - obtains a client token using iam-authentictor aws-cli - obtains a client token using the AWS CLI Defaults to iam-authenticator |
associateOIDCProvider bool |
AssociateOIDCProvider can be enabled to automatically create an identity provider for the controller for use with IAM roles for service accounts |
addons []sigs.k8s.io/cluster-api-provider-aws/v2/controlplane/eks/api/v1beta2.Addon |
(Optional)
Addons defines the EKS addons to enable with the EKS cluster. |
oidcIdentityProviderConfig OIDCIdentityProviderConfig |
(Optional)
IdentityProviderconfig is used to specify the oidc provider config to be attached with this eks cluster |
vpcCni VpcCni |
(Optional)
VpcCni is used to set configuration options for the VPC CNI plugin |
restrictPrivateSubnets bool |
RestrictPrivateSubnets indicates that the EKS control plane should only use private subnets. |
kubeProxy KubeProxy |
KubeProxy defines managed attributes of the kube-proxy daemonset |
AWSManagedControlPlaneStatus
(Appears on:AWSManagedControlPlane)
AWSManagedControlPlaneStatus defines the observed state of an Amazon EKS Cluster.
Field | Description |
---|---|
networkStatus NetworkStatus |
(Optional)
Networks holds details about the AWS networking resources used by the control plane |
failureDomains Cluster API api/v1beta1.FailureDomains |
(Optional)
FailureDomains specifies a list fo available availability zones that can be used |
bastion Instance |
(Optional)
Bastion holds details of the instance that is used as a bastion jump box |
oidcProvider OIDCProviderStatus |
(Optional)
OIDCProvider holds the status of the identity provider for this cluster |
externalManagedControlPlane bool |
ExternalManagedControlPlane indicates to cluster-api that the control plane is managed by an external service such as AKS, EKS, GKE, etc. |
initialized bool |
(Optional)
Initialized denotes whether or not the control plane has the uploaded kubernetes config-map. |
ready bool |
Ready denotes that the AWSManagedControlPlane API Server is ready to receive requests and that the VPC infra is ready. |
failureMessage string |
(Optional)
ErrorMessage indicates that there is a terminal problem reconciling the state, and will be set to a descriptive error message. |
conditions Cluster API api/v1beta1.Conditions |
Conditions specifies the cpnditions for the managed control plane |
addons []AddonState |
(Optional)
Addons holds the current status of the EKS addons |
identityProviderStatus IdentityProviderStatus |
(Optional)
IdentityProviderStatus holds the status for associated identity provider |
Addon
Addon represents a EKS addon.
Field | Description |
---|---|
name string |
Name is the name of the addon |
version string |
Version is the version of the addon to use |
configuration string |
(Optional)
Configuration of the EKS addon |
conflictResolution AddonResolution |
ConflictResolution is used to declare what should happen if there are parameter conflicts. Defaults to none |
serviceAccountRoleARN string |
(Optional)
ServiceAccountRoleArn is the ARN of an IAM role to bind to the addons service account |
AddonIssue
(Appears on:AddonState)
AddonIssue represents an issue with an addon.
Field | Description |
---|---|
code string |
Code is the issue code |
message string |
Message is the textual description of the issue |
resourceIds []string |
ResourceIDs is a list of resource ids for the issue |
AddonResolution
(string
alias)
(Appears on:Addon)
AddonResolution defines the method for resolving parameter conflicts.
AddonState
(Appears on:AWSManagedControlPlaneStatus)
AddonState represents the state of an addon.
Field | Description |
---|---|
name string |
Name is the name of the addon |
version string |
Version is the version of the addon to use |
arn string |
ARN is the AWS ARN of the addon |
serviceAccountRoleARN string |
ServiceAccountRoleArn is the ARN of the IAM role used for the service account |
createdAt Kubernetes meta/v1.Time |
CreatedAt is the date and time the addon was created at |
modifiedAt Kubernetes meta/v1.Time |
ModifiedAt is the date and time the addon was last modified |
status string |
Status is the status of the addon |
issues []AddonIssue |
Issues is a list of issue associated with the addon |
AddonStatus
(string
alias)
AddonStatus defines the status for an addon.
ControlPlaneLoggingSpec
(Appears on:AWSManagedControlPlaneSpec)
ControlPlaneLoggingSpec defines what EKS control plane logs that should be enabled.
Field | Description |
---|---|
apiServer bool |
APIServer indicates if the Kubernetes API Server log (kube-apiserver) shoulkd be enabled |
audit bool |
Audit indicates if the Kubernetes API audit log should be enabled |
authenticator bool |
Authenticator indicates if the iam authenticator log should be enabled |
controllerManager bool |
ControllerManager indicates if the controller manager (kube-controller-manager) log should be enabled |
scheduler bool |
Scheduler indicates if the Kubernetes scheduler (kube-scheduler) log should be enabled |
EKSTokenMethod
(string
alias)
(Appears on:AWSManagedControlPlaneSpec)
EKSTokenMethod defines the method for obtaining a client token to use when connecting to EKS.
EncryptionConfig
(Appears on:AWSManagedControlPlaneSpec)
EncryptionConfig specifies the encryption configuration for the EKS clsuter.
Field | Description |
---|---|
provider string |
Provider specifies the ARN or alias of the CMK (in AWS KMS) |
resources []*string |
Resources specifies the resources to be encrypted |
EndpointAccess
(Appears on:AWSManagedControlPlaneSpec)
EndpointAccess specifies how control plane endpoints are accessible.
Field | Description |
---|---|
public bool |
(Optional)
Public controls whether control plane endpoints are publicly accessible |
publicCIDRs []*string |
(Optional)
PublicCIDRs specifies which blocks can access the public endpoint |
private bool |
(Optional)
Private points VPC-internal control plane access to the private endpoint |
IAMAuthenticatorConfig
(Appears on:AWSManagedControlPlaneSpec)
IAMAuthenticatorConfig represents an aws-iam-authenticator configuration.
Field | Description |
---|---|
mapRoles []RoleMapping |
(Optional)
RoleMappings is a list of role mappings |
mapUsers []UserMapping |
(Optional)
UserMappings is a list of user mappings |
IdentityProviderStatus
(Appears on:AWSManagedControlPlaneStatus)
IdentityProviderStatus holds the status for associated identity provider.
Field | Description |
---|---|
arn string |
ARN holds the ARN of associated identity provider |
status string |
Status holds current status of associated identity provider |
KubeProxy
(Appears on:AWSManagedControlPlaneSpec)
KubeProxy specifies how the kube-proxy daemonset is managed.
Field | Description |
---|---|
disable bool |
Disable set to true indicates that kube-proxy should be disabled. With EKS clusters kube-proxy is automatically installed into the cluster. For clusters where you want to use kube-proxy functionality that is provided with an alternate CNI, this option provides a way to specify that the kube-proxy daemonset should be deleted. You cannot set this to true if you are using the Amazon kube-proxy addon. |
KubernetesMapping
(Appears on:RoleMapping, UserMapping)
KubernetesMapping represents the kubernetes RBAC mapping.
Field | Description |
---|---|
username string |
UserName is a kubernetes RBAC user subject |
groups []string |
Groups is a list of kubernetes RBAC groups |
OIDCIdentityProviderConfig
(Appears on:AWSManagedControlPlaneSpec)
OIDCIdentityProviderConfig represents the configuration for an OIDC identity provider.
Field | Description |
---|---|
clientId string |
This is also known as audience. The ID for the client application that makes authentication requests to the OpenID identity provider. |
groupsClaim string |
(Optional)
The JWT claim that the provider uses to return your groups. |
groupsPrefix string |
(Optional)
The prefix that is prepended to group claims to prevent clashes with existing names (such as system: groups). For example, the valueoidc: will create group names like oidc:engineering and oidc:infra. |
identityProviderConfigName string |
The name of the OIDC provider configuration. IdentityProviderConfigName is a required field |
issuerUrl string |
The URL of the OpenID identity provider that allows the API server to discover public signing keys for verifying tokens. The URL must begin with https:// and should correspond to the iss claim in the provider’s OIDC ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. This URL should point to the level below .well-known/openid-configuration and must be publicly accessible over the internet. |
requiredClaims map[string]string |
(Optional)
The key value pairs that describe required claims in the identity token. If set, each claim is verified to be present in the token with a matching value. For the maximum number of claims that you can require, see Amazon EKS service quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) in the Amazon EKS User Guide. |
usernameClaim string |
(Optional)
The JSON Web Token (JWT) claim to use as the username. The default is sub, which is expected to be a unique identifier of the end user. You can choose other claims, such as email or name, depending on the OpenID identity provider. Claims other than email are prefixed with the issuer URL to prevent naming clashes with other plug-ins. |
usernamePrefix string |
(Optional)
The prefix that is prepended to username claims to prevent clashes with existing names. If you do not provide this field, and username is a value other than email, the prefix defaults to issuerurl#. You can use the value - to disable all prefixing. |
tags Tags |
(Optional)
tags to apply to oidc identity provider association |
OIDCProviderStatus
(Appears on:AWSManagedControlPlaneStatus)
OIDCProviderStatus holds the status of the AWS OIDC identity provider.
Field | Description |
---|---|
arn string |
ARN holds the ARN of the provider |
trustPolicy string |
TrustPolicy contains the boilerplate IAM trust policy to use for IRSA |
RoleMapping
(Appears on:IAMAuthenticatorConfig)
RoleMapping represents a mapping from a IAM role to Kubernetes users and groups.
Field | Description |
---|---|
rolearn string |
RoleARN is the AWS ARN for the role to map |
KubernetesMapping KubernetesMapping |
(Members of KubernetesMapping holds the RBAC details for the mapping |
UserMapping
(Appears on:IAMAuthenticatorConfig)
UserMapping represents a mapping from an IAM user to Kubernetes users and groups.
Field | Description |
---|---|
userarn string |
UserARN is the AWS ARN for the user to map |
KubernetesMapping KubernetesMapping |
(Members of KubernetesMapping holds the RBAC details for the mapping |
VpcCni
(Appears on:AWSManagedControlPlaneSpec)
VpcCni specifies configuration related to the VPC CNI.
Field | Description |
---|---|
disable bool |
Disable indicates that the Amazon VPC CNI should be disabled. With EKS clusters the Amazon VPC CNI is automatically installed into the cluster. For clusters where you want to use an alternate CNI this option provides a way to specify that the Amazon VPC CNI should be deleted. You cannot set this to true if you are using the Amazon VPC CNI addon. |
env []Kubernetes core/v1.EnvVar |
(Optional)
Env defines a list of environment variables to apply to the |
AWSRolesRef
(Appears on:RosaControlPlaneSpec)
AWSRolesRef contains references to various AWS IAM roles required for operators to make calls against the AWS API.
Field | Description |
---|---|
ingressARN string |
The referenced role must have a trust relationship that allows it to be assumed via web identity. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html. Example: { “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Principal”: { “Federated”: “{{ .ProviderARN }}” }, “Action”: “sts:AssumeRoleWithWebIdentity”, “Condition”: { “StringEquals”: { “{{ .ProviderName }}:sub”: {{ .ServiceAccounts }} } } } ] } IngressARN is an ARN value referencing a role appropriate for the Ingress Operator. The following is an example of a valid policy document: { “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Action”: [ “elasticloadbalancing:DescribeLoadBalancers”, “tag:GetResources”, “route53:ListHostedZones” ], “Resource”: “*” }, { “Effect”: “Allow”, “Action”: [ “route53:ChangeResourceRecordSets” ], “Resource”: [ “arn:aws:route53:::PUBLIC_ZONE_ID”, “arn:aws:route53:::PRIVATE_ZONE_ID” ] } ] } |
imageRegistryARN string |
ImageRegistryARN is an ARN value referencing a role appropriate for the Image Registry Operator. The following is an example of a valid policy document: { “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Action”: [ “s3:CreateBucket”, “s3:DeleteBucket”, “s3:PutBucketTagging”, “s3:GetBucketTagging”, “s3:PutBucketPublicAccessBlock”, “s3:GetBucketPublicAccessBlock”, “s3:PutEncryptionConfiguration”, “s3:GetEncryptionConfiguration”, “s3:PutLifecycleConfiguration”, “s3:GetLifecycleConfiguration”, “s3:GetBucketLocation”, “s3:ListBucket”, “s3:GetObject”, “s3:PutObject”, “s3:DeleteObject”, “s3:ListBucketMultipartUploads”, “s3:AbortMultipartUpload”, “s3:ListMultipartUploadParts” ], “Resource”: “*” } ] } |
storageARN string |
StorageARN is an ARN value referencing a role appropriate for the Storage Operator. The following is an example of a valid policy document: { “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Action”: [ “ec2:AttachVolume”, “ec2:CreateSnapshot”, “ec2:CreateTags”, “ec2:CreateVolume”, “ec2:DeleteSnapshot”, “ec2:DeleteTags”, “ec2:DeleteVolume”, “ec2:DescribeInstances”, “ec2:DescribeSnapshots”, “ec2:DescribeTags”, “ec2:DescribeVolumes”, “ec2:DescribeVolumesModifications”, “ec2:DetachVolume”, “ec2:ModifyVolume” ], “Resource”: “*” } ] } |
networkARN string |
NetworkARN is an ARN value referencing a role appropriate for the Network Operator. The following is an example of a valid policy document: { “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Action”: [ “ec2:DescribeInstances”, “ec2:DescribeInstanceStatus”, “ec2:DescribeInstanceTypes”, “ec2:UnassignPrivateIpAddresses”, “ec2:AssignPrivateIpAddresses”, “ec2:UnassignIpv6Addresses”, “ec2:AssignIpv6Addresses”, “ec2:DescribeSubnets”, “ec2:DescribeNetworkInterfaces” ], “Resource”: “*” } ] } |
kubeCloudControllerARN string |
KubeCloudControllerARN is an ARN value referencing a role appropriate for the KCM/KCC. Source: https://cloud-provider-aws.sigs.k8s.io/prerequisites/#iam-policies The following is an example of a valid policy document: { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “autoscaling:DescribeAutoScalingGroups”, “autoscaling:DescribeLaunchConfigurations”, “autoscaling:DescribeTags”, “ec2:DescribeAvailabilityZones”, “ec2:DescribeInstances”, “ec2:DescribeImages”, “ec2:DescribeRegions”, “ec2:DescribeRouteTables”, “ec2:DescribeSecurityGroups”, “ec2:DescribeSubnets”, “ec2:DescribeVolumes”, “ec2:CreateSecurityGroup”, “ec2:CreateTags”, “ec2:CreateVolume”, “ec2:ModifyInstanceAttribute”, “ec2:ModifyVolume”, “ec2:AttachVolume”, “ec2:AuthorizeSecurityGroupIngress”, “ec2:CreateRoute”, “ec2:DeleteRoute”, “ec2:DeleteSecurityGroup”, “ec2:DeleteVolume”, “ec2:DetachVolume”, “ec2:RevokeSecurityGroupIngress”, “ec2:DescribeVpcs”, “elasticloadbalancing:AddTags”, “elasticloadbalancing:AttachLoadBalancerToSubnets”, “elasticloadbalancing:ApplySecurityGroupsToLoadBalancer”, “elasticloadbalancing:CreateLoadBalancer”, “elasticloadbalancing:CreateLoadBalancerPolicy”, “elasticloadbalancing:CreateLoadBalancerListeners”, “elasticloadbalancing:ConfigureHealthCheck”, “elasticloadbalancing:DeleteLoadBalancer”, “elasticloadbalancing:DeleteLoadBalancerListeners”, “elasticloadbalancing:DescribeLoadBalancers”, “elasticloadbalancing:DescribeLoadBalancerAttributes”, “elasticloadbalancing:DetachLoadBalancerFromSubnets”, “elasticloadbalancing:DeregisterInstancesFromLoadBalancer”, “elasticloadbalancing:ModifyLoadBalancerAttributes”, “elasticloadbalancing:RegisterInstancesWithLoadBalancer”, “elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer”, “elasticloadbalancing:AddTags”, “elasticloadbalancing:CreateListener”, “elasticloadbalancing:CreateTargetGroup”, “elasticloadbalancing:DeleteListener”, “elasticloadbalancing:DeleteTargetGroup”, “elasticloadbalancing:DeregisterTargets”, “elasticloadbalancing:DescribeListeners”, “elasticloadbalancing:DescribeLoadBalancerPolicies”, “elasticloadbalancing:DescribeTargetGroups”, “elasticloadbalancing:DescribeTargetHealth”, “elasticloadbalancing:ModifyListener”, “elasticloadbalancing:ModifyTargetGroup”, “elasticloadbalancing:RegisterTargets”, “elasticloadbalancing:SetLoadBalancerPoliciesOfListener”, “iam:CreateServiceLinkedRole”, “kms:DescribeKey” ], “Resource”: [ “*” ], “Effect”: “Allow” } ] } |
nodePoolManagementARN string |
NodePoolManagementARN is an ARN value referencing a role appropriate for the CAPI Controller. The following is an example of a valid policy document: { “Version”: “2012-10-17”, “Statement”: [ { “Action”: [ “ec2:AssociateRouteTable”, “ec2:AttachInternetGateway”, “ec2:AuthorizeSecurityGroupIngress”, “ec2:CreateInternetGateway”, “ec2:CreateNatGateway”, “ec2:CreateRoute”, “ec2:CreateRouteTable”, “ec2:CreateSecurityGroup”, “ec2:CreateSubnet”, “ec2:CreateTags”, “ec2:DeleteInternetGateway”, “ec2:DeleteNatGateway”, “ec2:DeleteRouteTable”, “ec2:DeleteSecurityGroup”, “ec2:DeleteSubnet”, “ec2:DeleteTags”, “ec2:DescribeAccountAttributes”, “ec2:DescribeAddresses”, “ec2:DescribeAvailabilityZones”, “ec2:DescribeImages”, “ec2:DescribeInstances”, “ec2:DescribeInternetGateways”, “ec2:DescribeNatGateways”, “ec2:DescribeNetworkInterfaces”, “ec2:DescribeNetworkInterfaceAttribute”, “ec2:DescribeRouteTables”, “ec2:DescribeSecurityGroups”, “ec2:DescribeSubnets”, “ec2:DescribeVpcs”, “ec2:DescribeVpcAttribute”, “ec2:DescribeVolumes”, “ec2:DetachInternetGateway”, “ec2:DisassociateRouteTable”, “ec2:DisassociateAddress”, “ec2:ModifyInstanceAttribute”, “ec2:ModifyNetworkInterfaceAttribute”, “ec2:ModifySubnetAttribute”, “ec2:RevokeSecurityGroupIngress”, “ec2:RunInstances”, “ec2:TerminateInstances”, “tag:GetResources”, “ec2:CreateLaunchTemplate”, “ec2:CreateLaunchTemplateVersion”, “ec2:DescribeLaunchTemplates”, “ec2:DescribeLaunchTemplateVersions”, “ec2:DeleteLaunchTemplate”, “ec2:DeleteLaunchTemplateVersions” ], “Resource”: [ “” ], “Effect”: “Allow” }, { “Condition”: { “StringLike”: { “iam:AWSServiceName”: “elasticloadbalancing.amazonaws.com” } }, “Action”: [ “iam:CreateServiceLinkedRole” ], “Resource”: [ “arn::iam:::role/aws-service-role/elasticloadbalancing.amazonaws.com/AWSServiceRoleForElasticLoadBalancing” ], “Effect”: “Allow” }, { “Action”: [ “iam:PassRole” ], “Resource”: [ “arn::iam:::role/-worker-role” ], “Effect”: “Allow” }, { “Effect”: “Allow”, “Action”: [ “kms:Decrypt”, “kms:ReEncrypt”, “kms:GenerateDataKeyWithoutPlainText”, “kms:DescribeKey” ], “Resource”: “” }, { “Effect”: “Allow”, “Action”: [ “kms:CreateGrant” ], “Resource”: “”, “Condition”: { “Bool”: { “kms:GrantIsForAWSResource”: true } } } ] } |
controlPlaneOperatorARN string |
ControlPlaneOperatorARN is an ARN value referencing a role appropriate for the Control Plane Operator. The following is an example of a valid policy document: { “Version”: “2012-10-17”, “Statement”: [ { “Effect”: “Allow”, “Action”: [ “ec2:CreateVpcEndpoint”, “ec2:DescribeVpcEndpoints”, “ec2:ModifyVpcEndpoint”, “ec2:DeleteVpcEndpoints”, “ec2:CreateTags”, “route53:ListHostedZones”, “ec2:CreateSecurityGroup”, “ec2:AuthorizeSecurityGroupIngress”, “ec2:AuthorizeSecurityGroupEgress”, “ec2:DeleteSecurityGroup”, “ec2:RevokeSecurityGroupIngress”, “ec2:RevokeSecurityGroupEgress”, “ec2:DescribeSecurityGroups”, “ec2:DescribeVpcs”, ], “Resource”: “*” }, { “Effect”: “Allow”, “Action”: [ “route53:ChangeResourceRecordSets”, “route53:ListResourceRecordSets” ], “Resource”: “arn:aws:route53:::%s” } ] } |
kmsProviderARN string |
DefaultMachinePoolSpec
(Appears on:RosaControlPlaneSpec)
DefaultMachinePoolSpec defines the configuration for the required worker nodes provisioned as part of the cluster creation.
Field | Description |
---|---|
instanceType string |
(Optional)
The instance type to use, for example |
autoscaling RosaMachinePoolAutoScaling |
(Optional)
Autoscaling specifies auto scaling behaviour for the default MachinePool. Autoscaling min/max value must be equal or multiple of the availability zones count. |
ExternalAuthProvider
(Appears on:RosaControlPlaneSpec)
ExternalAuthProvider is an external OIDC identity provider that can issue tokens for this cluster
Field | Description |
---|---|
name string |
Name of the OIDC provider |
issuer TokenIssuer |
Issuer describes attributes of the OIDC token issuer |
oidcClients []OIDCClientConfig |
(Optional)
OIDCClients contains configuration for the platform’s clients that need to request tokens from the issuer |
claimMappings TokenClaimMappings |
(Optional)
ClaimMappings describes rules on how to transform information from an ID token into a cluster identity |
claimValidationRules []TokenClaimValidationRule |
ClaimValidationRules are rules that are applied to validate token claims to authenticate users. |
LocalObjectReference
(Appears on:OIDCClientConfig, TokenIssuer)
LocalObjectReference references an object in the same namespace.
Field | Description |
---|---|
name string |
Name is the metadata.name of the referenced object. |
NetworkSpec
(Appears on:RosaControlPlaneSpec)
NetworkSpec for ROSA-HCP.
Field | Description |
---|---|
machineCIDR string |
(Optional)
IP addresses block used by OpenShift while installing the cluster, for example “10.0.0.0/16”. |
podCIDR string |
(Optional)
IP address block from which to assign pod IP addresses, for example |
serviceCIDR string |
(Optional)
IP address block from which to assign service IP addresses, for example |
hostPrefix int |
(Optional)
Network host prefix which is defaulted to |
networkType string |
(Optional)
The CNI network type default is OVNKubernetes. |
OIDCClientConfig
(Appears on:ExternalAuthProvider)
OIDCClientConfig contains configuration for the platform’s client that need to request tokens from the issuer.
Field | Description |
---|---|
componentName string |
ComponentName is the name of the component that is supposed to consume this client configuration |
componentNamespace string |
ComponentNamespace is the namespace of the component that is supposed to consume this client configuration |
clientID string |
ClientID is the identifier of the OIDC client from the OIDC provider |
clientSecret LocalObjectReference |
ClientSecret refers to a secret that
contains the client secret in the |
extraScopes []string |
(Optional)
ExtraScopes is an optional set of scopes to request tokens with. |
PrefixedClaimMapping
(Appears on:TokenClaimMappings)
PrefixedClaimMapping defines claims with a prefix.
Field | Description |
---|---|
claim string |
Claim is a JWT token claim to be used in the mapping |
prefix string |
Prefix is a string to prefix the value from the token in the result of the claim mapping. By default, no prefixing occurs. Example: if |
ROSAControlPlane
ROSAControlPlane is the Schema for the ROSAControlPlanes API.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||
spec RosaControlPlaneSpec |
|
||||||||||||||||||||||||||||||||||||||||||||||||
status RosaControlPlaneStatus |
RosaControlPlaneSpec
(Appears on:ROSAControlPlane)
RosaControlPlaneSpec defines the desired state of ROSAControlPlane.
Field | Description |
---|---|
rosaClusterName string |
Cluster name must be valid DNS-1035 label, so it must consist of lower case alphanumeric characters or ‘-’, start with an alphabetic character, end with an alphanumeric character and have a max length of 54 characters. |
domainPrefix string |
(Optional)
DomainPrefix is an optional prefix added to the cluster’s domain name. It will be used when generating a sub-domain for the cluster on openshiftapps domain. It must be valid DNS-1035 label consisting of lower case alphanumeric characters or ‘-’, start with an alphabetic character end with an alphanumeric character and have a max length of 15 characters. |
subnets []string |
The Subnet IDs to use when installing the cluster. SubnetIDs should come in pairs; two per availability zone, one private and one public. |
availabilityZones []string |
AvailabilityZones describe AWS AvailabilityZones of the worker nodes. should match the AvailabilityZones of the provided Subnets. a machinepool will be created for each availabilityZone. |
region string |
The AWS Region the cluster lives in. |
version string |
OpenShift semantic version, for example “4.14.5”. |
rolesRef AWSRolesRef |
AWS IAM roles used to perform credential requests by the openshift operators. |
oidcID string |
The ID of the internal OpenID Connect Provider. |
enableExternalAuthProviders bool |
(Optional)
EnableExternalAuthProviders enables external authentication configuration for the cluster. |
externalAuthProviders []ExternalAuthProvider |
ExternalAuthProviders are external OIDC identity providers that can issue tokens for this cluster. Can only be set if “enableExternalAuthProviders” is set to “True”. At most one provider can be configured. |
installerRoleARN string |
InstallerRoleARN is an AWS IAM role that OpenShift Cluster Manager will assume to create the cluster.. |
supportRoleARN string |
SupportRoleARN is an AWS IAM role used by Red Hat SREs to enable access to the cluster account in order to provide support. |
workerRoleARN string |
WorkerRoleARN is an AWS IAM role that will be attached to worker instances. |
billingAccount string |
(Optional)
BillingAccount is an optional AWS account to use for billing the subscription fees for ROSA clusters. The cost of running each ROSA cluster will be billed to the infrastructure account in which the cluster is running. |
defaultMachinePoolSpec DefaultMachinePoolSpec |
(Optional)
DefaultMachinePoolSpec defines the configuration for the default machinepool(s) provisioned as part of the cluster creation.
One MachinePool will be created with this configuration per AvailabilityZone. Those default machinepools are required for openshift cluster operators
to work properly.
As these machinepool not created using ROSAMachinePool CR, they will not be visible/managed by ROSA CAPI provider.
This field will be removed in the future once the current limitation is resolved. |
network NetworkSpec |
(Optional)
Network config for the ROSA HCP cluster. |
endpointAccess RosaEndpointAccessType |
(Optional)
EndpointAccess specifies the publishing scope of cluster endpoints. The default is Public. |
additionalTags Tags |
(Optional)
AdditionalTags are user-defined tags to be added on the AWS resources associated with the control plane. |
etcdEncryptionKMSARN string |
(Optional)
EtcdEncryptionKMSARN is the ARN of the KMS key used to encrypt etcd. The key itself needs to be
created out-of-band by the user and tagged with |
auditLogRoleARN string |
(Optional)
AuditLogRoleARN defines the role that is used to forward audit logs to AWS CloudWatch. If not set, audit log forwarding is disabled. |
provisionShardID string |
(Optional)
ProvisionShardID defines the shard where rosa control plane components will be hosted. |
credentialsSecretRef Kubernetes core/v1.LocalObjectReference |
(Optional)
CredentialsSecretRef references a secret with necessary credentials to connect to the OCM API. The secret should contain the following data keys: - ocmToken: eyJhbGciOiJIUzI1NiIsI…. - ocmApiUrl: Optional, defaults to ‘https://api.openshift.com’ |
identityRef AWSIdentityReference |
(Optional)
IdentityRef is a reference to an identity to be used when reconciling the managed control plane. If no identity is specified, the default identity for this controller will be used. |
controlPlaneEndpoint Cluster API api/v1beta1.APIEndpoint |
(Optional)
ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. |
RosaControlPlaneStatus
(Appears on:ROSAControlPlane)
RosaControlPlaneStatus defines the observed state of ROSAControlPlane.
Field | Description |
---|---|
externalManagedControlPlane bool |
ExternalManagedControlPlane indicates to cluster-api that the control plane is managed by an external service such as AKS, EKS, GKE, etc. |
initialized bool |
(Optional)
Initialized denotes whether or not the control plane has the uploaded kubernetes config-map. |
ready bool |
Ready denotes that the ROSAControlPlane API Server is ready to receive requests. |
failureMessage string |
(Optional)
FailureMessage will be set in the event that there is a terminal problem reconciling the state and will be set to a descriptive error message. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the spec or the configuration of the controller, and that manual intervention is required. |
conditions Cluster API api/v1beta1.Conditions |
Conditions specifies the conditions for the managed control plane |
id string |
ID is the cluster ID given by ROSA. |
consoleURL string |
ConsoleURL is the url for the openshift console. |
oidcEndpointURL string |
OIDCEndpointURL is the endpoint url for the managed OIDC provider. |
RosaEndpointAccessType
(string
alias)
(Appears on:RosaControlPlaneSpec)
RosaEndpointAccessType specifies the publishing scope of cluster endpoints.
Value | Description |
---|---|
"Private" |
Private endpoint access allows only private API server access and private node communication with the control plane. |
"Public" |
Public endpoint access allows public API server access and private node communication with the control plane. |
TokenAudience
(string
alias)
(Appears on:TokenIssuer)
TokenAudience is the audience that the token was issued for.
TokenClaimMappings
(Appears on:ExternalAuthProvider)
TokenClaimMappings describes rules on how to transform information from an ID token into a cluster identity.
Field | Description |
---|---|
username UsernameClaimMapping |
(Optional)
Username is a name of the claim that should be used to construct usernames for the cluster identity. Default value: “sub” |
groups PrefixedClaimMapping |
(Optional)
Groups is a name of the claim that should be used to construct groups for the cluster identity. The referenced claim must use array of strings values. |
TokenClaimValidationRule
(Appears on:ExternalAuthProvider)
TokenClaimValidationRule validates token claims to authenticate users.
Field | Description |
---|---|
type TokenValidationRuleType |
Type sets the type of the validation rule |
requiredClaim TokenRequiredClaim |
RequiredClaim allows configuring a required claim name and its expected value |
TokenIssuer
(Appears on:ExternalAuthProvider)
TokenIssuer describes attributes of the OIDC token issuer
Field | Description |
---|---|
issuerURL string |
URL is the serving URL of the token issuer. Must use the https:// scheme. |
audiences []TokenAudience |
Audiences is an array of audiences that the token was issued for. Valid tokens must include at least one of these values in their “aud” claim. Must be set to exactly one value. |
issuerCertificateAuthority LocalObjectReference |
CertificateAuthority is a reference to a config map in the configuration namespace. The .data of the configMap must contain the “ca-bundle.crt” key. If unset, system trust is used instead. |
TokenRequiredClaim
(Appears on:TokenClaimValidationRule)
TokenRequiredClaim allows configuring a required claim name and its expected value.
Field | Description |
---|---|
claim string |
Claim is a name of a required claim. Only claims with string values are supported. |
requiredValue string |
RequiredValue is the required value for the claim. |
TokenValidationRuleType
(string
alias)
(Appears on:TokenClaimValidationRule)
TokenValidationRuleType defines the type of the validation rule.
Value | Description |
---|---|
"RequiredClaim" |
TokenValidationRuleTypeRequiredClaim defines the type for RequiredClaim. |
UsernameClaimMapping
(Appears on:TokenClaimMappings)
UsernameClaimMapping defines the claim that should be used to construct usernames for the cluster identity.
Field | Description |
---|---|
claim string |
Claim is a JWT token claim to be used in the mapping |
prefixPolicy UsernamePrefixPolicy |
(Optional)
PrefixPolicy specifies how a prefix should apply. By default, claims other than Set to “NoPrefix” to disable prefixing. Example:
(1) |
prefix string |
(Optional)
Prefix is prepended to claim to prevent clashes with existing names. |
UsernamePrefixPolicy
(string
alias)
(Appears on:UsernameClaimMapping)
UsernamePrefixPolicy specifies how a prefix should apply.
Value | Description |
---|---|
"" |
NoOpinion let’s the cluster assign prefixes. If the username claim is email, there is no prefix If the username claim is anything else, it is prefixed by the issuerURL |
"NoPrefix" |
NoPrefix means the username claim value will not have any prefix |
"Prefix" |
Prefix means the prefix value must be specified. It cannot be empty |
infrastructure.cluster.x-k8s.io/v1beta1
Package v1beta1 contains the v1beta1 API implementation.
Resource Types:AMIReference
(Appears on:AWSMachineSpec)
AMIReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.
Field | Description |
---|---|
id string |
(Optional)
ID of resource |
eksLookupType EKSAMILookupType |
(Optional)
EKSOptimizedLookupType If specified, will look up an EKS Optimized image in SSM Parameter store |
AWSCluster
AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster API.
Field | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||
spec AWSClusterSpec |
|
||||||||||||||||||||||||
status AWSClusterStatus |
AWSClusterControllerIdentity
AWSClusterControllerIdentity is the Schema for the awsclustercontrolleridentities API It is used to grant access to use Cluster API Provider AWS Controller credentials.
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec AWSClusterControllerIdentitySpec |
Spec for this AWSClusterControllerIdentity.
|
AWSClusterControllerIdentitySpec
(Appears on:AWSClusterControllerIdentity)
AWSClusterControllerIdentitySpec defines the specifications for AWSClusterControllerIdentity.
Field | Description |
---|---|
AWSClusterIdentitySpec AWSClusterIdentitySpec |
(Members of |
AWSClusterIdentitySpec
(Appears on:AWSClusterControllerIdentitySpec, AWSClusterRoleIdentitySpec, AWSClusterStaticIdentitySpec)
AWSClusterIdentitySpec defines the Spec struct for AWSClusterIdentity types.
Field | Description |
---|---|
allowedNamespaces AllowedNamespaces |
(Optional)
AllowedNamespaces is used to identify which namespaces are allowed to use the identity from. Namespaces can be selected either using an array of namespaces or with label selector. An empty allowedNamespaces object indicates that AWSClusters can use this identity from any namespace. If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) A namespace should be either in the NamespaceList or match with Selector to use the identity. |
AWSClusterRoleIdentity
AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities API It is used to assume a role using the provided sourceRef.
Field | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||
spec AWSClusterRoleIdentitySpec |
Spec for this AWSClusterRoleIdentity.
|
AWSClusterRoleIdentitySpec
(Appears on:AWSClusterRoleIdentity)
AWSClusterRoleIdentitySpec defines the specifications for AWSClusterRoleIdentity.
Field | Description |
---|---|
AWSClusterIdentitySpec AWSClusterIdentitySpec |
(Members of |
AWSRoleSpec AWSRoleSpec |
(Members of |
externalID string |
(Optional)
A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in the ExternalId parameter. This value can be any string, such as a passphrase or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with the ID can assume the role, rather than everyone in the account. For more information about the external ID, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party in the IAM User Guide. |
sourceIdentityRef AWSIdentityReference |
SourceIdentityRef is a reference to another identity which will be chained to do role assumption. All identity types are accepted. |
AWSClusterSpec
(Appears on:AWSCluster, AWSClusterTemplateResource)
AWSClusterSpec defines the desired state of an EC2-based Kubernetes cluster.
Field | Description |
---|---|
network NetworkSpec |
NetworkSpec encapsulates all things related to AWS network. |
region string |
The AWS Region the cluster lives in. |
sshKeyName string |
(Optional)
SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) |
controlPlaneEndpoint Cluster API api/v1beta1.APIEndpoint |
(Optional)
ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the ones added by default. |
controlPlaneLoadBalancer AWSLoadBalancerSpec |
(Optional)
ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior. |
imageLookupFormat string |
(Optional)
ImageLookupFormat is the AMI naming format to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ |
imageLookupOrg string |
(Optional)
ImageLookupOrg is the AWS Organization ID to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. |
imageLookupBaseOS string |
ImageLookupBaseOS is the name of the base operating system used to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupBaseOS. |
bastion Bastion |
(Optional)
Bastion contains options to configure the bastion host. |
identityRef AWSIdentityReference |
IdentityRef is a reference to an identity to be used when reconciling the managed control plane. If no identity is specified, the default identity for this controller will be used. |
s3Bucket S3Bucket |
(Optional)
S3Bucket contains options to configure a supporting S3 bucket for this cluster - currently used for nodes requiring Ignition (https://coreos.github.io/ignition/) for bootstrapping (requires BootstrapFormatIgnition feature flag to be enabled). |
AWSClusterStaticIdentity
AWSClusterStaticIdentity is the Schema for the awsclusterstaticidentities API It represents a reference to an AWS access key ID and secret access key, stored in a secret.
Field | Description | ||||
---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||
spec AWSClusterStaticIdentitySpec |
Spec for this AWSClusterStaticIdentity
|
AWSClusterStaticIdentitySpec
(Appears on:AWSClusterStaticIdentity)
AWSClusterStaticIdentitySpec defines the specifications for AWSClusterStaticIdentity.
Field | Description |
---|---|
AWSClusterIdentitySpec AWSClusterIdentitySpec |
(Members of |
secretRef string |
Reference to a secret containing the credentials. The secret should contain the following data keys: AccessKeyID: AKIAIOSFODNN7EXAMPLE SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY SessionToken: Optional |
AWSClusterStatus
(Appears on:AWSCluster)
AWSClusterStatus defines the observed state of AWSCluster.
Field | Description |
---|---|
ready bool |
|
networkStatus NetworkStatus |
|
failureDomains Cluster API api/v1beta1.FailureDomains |
|
bastion Instance |
|
conditions Cluster API api/v1beta1.Conditions |
AWSClusterTemplate
AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes Cluster Templates.
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec AWSClusterTemplateSpec |
|
AWSClusterTemplateResource
(Appears on:AWSClusterTemplateSpec)
AWSClusterTemplateResource defines the desired state of AWSClusterTemplate.
Field | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Cluster API api/v1beta1.ObjectMeta |
(Optional)
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||||||||||||||||||||
spec AWSClusterSpec |
|
AWSClusterTemplateSpec
(Appears on:AWSClusterTemplate)
AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate.
Field | Description |
---|---|
template AWSClusterTemplateResource |
AWSIdentityKind
(string
alias)
(Appears on:AWSIdentityReference)
AWSIdentityKind defines allowed AWS identity types.
AWSIdentityReference
(Appears on:AWSClusterRoleIdentitySpec, AWSClusterSpec)
AWSIdentityReference specifies a identity.
Field | Description |
---|---|
name string |
Name of the identity. |
kind AWSIdentityKind |
Kind of the identity. |
AWSLoadBalancerSpec
(Appears on:AWSClusterSpec)
AWSLoadBalancerSpec defines the desired state of an AWS load balancer.
Field | Description |
---|---|
name string |
(Optional)
Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique within your set of load balancers for the region, must have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and cannot begin or end with a hyphen. Once set, the value cannot be changed. |
scheme ClassicELBScheme |
(Optional)
Scheme sets the scheme of the load balancer (defaults to internet-facing) |
crossZoneLoadBalancing bool |
(Optional)
CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing. With cross-zone load balancing, each load balancer node for your Classic Load Balancer distributes requests evenly across the registered instances in all enabled Availability Zones. If cross-zone load balancing is disabled, each load balancer node distributes requests evenly across the registered instances in its Availability Zone only. Defaults to false. |
subnets []string |
(Optional)
Subnets sets the subnets that should be applied to the control plane load balancer (defaults to discovered subnets for managed VPCs or an empty set for unmanaged VPCs) |
healthCheckProtocol ClassicELBProtocol |
(Optional)
HealthCheckProtocol sets the protocol type for classic ELB health check target default value is ClassicELBProtocolSSL |
additionalSecurityGroups []string |
(Optional)
AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs This is optional - if not provided new security groups will be created for the load balancer |
AWSMachine
AWSMachine is the schema for Amazon EC2 machines.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||
spec AWSMachineSpec |
|
||||||||||||||||||||||||||||||||||||||||||||
status AWSMachineStatus |
AWSMachineProviderConditionType
(string
alias)
AWSMachineProviderConditionType is a valid value for AWSMachineProviderCondition.Type.
AWSMachineSpec
(Appears on:AWSMachine, AWSMachineTemplateResource)
AWSMachineSpec defines the desired state of an Amazon EC2 instance.
Field | Description |
---|---|
providerID string |
ProviderID is the unique identifier as specified by the cloud provider. |
instanceID string |
InstanceID is the EC2 instance ID for this machine. |
ami AMIReference |
AMI is the reference to the AMI from which to create the machine instance. |
imageLookupFormat string |
(Optional)
ImageLookupFormat is the AMI naming format to look up the image for this machine It will be ignored if an explicit AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ |
imageLookupOrg string |
ImageLookupOrg is the AWS Organization ID to use for image lookup if AMI is not set. |
imageLookupBaseOS string |
ImageLookupBaseOS is the name of the base operating system to use for image lookup the AMI is not set. |
instanceType string |
InstanceType is the type of instance to create. Example: m4.xlarge |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the AWSMachine’s value takes precedence. |
iamInstanceProfile string |
(Optional)
IAMInstanceProfile is a name of an IAM instance profile to assign to the instance |
publicIP bool |
(Optional)
PublicIP specifies whether the instance should get a public IP. Precedence for this setting is as follows: 1. This field if set 2. Cluster/flavor setting 3. Subnet default |
additionalSecurityGroups []AWSResourceReference |
(Optional)
AdditionalSecurityGroups is an array of references to security groups that should be applied to the instance. These security groups would be set in addition to any security groups defined at the cluster level or in the actuator. It is possible to specify either IDs of Filters. Using Filters will cause additional requests to AWS API and if tags change the attached security groups might change too. |
failureDomain string |
FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API. For this infrastructure provider, the ID is equivalent to an AWS Availability Zone. If multiple subnets are matched for the availability zone, the first one returned is picked. |
subnet AWSResourceReference |
(Optional)
Subnet is a reference to the subnet to use for this instance. If not specified, the cluster subnet will be used. |
sshKeyName string |
(Optional)
SSHKeyName is the name of the ssh key to attach to the instance. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) |
rootVolume Volume |
(Optional)
RootVolume encapsulates the configuration options for the root volume |
nonRootVolumes []Volume |
(Optional)
Configuration options for the non root storage volumes. |
networkInterfaces []string |
(Optional)
NetworkInterfaces is a list of ENIs to associate with the instance. A maximum of 2 may be specified. |
uncompressedUserData bool |
(Optional)
UncompressedUserData specify whether the user data is gzip-compressed before it is sent to ec2 instance. cloud-init has built-in support for gzip-compressed user data user data stored in aws secret manager is always gzip-compressed. |
cloudInit CloudInit |
(Optional)
CloudInit defines options related to the bootstrapping systems where CloudInit is used. |
ignition Ignition |
(Optional)
Ignition defined options related to the bootstrapping systems where Ignition is used. |
spotMarketOptions SpotMarketOptions |
(Optional)
SpotMarketOptions allows users to configure instances to be run using AWS Spot instances. |
tenancy string |
(Optional)
Tenancy indicates if instance should run on shared or single-tenant hardware. |
AWSMachineStatus
(Appears on:AWSMachine)
AWSMachineStatus defines the observed state of AWSMachine.
Field | Description |
---|---|
ready bool |
(Optional)
Ready is true when the provider resource is ready. |
interruptible bool |
(Optional)
Interruptible reports that this machine is using spot instances and can therefore be interrupted by CAPI when it receives a notice that the spot instance is to be terminated by AWS. This will be set to true when SpotMarketOptions is not nil (i.e. this machine is using a spot instance). |
addresses []Cluster API api/v1beta1.MachineAddress |
Addresses contains the AWS instance associated addresses. |
instanceState InstanceState |
(Optional)
InstanceState is the state of the AWS instance for this machine. |
failureReason Cluster API errors.MachineStatusError |
(Optional)
FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller’s output. |
failureMessage string |
(Optional)
FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller’s output. |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current service state of the AWSMachine. |
AWSMachineTemplate
AWSMachineTemplate is the schema for the Amazon EC2 Machine Templates API.
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec AWSMachineTemplateSpec |
|
||
status AWSMachineTemplateStatus |
AWSMachineTemplateResource
(Appears on:AWSMachineTemplateSpec)
AWSMachineTemplateResource describes the data needed to create am AWSMachine from a template.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Cluster API api/v1beta1.ObjectMeta |
(Optional)
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||||||||||||||||||||||||||||||||||||||||
spec AWSMachineSpec |
Spec is the specification of the desired behavior of the machine.
|
AWSMachineTemplateSpec
(Appears on:AWSMachineTemplate)
AWSMachineTemplateSpec defines the desired state of AWSMachineTemplate.
Field | Description |
---|---|
template AWSMachineTemplateResource |
AWSMachineTemplateStatus
(Appears on:AWSMachineTemplate)
AWSMachineTemplateStatus defines a status for an AWSMachineTemplate.
Field | Description |
---|---|
capacity Kubernetes core/v1.ResourceList |
(Optional)
Capacity defines the resource capacity for this machine. This value is used for autoscaling from zero operations as defined in: https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md |
AWSResourceReference
(Appears on:AWSMachineSpec)
AWSResourceReference is a reference to a specific AWS resource by ID or filters. Only one of ID or Filters may be specified. Specifying more than one will result in a validation error.
Field | Description |
---|---|
id string |
(Optional)
ID of resource |
arn string |
(Optional)
ARN of resource. Deprecated: This field has no function and is going to be removed in the next release. |
filters []Filter |
(Optional)
Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html |
AWSRoleSpec
(Appears on:AWSClusterRoleIdentitySpec)
AWSRoleSpec defines the specifications for all identities based around AWS roles.
Field | Description |
---|---|
roleARN string |
The Amazon Resource Name (ARN) of the role to assume. |
sessionName string |
An identifier for the assumed role session |
durationSeconds int32 |
The duration, in seconds, of the role session before it is renewed. |
inlinePolicy string |
An IAM policy as a JSON-encoded string that you want to use as an inline session policy. |
policyARNs []string |
The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role. |
AZSelectionScheme
(string
alias)
(Appears on:VPCSpec)
AZSelectionScheme defines the scheme of selecting AZs.
AllowedNamespaces
(Appears on:AWSClusterIdentitySpec)
AllowedNamespaces is a selector of namespaces that AWSClusters can use this ClusterPrincipal from. This is a standard Kubernetes LabelSelector, a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed.
Field | Description |
---|---|
list []string |
(Optional)
An nil or empty list indicates that AWSClusters cannot use the identity from any namespace. |
selector Kubernetes meta/v1.LabelSelector |
(Optional)
An empty selector indicates that AWSClusters cannot use this AWSClusterIdentity from any namespace. |
Bastion
(Appears on:AWSClusterSpec)
Bastion defines a bastion host.
Field | Description |
---|---|
enabled bool |
(Optional)
Enabled allows this provider to create a bastion host instance with a public ip to access the VPC private network. |
disableIngressRules bool |
(Optional)
DisableIngressRules will ensure there are no Ingress rules in the bastion host’s security group. Requires AllowedCIDRBlocks to be empty. |
allowedCIDRBlocks []string |
(Optional)
AllowedCIDRBlocks is a list of CIDR blocks allowed to access the bastion host. They are set as ingress rules for the Bastion host’s Security Group (defaults to 0.0.0.0/0). |
instanceType string |
InstanceType will use the specified instance type for the bastion. If not specified, Cluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro will be the default. |
ami string |
(Optional)
AMI will use the specified AMI to boot the bastion. If not specified, the AMI will default to one picked out in public space. |
BuildParams
BuildParams is used to build tags around an aws resource.
Field | Description |
---|---|
Lifecycle ResourceLifecycle |
Lifecycle determines the resource lifecycle. |
ClusterName string |
ClusterName is the cluster associated with the resource. |
ResourceID string |
ResourceID is the unique identifier of the resource to be tagged. |
Name string |
(Optional)
Name is the name of the resource, it’s applied as the tag “Name” on AWS. |
Role string |
(Optional)
Role is the role associated to the resource. |
Additional Tags |
(Optional)
Any additional tags to be added to the resource. |
CNIIngressRule
CNIIngressRule defines an AWS ingress rule for CNI requirements.
Field | Description |
---|---|
description string |
|
protocol SecurityGroupProtocol |
|
fromPort int64 |
|
toPort int64 |
CNIIngressRules
([]sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta1.CNIIngressRule
alias)
(Appears on:CNISpec)
CNIIngressRules is a slice of CNIIngressRule.
CNISpec
(Appears on:NetworkSpec)
CNISpec defines configuration for CNI.
Field | Description |
---|---|
cniIngressRules CNIIngressRules |
CNIIngressRules specify rules to apply to control plane and worker node security groups. The source for the rule will be set to control plane and worker security group IDs. |
ClassicELB
(Appears on:NetworkStatus)
ClassicELB defines an AWS classic load balancer.
Field | Description |
---|---|
name string |
(Optional)
The name of the load balancer. It must be unique within the set of load balancers defined in the region. It also serves as identifier. |
dnsName string |
DNSName is the dns name of the load balancer. |
scheme ClassicELBScheme |
Scheme is the load balancer scheme, either internet-facing or private. |
availabilityZones []string |
AvailabilityZones is an array of availability zones in the VPC attached to the load balancer. |
subnetIds []string |
SubnetIDs is an array of subnets in the VPC attached to the load balancer. |
securityGroupIds []string |
SecurityGroupIDs is an array of security groups assigned to the load balancer. |
listeners []ClassicELBListener |
Listeners is an array of classic elb listeners associated with the load balancer. There must be at least one. |
healthChecks ClassicELBHealthCheck |
HealthCheck is the classic elb health check associated with the load balancer. |
attributes ClassicELBAttributes |
Attributes defines extra attributes associated with the load balancer. |
tags map[string]string |
Tags is a map of tags associated with the load balancer. |
ClassicELBAttributes
(Appears on:ClassicELB)
ClassicELBAttributes defines extra attributes associated with a classic load balancer.
Field | Description |
---|---|
idleTimeout time.Duration |
IdleTimeout is time that the connection is allowed to be idle (no data has been sent over the connection) before it is closed by the load balancer. |
crossZoneLoadBalancing bool |
(Optional)
CrossZoneLoadBalancing enables the classic load balancer load balancing. |
ClassicELBHealthCheck
(Appears on:ClassicELB)
ClassicELBHealthCheck defines an AWS classic load balancer health check.
Field | Description |
---|---|
target string |
|
interval time.Duration |
|
timeout time.Duration |
|
healthyThreshold int64 |
|
unhealthyThreshold int64 |
ClassicELBListener
(Appears on:ClassicELB)
ClassicELBListener defines an AWS classic load balancer listener.
Field | Description |
---|---|
protocol ClassicELBProtocol |
|
port int64 |
|
instanceProtocol ClassicELBProtocol |
|
instancePort int64 |
ClassicELBProtocol
(string
alias)
(Appears on:AWSLoadBalancerSpec, ClassicELBListener)
ClassicELBProtocol defines listener protocols for a classic load balancer.
ClassicELBScheme
(string
alias)
(Appears on:AWSLoadBalancerSpec, ClassicELB)
ClassicELBScheme defines the scheme of a classic load balancer.
CloudInit
(Appears on:AWSMachineSpec)
CloudInit defines options related to the bootstrapping systems where CloudInit is used.
Field | Description |
---|---|
insecureSkipSecretsManager bool |
InsecureSkipSecretsManager, when set to true will not use AWS Secrets Manager or AWS Systems Manager Parameter Store to ensure privacy of userdata. By default, a cloud-init boothook shell script is prepended to download the userdata from Secrets Manager and additionally delete the secret. |
secretCount int32 |
(Optional)
SecretCount is the number of secrets used to form the complete secret |
secretPrefix string |
(Optional)
SecretPrefix is the prefix for the secret name. This is stored temporarily, and deleted when the machine registers as a node against the workload cluster. |
secureSecretsBackend SecretBackend |
(Optional)
SecureSecretsBackend, when set to parameter-store will utilize the AWS Systems Manager Parameter Storage to distribute secrets. By default or with the value of secrets-manager, will use AWS Secrets Manager instead. |
EKSAMILookupType
(string
alias)
(Appears on:AMIReference)
EKSAMILookupType specifies which AWS AMI to use for a AWSMachine and AWSMachinePool.
Filter
(Appears on:AWSResourceReference)
Filter is a filter used to identify an AWS resource.
Field | Description |
---|---|
name string |
Name of the filter. Filter names are case-sensitive. |
values []string |
Values includes one or more filter values. Filter values are case-sensitive. |
IPv6
(Appears on:VPCSpec)
IPv6 contains ipv6 specific settings for the network.
Field | Description |
---|---|
cidrBlock string |
(Optional)
CidrBlock is the CIDR block provided by Amazon when VPC has enabled IPv6. |
poolId string |
(Optional)
PoolID is the IP pool which must be defined in case of BYO IP is defined. |
egressOnlyInternetGatewayId string |
(Optional)
EgressOnlyInternetGatewayID is the id of the egress only internet gateway associated with an IPv6 enabled VPC. |
Ignition
(Appears on:AWSMachineSpec)
Ignition defines options related to the bootstrapping systems where Ignition is used.
Field | Description |
---|---|
version string |
(Optional)
Version defines which version of Ignition will be used to generate bootstrap data. |
IngressRule
IngressRule defines an AWS ingress rule for security groups.
Field | Description |
---|---|
description string |
|
protocol SecurityGroupProtocol |
|
fromPort int64 |
|
toPort int64 |
|
cidrBlocks []string |
(Optional)
List of CIDR blocks to allow access from. Cannot be specified with SourceSecurityGroupID. |
ipv6CidrBlocks []string |
(Optional)
List of IPv6 CIDR blocks to allow access from. Cannot be specified with SourceSecurityGroupID. |
sourceSecurityGroupIds []string |
(Optional)
The security group id to allow access from. Cannot be specified with CidrBlocks. |
IngressRules
([]sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta1.IngressRule
alias)
(Appears on:SecurityGroup)
IngressRules is a slice of AWS ingress rules for security groups.
Instance
(Appears on:AWSClusterStatus)
Instance describes an AWS instance.
Field | Description |
---|---|
id string |
|
instanceState InstanceState |
The current state of the instance. |
type string |
The instance type. |
subnetId string |
The ID of the subnet of the instance. |
imageId string |
The ID of the AMI used to launch the instance. |
sshKeyName string |
The name of the SSH key pair. |
securityGroupIds []string |
SecurityGroupIDs are one or more security group IDs this instance belongs to. |
userData string |
UserData is the raw data script passed to the instance which is run upon bootstrap. This field must not be base64 encoded and should only be used when running a new instance. |
iamProfile string |
The name of the IAM instance profile associated with the instance, if applicable. |
addresses []Cluster API api/v1beta1.MachineAddress |
Addresses contains the AWS instance associated addresses. |
privateIp string |
The private IPv4 address assigned to the instance. |
publicIp string |
The public IPv4 address assigned to the instance, if applicable. |
enaSupport bool |
Specifies whether enhanced networking with ENA is enabled. |
ebsOptimized bool |
Indicates whether the instance is optimized for Amazon EBS I/O. |
rootVolume Volume |
(Optional)
Configuration options for the root storage volume. |
nonRootVolumes []Volume |
(Optional)
Configuration options for the non root storage volumes. |
networkInterfaces []string |
Specifies ENIs attached to instance |
tags map[string]string |
The tags associated with the instance. |
availabilityZone string |
Availability zone of instance |
spotMarketOptions SpotMarketOptions |
SpotMarketOptions option for configuring instances to be run using AWS Spot instances. |
tenancy string |
(Optional)
Tenancy indicates if instance should run on shared or single-tenant hardware. |
volumeIDs []string |
(Optional)
IDs of the instance’s volumes |
InstanceState
(string
alias)
(Appears on:AWSMachineStatus, Instance)
InstanceState describes the state of an AWS instance.
NetworkSpec
(Appears on:AWSClusterSpec)
NetworkSpec encapsulates all things related to AWS network.
Field | Description |
---|---|
vpc VPCSpec |
(Optional)
VPC configuration. |
subnets Subnets |
(Optional)
Subnets configuration. |
cni CNISpec |
(Optional)
CNI configuration |
securityGroupOverrides map[sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta1.SecurityGroupRole]string |
(Optional)
SecurityGroupOverrides is an optional set of security groups to use for cluster instances This is optional - if not provided new security groups will be created for the cluster |
NetworkStatus
(Appears on:AWSClusterStatus)
NetworkStatus encapsulates AWS networking resources.
Field | Description |
---|---|
securityGroups map[sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta1.SecurityGroupRole]sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta1.SecurityGroup |
SecurityGroups is a map from the role/kind of the security group to its unique name, if any. |
apiServerElb ClassicELB |
APIServerELB is the Kubernetes api server classic load balancer. |
ResourceLifecycle
(string
alias)
(Appears on:BuildParams)
ResourceLifecycle configures the lifecycle of a resource.
RouteTable
RouteTable defines an AWS routing table.
Field | Description |
---|---|
id string |
S3Bucket
(Appears on:AWSClusterSpec)
S3Bucket defines a supporting S3 bucket for the cluster, currently can be optionally used for Ignition.
Field | Description |
---|---|
controlPlaneIAMInstanceProfile string |
ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, which will be allowed to read control-plane node bootstrap data from S3 Bucket. |
nodesIAMInstanceProfiles []string |
NodesIAMInstanceProfiles is a list of IAM instance profiles, which will be allowed to read worker nodes bootstrap data from S3 Bucket. |
name string |
Name defines name of S3 Bucket to be created. |
SecretBackend
(string
alias)
(Appears on:CloudInit)
SecretBackend defines variants for backend secret storage.
SecurityGroup
(Appears on:NetworkStatus)
SecurityGroup defines an AWS security group.
Field | Description |
---|---|
id string |
ID is a unique identifier. |
name string |
Name is the security group name. |
ingressRule IngressRules |
(Optional)
IngressRules is the inbound rules associated with the security group. |
tags Tags |
Tags is a map of tags associated with the security group. |
SecurityGroupProtocol
(string
alias)
(Appears on:CNIIngressRule, IngressRule)
SecurityGroupProtocol defines the protocol type for a security group rule.
SecurityGroupRole
(string
alias)
SecurityGroupRole defines the unique role of a security group.
SpotMarketOptions
(Appears on:AWSMachineSpec, Instance)
SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.
Field | Description |
---|---|
maxPrice string |
(Optional)
MaxPrice defines the maximum price the user is willing to pay for Spot VM instances |
SubnetSpec
SubnetSpec configures an AWS Subnet.
Field | Description |
---|---|
id string |
ID defines a unique identifier to reference this resource. |
cidrBlock string |
CidrBlock is the CIDR block to be used when the provider creates a managed VPC. |
ipv6CidrBlock string |
(Optional)
IPv6CidrBlock is the IPv6 CIDR block to be used when the provider creates a managed VPC. A subnet can have an IPv4 and an IPv6 address. IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. |
availabilityZone string |
AvailabilityZone defines the availability zone to use for this subnet in the cluster’s region. |
isPublic bool |
(Optional)
IsPublic defines the subnet as a public subnet. A subnet is public when it is associated with a route table that has a route to an internet gateway. |
isIpv6 bool |
(Optional)
IsIPv6 defines the subnet as an IPv6 subnet. A subnet is IPv6 when it is associated with a VPC that has IPv6 enabled. IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. |
routeTableId string |
(Optional)
RouteTableID is the routing table id associated with the subnet. |
natGatewayId string |
(Optional)
NatGatewayID is the NAT gateway id associated with the subnet. Ignored unless the subnet is managed by the provider, in which case this is set on the public subnet where the NAT gateway resides. It is then used to determine routes for private subnets in the same AZ as the public subnet. |
tags Tags |
Tags is a collection of tags describing the resource. |
Subnets
([]sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta1.SubnetSpec
alias)
(Appears on:NetworkSpec)
Subnets is a slice of Subnet.
Tags
(map[string]string
alias)
(Appears on:AWSClusterSpec, AWSMachineSpec, BuildParams, SecurityGroup, SubnetSpec, VPCSpec)
Tags defines a map of tags.
VPCSpec
(Appears on:NetworkSpec)
VPCSpec configures an AWS VPC.
Field | Description |
---|---|
id string |
ID is the vpc-id of the VPC this provider should use to create resources. |
cidrBlock string |
CidrBlock is the CIDR block to be used when the provider creates a managed VPC. Defaults to 10.0.0.0/16. |
ipv6 IPv6 |
(Optional)
IPv6 contains ipv6 specific settings for the network. Supported only in managed clusters. This field cannot be set on AWSCluster object. |
internetGatewayId string |
(Optional)
InternetGatewayID is the id of the internet gateway associated with the VPC. |
tags Tags |
Tags is a collection of tags describing the resource. |
availabilityZoneUsageLimit int |
AvailabilityZoneUsageLimit specifies the maximum number of availability zones (AZ) that should be used in a region when automatically creating subnets. If a region has more than this number of AZs then this number of AZs will be picked randomly when creating default subnets. Defaults to 3 |
availabilityZoneSelection AZSelectionScheme |
AvailabilityZoneSelection specifies how AZs should be selected if there are more AZs in a region than specified by AvailabilityZoneUsageLimit. There are 2 selection schemes: Ordered - selects based on alphabetical order Random - selects AZs randomly in a region Defaults to Ordered |
Volume
(Appears on:AWSMachineSpec, Instance)
Volume encapsulates the configuration options for the storage device.
Field | Description |
---|---|
deviceName string |
(Optional)
Device name |
size int64 |
Size specifies size (in Gi) of the storage device. Must be greater than the image snapshot size or 8 (whichever is greater). |
type VolumeType |
(Optional)
Type is the type of the volume (e.g. gp2, io1, etc…). |
iops int64 |
(Optional)
IOPS is the number of IOPS requested for the disk. Not applicable to all types. |
throughput int64 |
(Optional)
Throughput to provision in MiB/s supported for the volume type. Not applicable to all types. |
encrypted bool |
(Optional)
Encrypted is whether the volume should be encrypted or not. |
encryptionKey string |
(Optional)
EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. If Encrypted is set and this is omitted, the default AWS key will be used. The key must already exist and be accessible by the controller. |
VolumeType
(string
alias)
(Appears on:Volume)
VolumeType describes the EBS volume type. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html
ASGStatus
(string
alias)
(Appears on:AWSMachinePoolStatus, AutoScalingGroup)
ASGStatus is a status string returned by the autoscaling API.
AWSFargateProfile
AWSFargateProfile is the Schema for the awsfargateprofiles API.
Field | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||
spec FargateProfileSpec |
|
||||||||||||
status FargateProfileStatus |
AWSLaunchTemplate
(Appears on:AWSMachinePoolSpec, AWSManagedMachinePoolSpec)
AWSLaunchTemplate defines the desired state of AWSLaunchTemplate.
Field | Description |
---|---|
name string |
The name of the launch template. |
iamInstanceProfile string |
The name or the Amazon Resource Name (ARN) of the instance profile associated with the IAM role for the instance. The instance profile contains the IAM role. |
ami AMIReference |
(Optional)
AMI is the reference to the AMI from which to create the machine instance. |
imageLookupFormat string |
(Optional)
ImageLookupFormat is the AMI naming format to look up the image for this machine It will be ignored if an explicit AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ |
imageLookupOrg string |
ImageLookupOrg is the AWS Organization ID to use for image lookup if AMI is not set. |
imageLookupBaseOS string |
ImageLookupBaseOS is the name of the base operating system to use for image lookup the AMI is not set. |
instanceType string |
InstanceType is the type of instance to create. Example: m4.xlarge |
rootVolume Volume |
(Optional)
RootVolume encapsulates the configuration options for the root volume |
sshKeyName string |
(Optional)
SSHKeyName is the name of the ssh key to attach to the instance. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) |
versionNumber int64 |
VersionNumber is the version of the launch template that is applied. Typically a new version is created when at least one of the following happens: 1) A new launch template spec is applied. 2) One or more parameters in an existing template is changed. 3) A new AMI is discovered. |
additionalSecurityGroups []AWSResourceReference |
(Optional)
AdditionalSecurityGroups is an array of references to security groups that should be applied to the instances. These security groups would be set in addition to any security groups defined at the cluster level or in the actuator. |
spotMarketOptions SpotMarketOptions |
SpotMarketOptions are options for configuring AWSMachinePool instances to be run using AWS Spot instances. |
AWSMachinePool
AWSMachinePool is the Schema for the awsmachinepools API.
Field | Description | ||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||
spec AWSMachinePoolSpec |
|
||||||||||||||||||||||||
status AWSMachinePoolStatus |
AWSMachinePoolInstanceStatus
(Appears on:AWSMachinePoolStatus)
AWSMachinePoolInstanceStatus defines the status of the AWSMachinePoolInstance.
Field | Description |
---|---|
instanceID string |
(Optional)
InstanceID is the identification of the Machine Instance within ASG |
version string |
(Optional)
Version defines the Kubernetes version for the Machine Instance |
AWSMachinePoolSpec
(Appears on:AWSMachinePool)
AWSMachinePoolSpec defines the desired state of AWSMachinePool.
Field | Description |
---|---|
providerID string |
(Optional)
ProviderID is the ARN of the associated ASG |
minSize int32 |
MinSize defines the minimum size of the group. |
maxSize int32 |
MaxSize defines the maximum size of the group. |
availabilityZones []string |
AvailabilityZones is an array of availability zones instances can run in |
subnets []AWSResourceReference |
(Optional)
Subnets is an array of subnet configurations |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the AWS provider. |
awsLaunchTemplate AWSLaunchTemplate |
AWSLaunchTemplate specifies the launch template and version to use when an instance is launched. |
mixedInstancesPolicy MixedInstancesPolicy |
MixedInstancesPolicy describes how multiple instance types will be used by the ASG. |
providerIDList []string |
(Optional)
ProviderIDList are the identification IDs of machine instances provided by the provider. This field must match the provider IDs as seen on the node objects corresponding to a machine pool’s machine instances. |
defaultCoolDown Kubernetes meta/v1.Duration |
(Optional)
The amount of time, in seconds, after a scaling activity completes before another scaling activity can start. If no value is supplied by user a default value of 300 seconds is set |
refreshPreferences RefreshPreferences |
(Optional)
RefreshPreferences describes set of preferences associated with the instance refresh request. |
capacityRebalance bool |
(Optional)
Enable or disable the capacity rebalance autoscaling group feature |
AWSMachinePoolStatus
(Appears on:AWSMachinePool)
AWSMachinePoolStatus defines the observed state of AWSMachinePool.
Field | Description |
---|---|
ready bool |
(Optional)
Ready is true when the provider resource is ready. |
replicas int32 |
(Optional)
Replicas is the most recently observed number of replicas |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current service state of the AWSMachinePool. |
instances []AWSMachinePoolInstanceStatus |
(Optional)
Instances contains the status for each instance in the pool |
launchTemplateID string |
The ID of the launch template |
launchTemplateVersion string |
(Optional)
The version of the launch template |
failureReason Cluster API errors.MachineStatusError |
(Optional)
FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller’s output. |
failureMessage string |
(Optional)
FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller’s output. |
asgStatus ASGStatus |
AWSManagedMachinePool
AWSManagedMachinePool is the Schema for the awsmanagedmachinepools API.
Field | Description | ||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||
spec AWSManagedMachinePoolSpec |
|
||||||||||||||||||||||||||||||||||||
status AWSManagedMachinePoolStatus |
AWSManagedMachinePoolSpec
(Appears on:AWSManagedMachinePool)
AWSManagedMachinePoolSpec defines the desired state of AWSManagedMachinePool.
Field | Description |
---|---|
eksNodegroupName string |
(Optional)
EKSNodegroupName specifies the name of the nodegroup in AWS corresponding to this MachinePool. If you don’t specify a name then a default name will be created based on the namespace and name of the managed machine pool. |
availabilityZones []string |
AvailabilityZones is an array of availability zones instances can run in |
subnetIDs []string |
(Optional)
SubnetIDs specifies which subnets are used for the auto scaling group of this nodegroup |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the ones added by default. |
roleAdditionalPolicies []string |
(Optional)
RoleAdditionalPolicies allows you to attach additional polices to the node group role. You must enable the EKSAllowAddRoles feature flag to incorporate these into the created role. |
roleName string |
(Optional)
RoleName specifies the name of IAM role for the node group. If the role is pre-existing we will treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM feature flag is true and no name is supplied then a role is created. |
amiVersion string |
(Optional)
AMIVersion defines the desired AMI release version. If no version number is supplied then the latest version for the Kubernetes version will be used |
amiType ManagedMachineAMIType |
(Optional)
AMIType defines the AMI type |
labels map[string]string |
(Optional)
Labels specifies labels for the Kubernetes node objects |
taints Taints |
(Optional)
Taints specifies the taints to apply to the nodes of the machine pool |
diskSize int32 |
(Optional)
DiskSize specifies the root disk size |
instanceType string |
(Optional)
InstanceType specifies the AWS instance type |
scaling ManagedMachinePoolScaling |
(Optional)
Scaling specifies scaling for the ASG behind this pool |
remoteAccess ManagedRemoteAccess |
(Optional)
RemoteAccess specifies how machines can be accessed remotely |
providerIDList []string |
(Optional)
ProviderIDList are the provider IDs of instances in the autoscaling group corresponding to the nodegroup represented by this machine pool |
capacityType ManagedMachinePoolCapacityType |
(Optional)
CapacityType specifies the capacity type for the ASG behind this pool |
updateConfig UpdateConfig |
(Optional)
UpdateConfig holds the optional config to control the behaviour of the update to the nodegroup. |
awsLaunchTemplate AWSLaunchTemplate |
(Optional)
AWSLaunchTemplate specifies the launch template to use to create the managed node group. If AWSLaunchTemplate is specified, certain node group configuraions outside of launch template are prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). |
AWSManagedMachinePoolStatus
(Appears on:AWSManagedMachinePool)
AWSManagedMachinePoolStatus defines the observed state of AWSManagedMachinePool.
Field | Description |
---|---|
ready bool |
Ready denotes that the AWSManagedMachinePool nodegroup has joined the cluster |
replicas int32 |
(Optional)
Replicas is the most recently observed number of replicas. |
launchTemplateID string |
(Optional)
The ID of the launch template |
launchTemplateVersion string |
(Optional)
The version of the launch template |
failureReason Cluster API errors.MachineStatusError |
(Optional)
FailureReason will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller’s output. |
failureMessage string |
(Optional)
FailureMessage will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachinePool’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller’s output. |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current service state of the managed machine pool |
AutoScalingGroup
AutoScalingGroup describes an AWS autoscaling group.
Field | Description |
---|---|
id string |
The tags associated with the instance. |
tags Tags |
|
name string |
|
desiredCapacity int32 |
|
maxSize int32 |
|
minSize int32 |
|
placementGroup string |
|
subnets []string |
|
defaultCoolDown Kubernetes meta/v1.Duration |
|
capacityRebalance bool |
|
mixedInstancesPolicy MixedInstancesPolicy |
|
Status ASGStatus |
|
instances []Instance |
BlockDeviceMapping
BlockDeviceMapping specifies the block devices for the instance. You can specify virtual devices and EBS volumes.
Field | Description |
---|---|
deviceName string |
The device name exposed to the EC2 instance (for example, /dev/sdh or xvdh). |
ebs EBS |
(Optional)
You can specify either VirtualName or Ebs, but not both. |
EBS
(Appears on:BlockDeviceMapping)
EBS can be used to automatically set up EBS volumes when an instance is launched.
Field | Description |
---|---|
encrypted bool |
(Optional)
Encrypted is whether the volume should be encrypted or not. |
volumeSize int64 |
(Optional)
The size of the volume, in GiB. This can be a number from 1-1,024 for standard, 4-16,384 for io1, 1-16,384 for gp2, and 500-16,384 for st1 and sc1. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size. |
volumeType string |
(Optional)
The volume type For more information, see Amazon EBS Volume Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) |
FargateProfileSpec
(Appears on:AWSFargateProfile)
FargateProfileSpec defines the desired state of FargateProfile.
Field | Description |
---|---|
clusterName string |
ClusterName is the name of the Cluster this object belongs to. |
profileName string |
ProfileName specifies the profile name. |
subnetIDs []string |
(Optional)
SubnetIDs specifies which subnets are used for the auto scaling group of this nodegroup. |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the ones added by default. |
roleName string |
(Optional)
RoleName specifies the name of IAM role for this fargate pool If the role is pre-existing we will treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM feature flag is true and no name is supplied then a role is created. |
selectors []FargateSelector |
Selectors specify fargate pod selectors. |
FargateProfileStatus
(Appears on:AWSFargateProfile)
FargateProfileStatus defines the observed state of FargateProfile.
Field | Description |
---|---|
ready bool |
Ready denotes that the FargateProfile is available. |
failureReason Cluster API errors.MachineStatusError |
(Optional)
FailureReason will be set in the event that there is a terminal problem reconciling the FargateProfile and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the FargateProfile’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of FargateProfiles can be added as events to the FargateProfile object and/or logged in the controller’s output. |
failureMessage string |
(Optional)
FailureMessage will be set in the event that there is a terminal problem reconciling the FargateProfile and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the FargateProfile’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of FargateProfiles can be added as events to the FargateProfile object and/or logged in the controller’s output. |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current state of the Fargate profile. |
FargateSelector
(Appears on:FargateProfileSpec)
FargateSelector specifies a selector for pods that should run on this fargate pool.
Field | Description |
---|---|
labels map[string]string |
Labels specifies which pod labels this selector should match. |
namespace string |
Namespace specifies which namespace this selector should match. |
InstancesDistribution
(Appears on:MixedInstancesPolicy)
InstancesDistribution to configure distribution of On-Demand Instances and Spot Instances.
Field | Description |
---|---|
onDemandAllocationStrategy OnDemandAllocationStrategy |
|
spotAllocationStrategy SpotAllocationStrategy |
|
onDemandBaseCapacity int64 |
|
onDemandPercentageAboveBaseCapacity int64 |
ManagedMachineAMIType
(string
alias)
(Appears on:AWSManagedMachinePoolSpec)
ManagedMachineAMIType specifies which AWS AMI to use for a managed MachinePool.
Value | Description |
---|---|
"AL2023_ARM_64_STANDARD" |
Al2023Arm64 is the AL2023 Arm AMI type. |
"AL2023_x86_64_STANDARD" |
Al2023x86_64 is the AL2023 x86-64 AMI type. |
"AL2_ARM_64" |
Al2Arm64 is the Arm AMI type. |
"AL2_x86_64" |
Al2x86_64 is the default AMI type. |
"AL2_x86_64_GPU" |
Al2x86_64GPU is the x86-64 GPU AMI type. |
ManagedMachinePoolCapacityType
(string
alias)
(Appears on:AWSManagedMachinePoolSpec)
ManagedMachinePoolCapacityType specifies the capacity type to be used for the managed MachinePool.
Value | Description |
---|---|
"onDemand" |
ManagedMachinePoolCapacityTypeOnDemand is the default capacity type, to launch on-demand instances. |
"spot" |
ManagedMachinePoolCapacityTypeSpot is the spot instance capacity type to launch spot instances. |
ManagedMachinePoolScaling
(Appears on:AWSManagedMachinePoolSpec)
ManagedMachinePoolScaling specifies scaling options.
Field | Description |
---|---|
minSize int32 |
|
maxSize int32 |
ManagedRemoteAccess
(Appears on:AWSManagedMachinePoolSpec)
ManagedRemoteAccess specifies remote access settings for EC2 instances.
Field | Description |
---|---|
sshKeyName string |
SSHKeyName specifies which EC2 SSH key can be used to access machines. If left empty, the key from the control plane is used. |
sourceSecurityGroups []string |
SourceSecurityGroups specifies which security groups are allowed access |
public bool |
Public specifies whether to open port 22 to the public internet |
MixedInstancesPolicy
(Appears on:AWSMachinePoolSpec, AutoScalingGroup)
MixedInstancesPolicy for an Auto Scaling group.
Field | Description |
---|---|
instancesDistribution InstancesDistribution |
|
overrides []Overrides |
OnDemandAllocationStrategy
(string
alias)
(Appears on:InstancesDistribution)
OnDemandAllocationStrategy indicates how to allocate instance types to fulfill On-Demand capacity.
Overrides
(Appears on:MixedInstancesPolicy)
Overrides are used to override the instance type specified by the launch template with multiple instance types that can be used to launch On-Demand Instances and Spot Instances.
Field | Description |
---|---|
instanceType string |
RefreshPreferences
(Appears on:AWSMachinePoolSpec)
RefreshPreferences defines the specs for instance refreshing.
Field | Description |
---|---|
strategy string |
(Optional)
The strategy to use for the instance refresh. The only valid value is Rolling. A rolling update is an update that is applied to all instances in an Auto Scaling group until all instances have been updated. |
instanceWarmup int64 |
(Optional)
The number of seconds until a newly launched instance is configured and ready to use. During this time, the next replacement will not be initiated. The default is to use the value for the health check grace period defined for the group. |
minHealthyPercentage int64 |
(Optional)
The amount of capacity as a percentage in ASG that must remain healthy during an instance refresh. The default is 90. |
SpotAllocationStrategy
(string
alias)
(Appears on:InstancesDistribution)
SpotAllocationStrategy indicates how to allocate instances across Spot Instance pools.
Tags
(map[string]string
alias)
Tags is a mapping for tags.
Taint
Taint defines the specs for a Kubernetes taint.
Field | Description |
---|---|
effect TaintEffect |
Effect specifies the effect for the taint |
key string |
Key is the key of the taint |
value string |
Value is the value of the taint |
TaintEffect
(string
alias)
(Appears on:Taint)
TaintEffect is the effect for a Kubernetes taint.
Taints
([]sigs.k8s.io/cluster-api-provider-aws/v2/exp/api/v1beta1.Taint
alias)
(Appears on:AWSManagedMachinePoolSpec)
Taints is an array of Taints.
UpdateConfig
(Appears on:AWSManagedMachinePoolSpec)
UpdateConfig is the configuration options for updating a nodegroup. Only one of MaxUnavailable and MaxUnavailablePercentage should be specified.
Field | Description |
---|---|
maxUnavailable int |
(Optional)
MaxUnavailable is the maximum number of nodes unavailable at once during a version update. Nodes will be updated in parallel. The maximum number is 100. |
maxUnavailablePrecentage int |
(Optional)
MaxUnavailablePercentage is the maximum percentage of nodes unavailable during a version update. This percentage of nodes will be updated in parallel, up to 100 nodes at once. |
infrastructure.cluster.x-k8s.io/v1beta2
Package v1beta2 contains the v1beta2 API implementation.
Resource Types:AMIReference
(Appears on:AWSMachineSpec, AWSLaunchTemplate, AWSLaunchTemplate)
AMIReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error.
Field | Description |
---|---|
id string |
(Optional)
ID of resource |
eksLookupType EKSAMILookupType |
(Optional)
EKSOptimizedLookupType If specified, will look up an EKS Optimized image in SSM Parameter store |
AWSCluster
AWSCluster is the schema for Amazon EC2 based Kubernetes Cluster API.
Field | Description | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||
spec AWSClusterSpec |
|
||||||||||||||||||||||||||||
status AWSClusterStatus |
AWSClusterControllerIdentity
AWSClusterControllerIdentity is the Schema for the awsclustercontrolleridentities API It is used to grant access to use Cluster API Provider AWS Controller credentials.
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec AWSClusterControllerIdentitySpec |
Spec for this AWSClusterControllerIdentity.
|
AWSClusterControllerIdentitySpec
(Appears on:AWSClusterControllerIdentity)
AWSClusterControllerIdentitySpec defines the specifications for AWSClusterControllerIdentity.
Field | Description |
---|---|
AWSClusterIdentitySpec AWSClusterIdentitySpec |
(Members of |
AWSClusterIdentitySpec
(Appears on:AWSClusterControllerIdentitySpec, AWSClusterRoleIdentitySpec, AWSClusterStaticIdentitySpec)
AWSClusterIdentitySpec defines the Spec struct for AWSClusterIdentity types.
Field | Description |
---|---|
allowedNamespaces AllowedNamespaces |
(Optional)
AllowedNamespaces is used to identify which namespaces are allowed to use the identity from. Namespaces can be selected either using an array of namespaces or with label selector. An empty allowedNamespaces object indicates that AWSClusters can use this identity from any namespace. If this object is nil, no namespaces will be allowed (default behaviour, if this field is not provided) A namespace should be either in the NamespaceList or match with Selector to use the identity. |
AWSClusterRoleIdentity
AWSClusterRoleIdentity is the Schema for the awsclusterroleidentities API It is used to assume a role using the provided sourceRef.
Field | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||
spec AWSClusterRoleIdentitySpec |
Spec for this AWSClusterRoleIdentity.
|
AWSClusterRoleIdentitySpec
(Appears on:AWSClusterRoleIdentity)
AWSClusterRoleIdentitySpec defines the specifications for AWSClusterRoleIdentity.
Field | Description |
---|---|
AWSClusterIdentitySpec AWSClusterIdentitySpec |
(Members of |
AWSRoleSpec AWSRoleSpec |
(Members of |
externalID string |
(Optional)
A unique identifier that might be required when you assume a role in another account. If the administrator of the account to which the role belongs provided you with an external ID, then provide that value in the ExternalId parameter. This value can be any string, such as a passphrase or account number. A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with the ID can assume the role, rather than everyone in the account. For more information about the external ID, see How to Use an External ID When Granting Access to Your AWS Resources to a Third Party in the IAM User Guide. |
sourceIdentityRef AWSIdentityReference |
SourceIdentityRef is a reference to another identity which will be chained to do role assumption. All identity types are accepted. |
AWSClusterSpec
(Appears on:AWSCluster, AWSClusterTemplateResource)
AWSClusterSpec defines the desired state of an EC2-based Kubernetes cluster.
Field | Description |
---|---|
network NetworkSpec |
NetworkSpec encapsulates all things related to AWS network. |
region string |
The AWS Region the cluster lives in. |
partition string |
(Optional)
Partition is the AWS security partition being used. Defaults to “aws” |
sshKeyName string |
(Optional)
SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) |
controlPlaneEndpoint Cluster API api/v1beta1.APIEndpoint |
(Optional)
ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the ones added by default. |
controlPlaneLoadBalancer AWSLoadBalancerSpec |
(Optional)
ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior. |
secondaryControlPlaneLoadBalancer AWSLoadBalancerSpec |
(Optional)
SecondaryControlPlaneLoadBalancer is an additional load balancer that can be used for the control plane. An example use case is to have a separate internal load balancer for internal traffic, and a separate external load balancer for external traffic. |
imageLookupFormat string |
(Optional)
ImageLookupFormat is the AMI naming format to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ |
imageLookupOrg string |
(Optional)
ImageLookupOrg is the AWS Organization ID to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. |
imageLookupBaseOS string |
ImageLookupBaseOS is the name of the base operating system used to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupBaseOS. |
bastion Bastion |
(Optional)
Bastion contains options to configure the bastion host. |
identityRef AWSIdentityReference |
IdentityRef is a reference to an identity to be used when reconciling the managed control plane. If no identity is specified, the default identity for this controller will be used. |
s3Bucket S3Bucket |
(Optional)
S3Bucket contains options to configure a supporting S3 bucket for this cluster - currently used for nodes requiring Ignition (https://coreos.github.io/ignition/) for bootstrapping (requires BootstrapFormatIgnition feature flag to be enabled). |
AWSClusterStaticIdentity
AWSClusterStaticIdentity is the Schema for the awsclusterstaticidentities API It represents a reference to an AWS access key ID and secret access key, stored in a secret.
Field | Description | ||||
---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||
spec AWSClusterStaticIdentitySpec |
Spec for this AWSClusterStaticIdentity
|
AWSClusterStaticIdentitySpec
(Appears on:AWSClusterStaticIdentity)
AWSClusterStaticIdentitySpec defines the specifications for AWSClusterStaticIdentity.
Field | Description |
---|---|
AWSClusterIdentitySpec AWSClusterIdentitySpec |
(Members of |
secretRef string |
Reference to a secret containing the credentials. The secret should contain the following data keys: AccessKeyID: AKIAIOSFODNN7EXAMPLE SecretAccessKey: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY SessionToken: Optional |
AWSClusterStatus
(Appears on:AWSCluster)
AWSClusterStatus defines the observed state of AWSCluster.
Field | Description |
---|---|
ready bool |
|
networkStatus NetworkStatus |
|
failureDomains Cluster API api/v1beta1.FailureDomains |
|
bastion Instance |
|
conditions Cluster API api/v1beta1.Conditions |
AWSClusterTemplate
AWSClusterTemplate is the schema for Amazon EC2 based Kubernetes Cluster Templates.
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec AWSClusterTemplateSpec |
|
AWSClusterTemplateResource
(Appears on:AWSClusterTemplateSpec)
AWSClusterTemplateResource defines the desired state of AWSClusterTemplateResource.
Field | Description | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Cluster API api/v1beta1.ObjectMeta |
(Optional)
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||||||||||||||||||||||||
spec AWSClusterSpec |
|
AWSClusterTemplateSpec
(Appears on:AWSClusterTemplate)
AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate.
Field | Description |
---|---|
template AWSClusterTemplateResource |
AWSIdentityKind
(string
alias)
(Appears on:AWSIdentityReference)
AWSIdentityKind defines allowed AWS identity types.
AWSIdentityReference
(Appears on:AWSClusterRoleIdentitySpec, AWSClusterSpec, AWSManagedControlPlaneSpec, AWSManagedControlPlaneSpec, RosaControlPlaneSpec)
AWSIdentityReference specifies a identity.
Field | Description |
---|---|
name string |
Name of the identity. |
kind AWSIdentityKind |
Kind of the identity. |
AWSLoadBalancerSpec
(Appears on:AWSClusterSpec)
AWSLoadBalancerSpec defines the desired state of an AWS load balancer.
Field | Description |
---|---|
name string |
(Optional)
Name sets the name of the classic ELB load balancer. As per AWS, the name must be unique within your set of load balancers for the region, must have a maximum of 32 characters, must contain only alphanumeric characters or hyphens, and cannot begin or end with a hyphen. Once set, the value cannot be changed. |
scheme ELBScheme |
(Optional)
Scheme sets the scheme of the load balancer (defaults to internet-facing) |
crossZoneLoadBalancing bool |
(Optional)
CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing. With cross-zone load balancing, each load balancer node for your Classic Load Balancer distributes requests evenly across the registered instances in all enabled Availability Zones. If cross-zone load balancing is disabled, each load balancer node distributes requests evenly across the registered instances in its Availability Zone only. Defaults to false. |
subnets []string |
(Optional)
Subnets sets the subnets that should be applied to the control plane load balancer (defaults to discovered subnets for managed VPCs or an empty set for unmanaged VPCs) |
healthCheckProtocol ELBProtocol |
(Optional)
HealthCheckProtocol sets the protocol type for ELB health check target default value is ELBProtocolSSL |
healthCheck TargetGroupHealthCheckAPISpec |
(Optional)
HealthCheck sets custom health check configuration to the API target group. |
additionalSecurityGroups []string |
(Optional)
AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs This is optional - if not provided new security groups will be created for the load balancer |
additionalListeners []AdditionalListenerSpec |
(Optional)
AdditionalListeners sets the additional listeners for the control plane load balancer. This is only applicable to Network Load Balancer (NLB) types for the time being. |
ingressRules []IngressRule |
(Optional)
IngressRules sets the ingress rules for the control plane load balancer. |
loadBalancerType LoadBalancerType |
LoadBalancerType sets the type for a load balancer. The default type is classic. |
disableHostsRewrite bool |
DisableHostsRewrite disabled the hair pinning issue solution that adds the NLB’s address as 127.0.0.1 to the hosts file of each instance. This is by default, false. |
preserveClientIP bool |
PreserveClientIP lets the user control if preservation of client ips must be retained or not. If this is enabled 6443 will be opened to 0.0.0.0/0. |
AWSMachine
AWSMachine is the schema for Amazon EC2 machines.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
spec AWSMachineSpec |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status AWSMachineStatus |
AWSMachineProviderConditionType
(string
alias)
AWSMachineProviderConditionType is a valid value for AWSMachineProviderCondition.Type.
AWSMachineSpec
(Appears on:AWSMachine, AWSMachineTemplateResource)
AWSMachineSpec defines the desired state of an Amazon EC2 instance.
Field | Description |
---|---|
providerID string |
ProviderID is the unique identifier as specified by the cloud provider. |
instanceID string |
InstanceID is the EC2 instance ID for this machine. |
instanceMetadataOptions InstanceMetadataOptions |
(Optional)
InstanceMetadataOptions is the metadata options for the EC2 instance. |
ami AMIReference |
AMI is the reference to the AMI from which to create the machine instance. |
imageLookupFormat string |
(Optional)
ImageLookupFormat is the AMI naming format to look up the image for this machine It will be ignored if an explicit AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ |
imageLookupOrg string |
ImageLookupOrg is the AWS Organization ID to use for image lookup if AMI is not set. |
imageLookupBaseOS string |
ImageLookupBaseOS is the name of the base operating system to use for image lookup the AMI is not set. |
instanceType string |
InstanceType is the type of instance to create. Example: m4.xlarge |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the AWS provider. If both the AWSCluster and the AWSMachine specify the same tag name with different values, the AWSMachine’s value takes precedence. |
iamInstanceProfile string |
(Optional)
IAMInstanceProfile is a name of an IAM instance profile to assign to the instance |
publicIP bool |
(Optional)
PublicIP specifies whether the instance should get a public IP. Precedence for this setting is as follows: 1. This field if set 2. Cluster/flavor setting 3. Subnet default |
elasticIpPool ElasticIPPool |
(Optional)
ElasticIPPool is the configuration to allocate Public IPv4 address (Elastic IP/EIP) from user-defined pool. |
additionalSecurityGroups []AWSResourceReference |
(Optional)
AdditionalSecurityGroups is an array of references to security groups that should be applied to the instance. These security groups would be set in addition to any security groups defined at the cluster level or in the actuator. It is possible to specify either IDs of Filters. Using Filters will cause additional requests to AWS API and if tags change the attached security groups might change too. |
subnet AWSResourceReference |
(Optional)
Subnet is a reference to the subnet to use for this instance. If not specified, the cluster subnet will be used. |
securityGroupOverrides map[sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2.SecurityGroupRole]string |
(Optional)
SecurityGroupOverrides is an optional set of security groups to use for the node. This is optional - if not provided security groups from the cluster will be used. |
sshKeyName string |
(Optional)
SSHKeyName is the name of the ssh key to attach to the instance. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) |
rootVolume Volume |
(Optional)
RootVolume encapsulates the configuration options for the root volume |
nonRootVolumes []Volume |
(Optional)
Configuration options for the non root storage volumes. |
networkInterfaces []string |
(Optional)
NetworkInterfaces is a list of ENIs to associate with the instance. A maximum of 2 may be specified. |
uncompressedUserData bool |
(Optional)
UncompressedUserData specify whether the user data is gzip-compressed before it is sent to ec2 instance. cloud-init has built-in support for gzip-compressed user data user data stored in aws secret manager is always gzip-compressed. |
cloudInit CloudInit |
(Optional)
CloudInit defines options related to the bootstrapping systems where CloudInit is used. |
ignition Ignition |
(Optional)
Ignition defined options related to the bootstrapping systems where Ignition is used. |
spotMarketOptions SpotMarketOptions |
(Optional)
SpotMarketOptions allows users to configure instances to be run using AWS Spot instances. |
placementGroupName string |
(Optional)
PlacementGroupName specifies the name of the placement group in which to launch the instance. |
placementGroupPartition int64 |
(Optional)
PlacementGroupPartition is the partition number within the placement group in which to launch the instance.
This value is only valid if the placement group, referred in |
tenancy string |
(Optional)
Tenancy indicates if instance should run on shared or single-tenant hardware. |
privateDnsName PrivateDNSName |
(Optional)
PrivateDNSName is the options for the instance hostname. |
capacityReservationId string |
(Optional)
CapacityReservationID specifies the target Capacity Reservation into which the instance should be launched. |
AWSMachineStatus
(Appears on:AWSMachine)
AWSMachineStatus defines the observed state of AWSMachine.
Field | Description |
---|---|
ready bool |
(Optional)
Ready is true when the provider resource is ready. |
interruptible bool |
(Optional)
Interruptible reports that this machine is using spot instances and can therefore be interrupted by CAPI when it receives a notice that the spot instance is to be terminated by AWS. This will be set to true when SpotMarketOptions is not nil (i.e. this machine is using a spot instance). |
addresses []Cluster API api/v1beta1.MachineAddress |
Addresses contains the AWS instance associated addresses. |
instanceState InstanceState |
(Optional)
InstanceState is the state of the AWS instance for this machine. |
failureReason Cluster API errors.MachineStatusError |
(Optional)
FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller’s output. |
failureMessage string |
(Optional)
FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller’s output. |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current service state of the AWSMachine. |
AWSMachineTemplate
AWSMachineTemplate is the schema for the Amazon EC2 Machine Templates API.
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec AWSMachineTemplateSpec |
|
||
status AWSMachineTemplateStatus |
AWSMachineTemplateResource
(Appears on:AWSMachineTemplateSpec)
AWSMachineTemplateResource describes the data needed to create am AWSMachine from a template.
Field | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Cluster API api/v1beta1.ObjectMeta |
(Optional)
Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata Refer to the Kubernetes API documentation for the fields of themetadata field.
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
spec AWSMachineSpec |
Spec is the specification of the desired behavior of the machine.
|
AWSMachineTemplateSpec
(Appears on:AWSMachineTemplate)
AWSMachineTemplateSpec defines the desired state of AWSMachineTemplate.
Field | Description |
---|---|
template AWSMachineTemplateResource |
AWSMachineTemplateStatus
(Appears on:AWSMachineTemplate)
AWSMachineTemplateStatus defines a status for an AWSMachineTemplate.
Field | Description |
---|---|
capacity Kubernetes core/v1.ResourceList |
(Optional)
Capacity defines the resource capacity for this machine. This value is used for autoscaling from zero operations as defined in: https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20210310-opt-in-autoscaling-from-zero.md |
AWSMachineTemplateWebhook
AWSMachineTemplateWebhook implements a custom validation webhook for AWSMachineTemplate. Note: we use a custom validator to access the request context for SSA of AWSMachineTemplate.
AWSManagedCluster
AWSManagedCluster is the Schema for the awsmanagedclusters API
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec AWSManagedClusterSpec |
|
||
status AWSManagedClusterStatus |
AWSManagedClusterSpec
(Appears on:AWSManagedCluster)
AWSManagedClusterSpec defines the desired state of AWSManagedCluster
Field | Description |
---|---|
controlPlaneEndpoint Cluster API api/v1beta1.APIEndpoint |
(Optional)
ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. |
AWSManagedClusterStatus
(Appears on:AWSManagedCluster)
AWSManagedClusterStatus defines the observed state of AWSManagedCluster
Field | Description |
---|---|
ready bool |
(Optional)
Ready is when the AWSManagedControlPlane has a API server URL. |
failureDomains Cluster API api/v1beta1.FailureDomains |
(Optional)
FailureDomains specifies a list fo available availability zones that can be used |
AWSResourceReference
(Appears on:AWSMachineSpec, AWSLaunchTemplate, AWSMachinePoolSpec, AWSLaunchTemplate, AWSMachinePoolSpec)
AWSResourceReference is a reference to a specific AWS resource by ID or filters. Only one of ID or Filters may be specified. Specifying more than one will result in a validation error.
Field | Description |
---|---|
id string |
(Optional)
ID of resource |
filters []Filter |
(Optional)
Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html |
AWSRoleSpec
(Appears on:AWSClusterRoleIdentitySpec)
AWSRoleSpec defines the specifications for all identities based around AWS roles.
Field | Description |
---|---|
roleARN string |
The Amazon Resource Name (ARN) of the role to assume. |
sessionName string |
An identifier for the assumed role session |
durationSeconds int32 |
The duration, in seconds, of the role session before it is renewed. |
inlinePolicy string |
An IAM policy as a JSON-encoded string that you want to use as an inline session policy. |
policyARNs []string |
The Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. The policies must exist in the same account as the role. |
AZSelectionScheme
(string
alias)
(Appears on:VPCSpec)
AZSelectionScheme defines the scheme of selecting AZs.
AdditionalListenerSpec
(Appears on:AWSLoadBalancerSpec)
AdditionalListenerSpec defines the desired state of an additional listener on an AWS load balancer.
Field | Description |
---|---|
port int64 |
Port sets the port for the additional listener. |
protocol ELBProtocol |
Protocol sets the protocol for the additional listener. Currently only TCP is supported. |
healthCheck TargetGroupHealthCheckAdditionalSpec |
(Optional)
HealthCheck sets the optional custom health check configuration to the API target group. |
AllowedNamespaces
(Appears on:AWSClusterIdentitySpec)
AllowedNamespaces is a selector of namespaces that AWSClusters can use this ClusterPrincipal from. This is a standard Kubernetes LabelSelector, a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed.
Field | Description |
---|---|
list []string |
(Optional)
An nil or empty list indicates that AWSClusters cannot use the identity from any namespace. |
selector Kubernetes meta/v1.LabelSelector |
(Optional)
An empty selector indicates that AWSClusters cannot use this AWSClusterIdentity from any namespace. |
Bastion
(Appears on:AWSClusterSpec, AWSManagedControlPlaneSpec, AWSManagedControlPlaneSpec)
Bastion defines a bastion host.
Field | Description |
---|---|
enabled bool |
(Optional)
Enabled allows this provider to create a bastion host instance with a public ip to access the VPC private network. |
disableIngressRules bool |
(Optional)
DisableIngressRules will ensure there are no Ingress rules in the bastion host’s security group. Requires AllowedCIDRBlocks to be empty. |
allowedCIDRBlocks []string |
(Optional)
AllowedCIDRBlocks is a list of CIDR blocks allowed to access the bastion host. They are set as ingress rules for the Bastion host’s Security Group (defaults to 0.0.0.0/0). |
instanceType string |
InstanceType will use the specified instance type for the bastion. If not specified, Cluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro will be the default. |
ami string |
(Optional)
AMI will use the specified AMI to boot the bastion. If not specified, the AMI will default to one picked out in public space. |
BuildParams
BuildParams is used to build tags around an aws resource.
Field | Description |
---|---|
Lifecycle ResourceLifecycle |
Lifecycle determines the resource lifecycle. |
ClusterName string |
ClusterName is the cluster associated with the resource. |
ResourceID string |
ResourceID is the unique identifier of the resource to be tagged. |
Name string |
(Optional)
Name is the name of the resource, it’s applied as the tag “Name” on AWS. |
Role string |
(Optional)
Role is the role associated to the resource. |
Additional Tags |
(Optional)
Any additional tags to be added to the resource. |
CNIIngressRule
CNIIngressRule defines an AWS ingress rule for CNI requirements.
Field | Description |
---|---|
description string |
|
protocol SecurityGroupProtocol |
|
fromPort int64 |
|
toPort int64 |
CNIIngressRules
([]sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2.CNIIngressRule
alias)
(Appears on:CNISpec)
CNIIngressRules is a slice of CNIIngressRule.
CNISpec
(Appears on:NetworkSpec)
CNISpec defines configuration for CNI.
Field | Description |
---|---|
cniIngressRules CNIIngressRules |
CNIIngressRules specify rules to apply to control plane and worker node security groups. The source for the rule will be set to control plane and worker security group IDs. |
ClassicELBAttributes
(Appears on:LoadBalancer)
ClassicELBAttributes defines extra attributes associated with a classic load balancer.
Field | Description |
---|---|
idleTimeout time.Duration |
IdleTimeout is time that the connection is allowed to be idle (no data has been sent over the connection) before it is closed by the load balancer. |
crossZoneLoadBalancing bool |
(Optional)
CrossZoneLoadBalancing enables the classic load balancer load balancing. |
ClassicELBHealthCheck
(Appears on:LoadBalancer)
ClassicELBHealthCheck defines an AWS classic load balancer health check.
Field | Description |
---|---|
target string |
|
interval time.Duration |
|
timeout time.Duration |
|
healthyThreshold int64 |
|
unhealthyThreshold int64 |
ClassicELBListener
(Appears on:LoadBalancer)
ClassicELBListener defines an AWS classic load balancer listener.
Field | Description |
---|---|
protocol ELBProtocol |
|
port int64 |
|
instanceProtocol ELBProtocol |
|
instancePort int64 |
CloudInit
(Appears on:AWSMachineSpec)
CloudInit defines options related to the bootstrapping systems where CloudInit is used.
Field | Description |
---|---|
insecureSkipSecretsManager bool |
InsecureSkipSecretsManager, when set to true will not use AWS Secrets Manager or AWS Systems Manager Parameter Store to ensure privacy of userdata. By default, a cloud-init boothook shell script is prepended to download the userdata from Secrets Manager and additionally delete the secret. |
secretCount int32 |
(Optional)
SecretCount is the number of secrets used to form the complete secret |
secretPrefix string |
(Optional)
SecretPrefix is the prefix for the secret name. This is stored temporarily, and deleted when the machine registers as a node against the workload cluster. |
secureSecretsBackend SecretBackend |
(Optional)
SecureSecretsBackend, when set to parameter-store will utilize the AWS Systems Manager Parameter Storage to distribute secrets. By default or with the value of secrets-manager, will use AWS Secrets Manager instead. |
EKSAMILookupType
(string
alias)
(Appears on:AMIReference)
EKSAMILookupType specifies which AWS AMI to use for a AWSMachine and AWSMachinePool.
ELBProtocol
(string
alias)
(Appears on:AWSLoadBalancerSpec, AdditionalListenerSpec, ClassicELBListener, Listener, TargetGroupSpec)
ELBProtocol defines listener protocols for a load balancer.
ELBScheme
(string
alias)
(Appears on:AWSLoadBalancerSpec, LoadBalancer)
ELBScheme defines the scheme of a load balancer.
ElasticIPPool
(Appears on:AWSMachineSpec, VPCSpec)
ElasticIPPool allows configuring a Elastic IP pool for resources allocating public IPv4 addresses on public subnets.
Field | Description |
---|---|
publicIpv4Pool string |
(Optional)
PublicIpv4Pool sets a custom Public IPv4 Pool used to create Elastic IP address for resources created in public IPv4 subnets. Every IPv4 address, Elastic IP, will be allocated from the custom Public IPv4 pool that you brought to AWS, instead of Amazon-provided pool. The public IPv4 pool resource ID starts with ‘ipv4pool-ec2’. |
publicIpv4PoolFallbackOrder PublicIpv4PoolFallbackOrder |
(Optional)
PublicIpv4PoolFallBackOrder defines the fallback action when the Public IPv4 Pool has been exhausted, no more IPv4 address available in the pool. When set to ‘amazon-pool’, the controller check if the pool has available IPv4 address, when pool has reached the IPv4 limit, the address will be claimed from Amazon-pool (default). When set to ‘none’, the controller will fail the Elastic IP allocation when the publicIpv4Pool is exhausted. |
Filter
(Appears on:AWSResourceReference)
Filter is a filter used to identify an AWS resource.
Field | Description |
---|---|
name string |
Name of the filter. Filter names are case-sensitive. |
values []string |
Values includes one or more filter values. Filter values are case-sensitive. |
GCTask
(string
alias)
GCTask defines a task to be executed by the garbage collector.
HTTPTokensState
(string
alias)
(Appears on:InstanceMetadataOptions)
HTTPTokensState describes the state of InstanceMetadataOptions.HTTPTokensState
IPAMPool
IPAMPool defines the IPAM pool to be used for VPC.
Field | Description |
---|---|
id string |
ID is the ID of the IPAM pool this provider should use to create VPC. |
name string |
Name is the name of the IPAM pool this provider should use to create VPC. |
netmaskLength int64 |
The netmask length of the IPv4 CIDR you want to allocate to VPC from an Amazon VPC IP Address Manager (IPAM) pool. Defaults to /16 for IPv4 if not specified. |
IPv6
(Appears on:VPCSpec)
IPv6 contains ipv6 specific settings for the network.
Field | Description |
---|---|
cidrBlock string |
(Optional)
CidrBlock is the CIDR block provided by Amazon when VPC has enabled IPv6. Mutually exclusive with IPAMPool. |
poolId string |
(Optional)
PoolID is the IP pool which must be defined in case of BYO IP is defined. Must be specified if CidrBlock is set. Mutually exclusive with IPAMPool. |
egressOnlyInternetGatewayId string |
(Optional)
EgressOnlyInternetGatewayID is the id of the egress only internet gateway associated with an IPv6 enabled VPC. |
ipamPool IPAMPool |
(Optional)
IPAMPool defines the IPAMv6 pool to be used for VPC. Mutually exclusive with CidrBlock. |
Ignition
(Appears on:AWSMachineSpec)
Ignition defines options related to the bootstrapping systems where Ignition is used. For more information on Ignition configuration, see https://coreos.github.io/butane/specs/
Field | Description |
---|---|
version string |
(Optional)
Version defines which version of Ignition will be used to generate bootstrap data. |
storageType IgnitionStorageTypeOption |
(Optional)
StorageType defines how to store the boostrap user data for Ignition. This can be used to instruct Ignition from where to fetch the user data to bootstrap an instance. When omitted, the storage option will default to ClusterObjectStore. When set to “ClusterObjectStore”, if the capability is available and a Cluster ObjectStore configuration is correctly provided in the Cluster object (under .spec.s3Bucket), an object store will be used to store bootstrap user data. When set to “UnencryptedUserData”, EC2 Instance User Data will be used to store the machine bootstrap user data, unencrypted. This option is considered less secure than others as user data may contain sensitive informations (keys, certificates, etc.) and users with ec2:DescribeInstances permission or users running pods that can access the ec2 metadata service have access to this sensitive information. So this is only to be used at ones own risk, and only when other more secure options are not viable. |
proxy IgnitionProxy |
(Optional)
Proxy defines proxy settings for Ignition. Only valid for Ignition versions 3.1 and above. |
tls IgnitionTLS |
(Optional)
TLS defines TLS settings for Ignition. Only valid for Ignition versions 3.1 and above. |
IgnitionCASource
(string
alias)
(Appears on:IgnitionTLS)
IgnitionCASource defines the source of the certificate authority to use for Ignition.
IgnitionNoProxy
(string
alias)
(Appears on:IgnitionProxy)
IgnitionNoProxy defines the list of domains to not proxy for Ignition.
IgnitionProxy
(Appears on:Ignition)
IgnitionProxy defines proxy settings for Ignition.
Field | Description |
---|---|
httpProxy string |
(Optional)
HTTPProxy is the HTTP proxy to use for Ignition. A single URL that specifies the proxy server to use for HTTP and HTTPS requests, unless overridden by the HTTPSProxy or NoProxy options. |
httpsProxy string |
(Optional)
HTTPSProxy is the HTTPS proxy to use for Ignition. A single URL that specifies the proxy server to use for HTTPS requests, unless overridden by the NoProxy option. |
noProxy []IgnitionNoProxy |
(Optional)
NoProxy is the list of domains to not proxy for Ignition. Specifies a list of strings to hosts that should be excluded from proxying. Each value is represented by: - An IP address prefix (1.2.3.4) - An IP address prefix in CIDR notation (1.2.3.4⁄8) - A domain name - A domain name matches that name and all subdomains - A domain name with a leading . matches subdomains only - A special DNS label (*), indicates that no proxying should be done An IP address prefix and domain name can also include a literal port number (1.2.3.4:80). |
IgnitionStorageTypeOption
(string
alias)
(Appears on:Ignition)
IgnitionStorageTypeOption defines the different storage types for Ignition.
IgnitionTLS
(Appears on:Ignition)
IgnitionTLS defines TLS settings for Ignition.
Field | Description |
---|---|
certificateAuthorities []IgnitionCASource |
(Optional)
CASources defines the list of certificate authorities to use for Ignition.
The value is the certificate bundle (in PEM format). The bundle can contain multiple concatenated certificates.
Supported schemes are http, https, tftp, s3, arn, gs, and |
IngressRule
(Appears on:AWSLoadBalancerSpec, NetworkSpec)
IngressRule defines an AWS ingress rule for security groups.
Field | Description |
---|---|
description string |
Description provides extended information about the ingress rule. |
protocol SecurityGroupProtocol |
Protocol is the protocol for the ingress rule. Accepted values are “-1” (all), “4” (IP in IP),“tcp”, “udp”, “icmp”, and “58” (ICMPv6), “50” (ESP). |
fromPort int64 |
FromPort is the start of port range. |
toPort int64 |
ToPort is the end of port range. |
cidrBlocks []string |
(Optional)
List of CIDR blocks to allow access from. Cannot be specified with SourceSecurityGroupID. |
ipv6CidrBlocks []string |
(Optional)
List of IPv6 CIDR blocks to allow access from. Cannot be specified with SourceSecurityGroupID. |
sourceSecurityGroupIds []string |
(Optional)
The security group id to allow access from. Cannot be specified with CidrBlocks. |
sourceSecurityGroupRoles []SecurityGroupRole |
(Optional)
The security group role to allow access from. Cannot be specified with CidrBlocks. The field will be combined with source security group IDs if specified. |
natGatewaysIPsSource bool |
(Optional)
NatGatewaysIPsSource use the NAT gateways IPs as the source for the ingress rule. |
IngressRules
([]sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2.IngressRule
alias)
(Appears on:SecurityGroup)
IngressRules is a slice of AWS ingress rules for security groups.
Instance
(Appears on:AWSClusterStatus, AWSManagedControlPlaneStatus, AWSManagedControlPlaneStatus, AutoScalingGroup, AutoScalingGroup)
Instance describes an AWS instance.
Field | Description |
---|---|
id string |
|
instanceState InstanceState |
The current state of the instance. |
type string |
The instance type. |
subnetId string |
The ID of the subnet of the instance. |
imageId string |
The ID of the AMI used to launch the instance. |
sshKeyName string |
The name of the SSH key pair. |
securityGroupIds []string |
SecurityGroupIDs are one or more security group IDs this instance belongs to. |
userData string |
UserData is the raw data script passed to the instance which is run upon bootstrap. This field must not be base64 encoded and should only be used when running a new instance. |
iamProfile string |
The name of the IAM instance profile associated with the instance, if applicable. |
addresses []Cluster API api/v1beta1.MachineAddress |
Addresses contains the AWS instance associated addresses. |
privateIp string |
The private IPv4 address assigned to the instance. |
publicIp string |
The public IPv4 address assigned to the instance, if applicable. |
enaSupport bool |
Specifies whether enhanced networking with ENA is enabled. |
ebsOptimized bool |
Indicates whether the instance is optimized for Amazon EBS I/O. |
rootVolume Volume |
(Optional)
Configuration options for the root storage volume. |
nonRootVolumes []Volume |
(Optional)
Configuration options for the non root storage volumes. |
networkInterfaces []string |
Specifies ENIs attached to instance |
tags map[string]string |
The tags associated with the instance. |
availabilityZone string |
Availability zone of instance |
spotMarketOptions SpotMarketOptions |
SpotMarketOptions option for configuring instances to be run using AWS Spot instances. |
placementGroupName string |
(Optional)
PlacementGroupName specifies the name of the placement group in which to launch the instance. |
placementGroupPartition int64 |
(Optional)
PlacementGroupPartition is the partition number within the placement group in which to launch the instance.
This value is only valid if the placement group, referred in |
tenancy string |
(Optional)
Tenancy indicates if instance should run on shared or single-tenant hardware. |
volumeIDs []string |
(Optional)
IDs of the instance’s volumes |
instanceMetadataOptions InstanceMetadataOptions |
(Optional)
InstanceMetadataOptions is the metadata options for the EC2 instance. |
privateDnsName PrivateDNSName |
(Optional)
PrivateDNSName is the options for the instance hostname. |
publicIPOnLaunch bool |
(Optional)
PublicIPOnLaunch is the option to associate a public IP on instance launch |
capacityReservationId string |
(Optional)
CapacityReservationID specifies the target Capacity Reservation into which the instance should be launched. |
InstanceMetadataOptions
(Appears on:AWSMachineSpec, Instance, AWSLaunchTemplate)
InstanceMetadataOptions describes metadata options for the EC2 instance.
Field | Description |
---|---|
httpEndpoint InstanceMetadataState |
Enables or disables the HTTP metadata endpoint on your instances. If you specify a value of disabled, you cannot access your instance metadata. Default: enabled |
httpPutResponseHopLimit int64 |
The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Default: 1 |
httpTokens HTTPTokensState |
The state of token usage for your instance metadata requests. If the state is optional, you can choose to retrieve instance metadata with or without a session token on your request. If you retrieve the IAM role credentials without a token, the version 1.0 role credentials are returned. If you retrieve the IAM role credentials using a valid session token, the version 2.0 role credentials are returned. If the state is required, you must send a session token with any instance metadata retrieval requests. In this state, retrieving the IAM role credentials always returns the version 2.0 credentials; the version 1.0 credentials are not available. Default: optional |
instanceMetadataTags InstanceMetadataState |
Set to enabled to allow access to instance tags from the instance metadata. Set to disabled to turn off access to instance tags from the instance metadata. For more information, see Work with instance tags using the instance metadata (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS). Default: disabled |
InstanceMetadataState
(string
alias)
(Appears on:InstanceMetadataOptions)
InstanceMetadataState describes the state of InstanceMetadataOptions.HttpEndpoint and InstanceMetadataOptions.InstanceMetadataTags
InstanceState
(string
alias)
(Appears on:AWSMachineStatus, Instance)
InstanceState describes the state of an AWS instance.
Listener
(Appears on:LoadBalancer)
Listener defines an AWS network load balancer listener.
Field | Description |
---|---|
protocol ELBProtocol |
|
port int64 |
|
targetGroup TargetGroupSpec |
LoadBalancer
(Appears on:NetworkStatus)
LoadBalancer defines an AWS load balancer.
Field | Description |
---|---|
arn string |
ARN of the load balancer. Unlike the ClassicLB, ARN is used mostly to define and get it. |
name string |
(Optional)
The name of the load balancer. It must be unique within the set of load balancers defined in the region. It also serves as identifier. |
dnsName string |
DNSName is the dns name of the load balancer. |
scheme ELBScheme |
Scheme is the load balancer scheme, either internet-facing or private. |
availabilityZones []string |
AvailabilityZones is an array of availability zones in the VPC attached to the load balancer. |
subnetIds []string |
SubnetIDs is an array of subnets in the VPC attached to the load balancer. |
securityGroupIds []string |
SecurityGroupIDs is an array of security groups assigned to the load balancer. |
listeners []ClassicELBListener |
ClassicELBListeners is an array of classic elb listeners associated with the load balancer. There must be at least one. |
healthChecks ClassicELBHealthCheck |
HealthCheck is the classic elb health check associated with the load balancer. |
attributes ClassicELBAttributes |
ClassicElbAttributes defines extra attributes associated with the load balancer. |
tags map[string]string |
Tags is a map of tags associated with the load balancer. |
elbListeners []Listener |
ELBListeners is an array of listeners associated with the load balancer. There must be at least one. |
elbAttributes map[string]*string |
ELBAttributes defines extra attributes associated with v2 load balancers. |
loadBalancerType LoadBalancerType |
LoadBalancerType sets the type for a load balancer. The default type is classic. |
LoadBalancerAttribute
(string
alias)
LoadBalancerAttribute defines a set of attributes for a V2 load balancer.
LoadBalancerType
(string
alias)
(Appears on:AWSLoadBalancerSpec, LoadBalancer)
LoadBalancerType defines the type of load balancer to use.
NetworkSpec
(Appears on:AWSClusterSpec, AWSManagedControlPlaneSpec, AWSManagedControlPlaneSpec)
NetworkSpec encapsulates all things related to AWS network.
Field | Description |
---|---|
vpc VPCSpec |
(Optional)
VPC configuration. |
subnets Subnets |
(Optional)
Subnets configuration. |
cni CNISpec |
(Optional)
CNI configuration |
securityGroupOverrides map[sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2.SecurityGroupRole]string |
(Optional)
SecurityGroupOverrides is an optional set of security groups to use for cluster instances This is optional - if not provided new security groups will be created for the cluster |
additionalControlPlaneIngressRules []IngressRule |
(Optional)
AdditionalControlPlaneIngressRules is an optional set of ingress rules to add to the control plane |
NetworkStatus
(Appears on:AWSClusterStatus, AWSManagedControlPlaneStatus, AWSManagedControlPlaneStatus)
NetworkStatus encapsulates AWS networking resources.
Field | Description |
---|---|
securityGroups map[sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2.SecurityGroupRole]sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2.SecurityGroup |
SecurityGroups is a map from the role/kind of the security group to its unique name, if any. |
apiServerElb LoadBalancer |
APIServerELB is the Kubernetes api server load balancer. |
secondaryAPIServerELB LoadBalancer |
SecondaryAPIServerELB is the secondary Kubernetes api server load balancer. |
natGatewaysIPs []string |
NatGatewaysIPs contains the public IPs of the NAT Gateways |
PrivateDNSName
(Appears on:AWSMachineSpec, Instance, AWSLaunchTemplate)
PrivateDNSName is the options for the instance hostname.
Field | Description |
---|---|
enableResourceNameDnsAAAARecord bool |
(Optional)
EnableResourceNameDNSAAAARecord indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records. |
enableResourceNameDnsARecord bool |
(Optional)
EnableResourceNameDNSARecord indicates whether to respond to DNS queries for instance hostnames with DNS A records. |
hostnameType string |
(Optional)
The type of hostname to assign to an instance. |
PublicIpv4PoolFallbackOrder
(string
alias)
(Appears on:ElasticIPPool)
PublicIpv4PoolFallbackOrder defines the list of available fallback action when the PublicIpv4Pool is exhausted. ‘none’ let the controllers return failures when the PublicIpv4Pool is exhausted - no more IPv4 available. ‘amazon-pool’ let the controllers to skip the PublicIpv4Pool and use the Amazon pool, the default.
ResourceLifecycle
(string
alias)
(Appears on:BuildParams)
ResourceLifecycle configures the lifecycle of a resource.
RouteTable
RouteTable defines an AWS routing table.
Field | Description |
---|---|
id string |
S3Bucket
(Appears on:AWSClusterSpec)
S3Bucket defines a supporting S3 bucket for the cluster, currently can be optionally used for Ignition.
Field | Description |
---|---|
controlPlaneIAMInstanceProfile string |
(Optional)
ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, which will be allowed to read control-plane node bootstrap data from S3 Bucket. |
nodesIAMInstanceProfiles []string |
(Optional)
NodesIAMInstanceProfiles is a list of IAM instance profiles, which will be allowed to read worker nodes bootstrap data from S3 Bucket. |
presignedURLDuration Kubernetes meta/v1.Duration |
(Optional)
PresignedURLDuration defines the duration for which presigned URLs are valid. This is used to generate presigned URLs for S3 Bucket objects, which are used by control-plane and worker nodes to fetch bootstrap data. When enabled, the IAM instance profiles specified are not used. |
name string |
Name defines name of S3 Bucket to be created. |
bestEffortDeleteObjects bool |
(Optional)
BestEffortDeleteObjects defines whether access/permission errors during object deletion should be ignored. |
SecretBackend
(string
alias)
(Appears on:CloudInit, AWSIAMConfigurationSpec, AWSIAMConfigurationSpec)
SecretBackend defines variants for backend secret storage.
SecurityGroup
(Appears on:NetworkStatus)
SecurityGroup defines an AWS security group.
Field | Description |
---|---|
id string |
ID is a unique identifier. |
name string |
Name is the security group name. |
ingressRule IngressRules |
(Optional)
IngressRules is the inbound rules associated with the security group. |
tags Tags |
Tags is a map of tags associated with the security group. |
SecurityGroupProtocol
(string
alias)
(Appears on:CNIIngressRule, IngressRule)
SecurityGroupProtocol defines the protocol type for a security group rule.
SecurityGroupRole
(string
alias)
(Appears on:IngressRule)
SecurityGroupRole defines the unique role of a security group.
SpotMarketOptions
(Appears on:AWSMachineSpec, Instance, AWSLaunchTemplate, AWSLaunchTemplate)
SpotMarketOptions defines the options available to a user when configuring Machines to run on Spot instances. Most users should provide an empty struct.
Field | Description |
---|---|
maxPrice string |
(Optional)
MaxPrice defines the maximum price the user is willing to pay for Spot VM instances |
SubnetSchemaType
(string
alias)
(Appears on:VPCSpec)
SubnetSchemaType specifies how given network should be divided on subnets in the VPC depending on the number of AZs.
SubnetSpec
SubnetSpec configures an AWS Subnet.
Field | Description |
---|---|
id string |
ID defines a unique identifier to reference this resource.
If you’re bringing your subnet, set the AWS subnet-id here, it must start with When the VPC is managed by CAPA, and you’d like the provider to create a subnet for you,
the id can be set to any placeholder value that does not start with |
resourceID string |
(Optional)
ResourceID is the subnet identifier from AWS, READ ONLY. This field is populated when the provider manages the subnet. |
cidrBlock string |
CidrBlock is the CIDR block to be used when the provider creates a managed VPC. |
ipv6CidrBlock string |
(Optional)
IPv6CidrBlock is the IPv6 CIDR block to be used when the provider creates a managed VPC. A subnet can have an IPv4 and an IPv6 address. IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. |
availabilityZone string |
AvailabilityZone defines the availability zone to use for this subnet in the cluster’s region. |
isPublic bool |
(Optional)
IsPublic defines the subnet as a public subnet. A subnet is public when it is associated with a route table that has a route to an internet gateway. |
isIpv6 bool |
(Optional)
IsIPv6 defines the subnet as an IPv6 subnet. A subnet is IPv6 when it is associated with a VPC that has IPv6 enabled. IPv6 is only supported in managed clusters, this field cannot be set on AWSCluster object. |
routeTableId string |
(Optional)
RouteTableID is the routing table id associated with the subnet. |
natGatewayId string |
(Optional)
NatGatewayID is the NAT gateway id associated with the subnet. Ignored unless the subnet is managed by the provider, in which case this is set on the public subnet where the NAT gateway resides. It is then used to determine routes for private subnets in the same AZ as the public subnet. |
tags Tags |
Tags is a collection of tags describing the resource. |
zoneType ZoneType |
(Optional)
ZoneType defines the type of the zone where the subnet is created. The valid values are availability-zone, local-zone, and wavelength-zone. Subnet with zone type availability-zone (regular) is always selected to create cluster resources, like Load Balancers, NAT Gateways, Contol Plane nodes, etc. Subnet with zone type local-zone or wavelength-zone is not eligible to automatically create regular cluster resources. The public subnet in availability-zone or local-zone is associated with regular public route table with default route entry to a Internet Gateway. The public subnet in wavelength-zone is associated with a carrier public route table with default route entry to a Carrier Gateway. The private subnet in the availability-zone is associated with a private route table with the default route entry to a NAT Gateway created in that zone. The private subnet in the local-zone or wavelength-zone is associated with a private route table with the default route entry re-using the NAT Gateway in the Region (preferred from the parent zone, the zone type availability-zone in the region, or first table available). |
parentZoneName string |
(Optional)
ParentZoneName is the zone name where the current subnet’s zone is tied when the zone is a Local Zone. The subnets in Local Zone or Wavelength Zone locations consume the ParentZoneName to select the correct private route table to egress traffic to the internet. |
Subnets
([]sigs.k8s.io/cluster-api-provider-aws/v2/api/v1beta2.SubnetSpec
alias)
(Appears on:NetworkSpec)
Subnets is a slice of Subnet.
Tags
(map[string]string
alias)
(Appears on:AWSClusterSpec, AWSMachineSpec, BuildParams, SecurityGroup, SubnetSpec, VPCSpec, AWSIAMRoleSpec, BootstrapUser, AWSIAMRoleSpec, BootstrapUser, AWSManagedControlPlaneSpec, OIDCIdentityProviderConfig, AWSManagedControlPlaneSpec, OIDCIdentityProviderConfig, RosaControlPlaneSpec, AWSMachinePoolSpec, AWSManagedMachinePoolSpec, AutoScalingGroup, FargateProfileSpec, AWSMachinePoolSpec, AWSManagedMachinePoolSpec, AutoScalingGroup, FargateProfileSpec, RosaMachinePoolSpec)
Tags defines a map of tags.
TargetGroupAttribute
(string
alias)
TargetGroupAttribute defines attribute key values for V2 Load Balancer Attributes.
TargetGroupHealthCheck
(Appears on:TargetGroupSpec)
TargetGroupHealthCheck defines health check settings for the target group.
Field | Description |
---|---|
protocol string |
|
path string |
|
port string |
|
intervalSeconds int64 |
|
timeoutSeconds int64 |
|
thresholdCount int64 |
|
unhealthyThresholdCount int64 |
TargetGroupHealthCheckAPISpec
(Appears on:AWSLoadBalancerSpec)
TargetGroupHealthCheckAPISpec defines the optional health check settings for the API target group.
Field | Description |
---|---|
intervalSeconds int64 |
(Optional)
The approximate amount of time, in seconds, between health checks of an individual target. |
timeoutSeconds int64 |
(Optional)
The amount of time, in seconds, during which no response from a target means a failed health check. |
thresholdCount int64 |
(Optional)
The number of consecutive health check successes required before considering a target healthy. |
unhealthyThresholdCount int64 |
(Optional)
The number of consecutive health check failures required before considering a target unhealthy. |
TargetGroupHealthCheckAdditionalSpec
(Appears on:AdditionalListenerSpec)
TargetGroupHealthCheckAdditionalSpec defines the optional health check settings for the additional target groups.
Field | Description |
---|---|
protocol string |
(Optional)
The protocol to use to health check connect with the target. When not specified the Protocol will be the same of the listener. |
port string |
(Optional)
The port the load balancer uses when performing health checks for additional target groups. When not specified this value will be set for the same of listener port. |
path string |
(Optional)
The destination for health checks on the targets when using the protocol HTTP or HTTPS, otherwise the path will be ignored. |
intervalSeconds int64 |
(Optional)
The approximate amount of time, in seconds, between health checks of an individual target. |
timeoutSeconds int64 |
(Optional)
The amount of time, in seconds, during which no response from a target means a failed health check. |
thresholdCount int64 |
(Optional)
The number of consecutive health check successes required before considering a target healthy. |
unhealthyThresholdCount int64 |
(Optional)
The number of consecutive health check failures required before considering a target unhealthy. |
TargetGroupSpec
(Appears on:Listener)
TargetGroupSpec specifies target group settings for a given listener. This is created first, and the ARN is then passed to the listener.
Field | Description |
---|---|
name string |
Name of the TargetGroup. Must be unique over the same group of listeners. |
port int64 |
Port is the exposed port |
protocol ELBProtocol |
|
vpcId string |
|
targetGroupHealthCheck TargetGroupHealthCheck |
HealthCheck is the elb health check associated with the load balancer. |
VPCSpec
(Appears on:NetworkSpec)
VPCSpec configures an AWS VPC.
Field | Description |
---|---|
id string |
ID is the vpc-id of the VPC this provider should use to create resources. |
cidrBlock string |
CidrBlock is the CIDR block to be used when the provider creates a managed VPC. Defaults to 10.0.0.0/16. Mutually exclusive with IPAMPool. |
secondaryCidrBlocks []VpcCidrBlock |
(Optional)
SecondaryCidrBlocks are additional CIDR blocks to be associated when the provider creates a managed VPC. Defaults to none. Mutually exclusive with IPAMPool. This makes sense to use if, for example, you want to use a separate IP range for pods (e.g. Cilium ENI mode). |
ipamPool IPAMPool |
IPAMPool defines the IPAMv4 pool to be used for VPC. Mutually exclusive with CidrBlock. |
ipv6 IPv6 |
(Optional)
IPv6 contains ipv6 specific settings for the network. Supported only in managed clusters. This field cannot be set on AWSCluster object. |
internetGatewayId string |
(Optional)
InternetGatewayID is the id of the internet gateway associated with the VPC. |
carrierGatewayId string |
(Optional)
CarrierGatewayID is the id of the internet gateway associated with the VPC, for carrier network (Wavelength Zones). |
tags Tags |
Tags is a collection of tags describing the resource. |
availabilityZoneUsageLimit int |
AvailabilityZoneUsageLimit specifies the maximum number of availability zones (AZ) that should be used in a region when automatically creating subnets. If a region has more than this number of AZs then this number of AZs will be picked randomly when creating default subnets. Defaults to 3 |
availabilityZoneSelection AZSelectionScheme |
AvailabilityZoneSelection specifies how AZs should be selected if there are more AZs in a region than specified by AvailabilityZoneUsageLimit. There are 2 selection schemes: Ordered - selects based on alphabetical order Random - selects AZs randomly in a region Defaults to Ordered |
emptyRoutesDefaultVPCSecurityGroup bool |
(Optional)
EmptyRoutesDefaultVPCSecurityGroup specifies whether the default VPC security group ingress and egress rules should be removed. By default, when creating a VPC, AWS creates a security group called NOTE: This only applies when the VPC is managed by the Cluster API AWS controller. |
privateDnsHostnameTypeOnLaunch string |
(Optional)
PrivateDNSHostnameTypeOnLaunch is the type of hostname to assign to instances in the subnet at launch. For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an instance DNS name can be based on the instance IPv4 address (ip-name) or the instance ID (resource-name). For IPv6 only subnets, an instance DNS name must be based on the instance ID (resource-name). |
elasticIpPool ElasticIPPool |
(Optional)
ElasticIPPool contains specific configuration to allocate Public IPv4 address (Elastic IP) from user-defined pool brought to AWS for core infrastructure resources, like NAT Gateways and Public Network Load Balancers for the API Server. |
subnetSchema SubnetSchemaType |
(Optional)
SubnetSchema specifies how CidrBlock should be divided on subnets in the VPC depending on the number of AZs. PreferPrivate - one private subnet for each AZ plus one other subnet that will be further sub-divided for the public subnets. PreferPublic - have the reverse logic of PreferPrivate, one public subnet for each AZ plus one other subnet that will be further sub-divided for the private subnets. Defaults to PreferPrivate |
Volume
(Appears on:AWSMachineSpec, Instance, AWSLaunchTemplate, AWSLaunchTemplate)
Volume encapsulates the configuration options for the storage device.
Field | Description |
---|---|
deviceName string |
(Optional)
Device name |
size int64 |
Size specifies size (in Gi) of the storage device. Must be greater than the image snapshot size or 8 (whichever is greater). |
type VolumeType |
(Optional)
Type is the type of the volume (e.g. gp2, io1, etc…). |
iops int64 |
(Optional)
IOPS is the number of IOPS requested for the disk. Not applicable to all types. |
throughput int64 |
(Optional)
Throughput to provision in MiB/s supported for the volume type. Not applicable to all types. |
encrypted bool |
(Optional)
Encrypted is whether the volume should be encrypted or not. |
encryptionKey string |
(Optional)
EncryptionKey is the KMS key to use to encrypt the volume. Can be either a KMS key ID or ARN. If Encrypted is set and this is omitted, the default AWS key will be used. The key must already exist and be accessible by the controller. |
VolumeType
(string
alias)
(Appears on:Volume)
VolumeType describes the EBS volume type. See: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-volume-types.html
VpcCidrBlock
(Appears on:VPCSpec)
VpcCidrBlock defines the CIDR block and settings to associate with the managed VPC. Currently, only IPv4 is supported.
Field | Description |
---|---|
ipv4CidrBlock string |
IPv4CidrBlock is the IPv4 CIDR block to associate with the managed VPC. |
ZoneType
(string
alias)
(Appears on:SubnetSpec)
ZoneType defines listener AWS Availability Zone type.
ASGStatus
(string
alias)
(Appears on:AWSMachinePoolStatus, AutoScalingGroup)
ASGStatus is a status string returned by the autoscaling API.
AWSFargateProfile
AWSFargateProfile is the Schema for the awsfargateprofiles API.
Field | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||
spec FargateProfileSpec |
|
||||||||||||
status FargateProfileStatus |
AWSLaunchTemplate
(Appears on:AWSMachinePoolSpec, AWSManagedMachinePoolSpec)
AWSLaunchTemplate defines the desired state of AWSLaunchTemplate.
Field | Description |
---|---|
name string |
The name of the launch template. |
iamInstanceProfile string |
The name or the Amazon Resource Name (ARN) of the instance profile associated with the IAM role for the instance. The instance profile contains the IAM role. |
ami AMIReference |
(Optional)
AMI is the reference to the AMI from which to create the machine instance. |
imageLookupFormat string |
(Optional)
ImageLookupFormat is the AMI naming format to look up the image for this machine It will be ignored if an explicit AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ |
imageLookupOrg string |
ImageLookupOrg is the AWS Organization ID to use for image lookup if AMI is not set. |
imageLookupBaseOS string |
ImageLookupBaseOS is the name of the base operating system to use for image lookup the AMI is not set. |
instanceType string |
InstanceType is the type of instance to create. Example: m4.xlarge |
rootVolume Volume |
(Optional)
RootVolume encapsulates the configuration options for the root volume |
nonRootVolumes []Volume |
(Optional)
Configuration options for the non root storage volumes. |
sshKeyName string |
(Optional)
SSHKeyName is the name of the ssh key to attach to the instance. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) |
versionNumber int64 |
VersionNumber is the version of the launch template that is applied. Typically a new version is created when at least one of the following happens: 1) A new launch template spec is applied. 2) One or more parameters in an existing template is changed. 3) A new AMI is discovered. |
additionalSecurityGroups []AWSResourceReference |
(Optional)
AdditionalSecurityGroups is an array of references to security groups that should be applied to the instances. These security groups would be set in addition to any security groups defined at the cluster level or in the actuator. |
spotMarketOptions SpotMarketOptions |
SpotMarketOptions are options for configuring AWSMachinePool instances to be run using AWS Spot instances. |
instanceMetadataOptions InstanceMetadataOptions |
(Optional)
InstanceMetadataOptions defines the behavior for applying metadata to instances. |
privateDnsName PrivateDNSName |
(Optional)
PrivateDNSName is the options for the instance hostname. |
AWSMachinePool
AWSMachinePool is the Schema for the awsmachinepools API.
Field | Description | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||
spec AWSMachinePoolSpec |
|
||||||||||||||||||||||||||||||
status AWSMachinePoolStatus |
AWSMachinePoolInstanceStatus
(Appears on:AWSMachinePoolStatus)
AWSMachinePoolInstanceStatus defines the status of the AWSMachinePoolInstance.
Field | Description |
---|---|
instanceID string |
(Optional)
InstanceID is the identification of the Machine Instance within ASG |
version string |
(Optional)
Version defines the Kubernetes version for the Machine Instance |
AWSMachinePoolSpec
(Appears on:AWSMachinePool)
AWSMachinePoolSpec defines the desired state of AWSMachinePool.
Field | Description |
---|---|
providerID string |
(Optional)
ProviderID is the ARN of the associated ASG |
minSize int32 |
MinSize defines the minimum size of the group. |
maxSize int32 |
MaxSize defines the maximum size of the group. |
availabilityZones []string |
AvailabilityZones is an array of availability zones instances can run in |
availabilityZoneSubnetType AZSubnetType |
(Optional)
AvailabilityZoneSubnetType specifies which type of subnets to use when an availability zone is specified. |
subnets []AWSResourceReference |
(Optional)
Subnets is an array of subnet configurations |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to an instance, in addition to the ones added by default by the AWS provider. |
awsLaunchTemplate AWSLaunchTemplate |
AWSLaunchTemplate specifies the launch template and version to use when an instance is launched. |
mixedInstancesPolicy MixedInstancesPolicy |
MixedInstancesPolicy describes how multiple instance types will be used by the ASG. |
providerIDList []string |
(Optional)
ProviderIDList are the identification IDs of machine instances provided by the provider. This field must match the provider IDs as seen on the node objects corresponding to a machine pool’s machine instances. |
defaultCoolDown Kubernetes meta/v1.Duration |
(Optional)
The amount of time, in seconds, after a scaling activity completes before another scaling activity can start. If no value is supplied by user a default value of 300 seconds is set |
defaultInstanceWarmup Kubernetes meta/v1.Duration |
(Optional)
The amount of time, in seconds, until a new instance is considered to have finished initializing and resource consumption to become stable after it enters the InService state. If no value is supplied by user a default value of 300 seconds is set |
refreshPreferences RefreshPreferences |
(Optional)
RefreshPreferences describes set of preferences associated with the instance refresh request. |
capacityRebalance bool |
(Optional)
Enable or disable the capacity rebalance autoscaling group feature |
suspendProcesses SuspendProcessesTypes |
SuspendProcesses defines a list of processes to suspend for the given ASG. This is constantly reconciled. If a process is removed from this list it will automatically be resumed. |
AWSMachinePoolStatus
(Appears on:AWSMachinePool)
AWSMachinePoolStatus defines the observed state of AWSMachinePool.
Field | Description |
---|---|
ready bool |
(Optional)
Ready is true when the provider resource is ready. |
replicas int32 |
(Optional)
Replicas is the most recently observed number of replicas |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current service state of the AWSMachinePool. |
instances []AWSMachinePoolInstanceStatus |
(Optional)
Instances contains the status for each instance in the pool |
launchTemplateID string |
The ID of the launch template |
launchTemplateVersion string |
(Optional)
The version of the launch template |
failureReason Cluster API errors.MachineStatusError |
(Optional)
FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller’s output. |
failureMessage string |
(Optional)
FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller’s output. |
asgStatus ASGStatus |
AWSManagedMachinePool
AWSManagedMachinePool is the Schema for the awsmanagedmachinepools API.
Field | Description | ||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||||||||||
spec AWSManagedMachinePoolSpec |
|
||||||||||||||||||||||||||||||||||||||
status AWSManagedMachinePoolStatus |
AWSManagedMachinePoolSpec
(Appears on:AWSManagedMachinePool)
AWSManagedMachinePoolSpec defines the desired state of AWSManagedMachinePool.
Field | Description |
---|---|
eksNodegroupName string |
(Optional)
EKSNodegroupName specifies the name of the nodegroup in AWS corresponding to this MachinePool. If you don’t specify a name then a default name will be created based on the namespace and name of the managed machine pool. |
availabilityZones []string |
AvailabilityZones is an array of availability zones instances can run in |
availabilityZoneSubnetType AZSubnetType |
(Optional)
AvailabilityZoneSubnetType specifies which type of subnets to use when an availability zone is specified. |
subnetIDs []string |
(Optional)
SubnetIDs specifies which subnets are used for the auto scaling group of this nodegroup |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the ones added by default. |
roleAdditionalPolicies []string |
(Optional)
RoleAdditionalPolicies allows you to attach additional polices to the node group role. You must enable the EKSAllowAddRoles feature flag to incorporate these into the created role. |
roleName string |
(Optional)
RoleName specifies the name of IAM role for the node group. If the role is pre-existing we will treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM feature flag is true and no name is supplied then a role is created. |
amiVersion string |
(Optional)
AMIVersion defines the desired AMI release version. If no version number is supplied then the latest version for the Kubernetes version will be used |
amiType ManagedMachineAMIType |
(Optional)
AMIType defines the AMI type |
labels map[string]string |
(Optional)
Labels specifies labels for the Kubernetes node objects |
taints Taints |
(Optional)
Taints specifies the taints to apply to the nodes of the machine pool |
diskSize int32 |
(Optional)
DiskSize specifies the root disk size |
instanceType string |
(Optional)
InstanceType specifies the AWS instance type |
scaling ManagedMachinePoolScaling |
(Optional)
Scaling specifies scaling for the ASG behind this pool |
remoteAccess ManagedRemoteAccess |
(Optional)
RemoteAccess specifies how machines can be accessed remotely |
providerIDList []string |
(Optional)
ProviderIDList are the provider IDs of instances in the autoscaling group corresponding to the nodegroup represented by this machine pool |
capacityType ManagedMachinePoolCapacityType |
(Optional)
CapacityType specifies the capacity type for the ASG behind this pool |
updateConfig UpdateConfig |
(Optional)
UpdateConfig holds the optional config to control the behaviour of the update to the nodegroup. |
awsLaunchTemplate AWSLaunchTemplate |
(Optional)
AWSLaunchTemplate specifies the launch template to use to create the managed node group. If AWSLaunchTemplate is specified, certain node group configuraions outside of launch template are prohibited (https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). |
AWSManagedMachinePoolStatus
(Appears on:AWSManagedMachinePool)
AWSManagedMachinePoolStatus defines the observed state of AWSManagedMachinePool.
Field | Description |
---|---|
ready bool |
Ready denotes that the AWSManagedMachinePool nodegroup has joined the cluster |
replicas int32 |
(Optional)
Replicas is the most recently observed number of replicas. |
launchTemplateID string |
(Optional)
The ID of the launch template |
launchTemplateVersion string |
(Optional)
The version of the launch template |
failureReason Cluster API errors.MachineStatusError |
(Optional)
FailureReason will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller’s output. |
failureMessage string |
(Optional)
FailureMessage will be set in the event that there is a terminal problem reconciling the MachinePool and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the MachinePool’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of MachinePools can be added as events to the MachinePool object and/or logged in the controller’s output. |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current service state of the managed machine pool |
AZSubnetType
(string
alias)
(Appears on:AWSMachinePoolSpec, AWSManagedMachinePoolSpec)
AZSubnetType is the type of subnet to use when an availability zone is specified.
Value | Description |
---|---|
"all" |
AZSubnetTypeAll is all subnets in an availability zone. |
"private" |
AZSubnetTypePrivate is a private subnet. |
"public" |
AZSubnetTypePublic is a public subnet. |
AutoScalingGroup
AutoScalingGroup describes an AWS autoscaling group.
Field | Description |
---|---|
id string |
The tags associated with the instance. |
tags Tags |
|
name string |
|
desiredCapacity int32 |
|
maxSize int32 |
|
minSize int32 |
|
placementGroup string |
|
subnets []string |
|
defaultCoolDown Kubernetes meta/v1.Duration |
|
defaultInstanceWarmup Kubernetes meta/v1.Duration |
|
capacityRebalance bool |
|
mixedInstancesPolicy MixedInstancesPolicy |
|
Status ASGStatus |
|
instances []Instance |
|
currentlySuspendProcesses []string |
BlockDeviceMapping
BlockDeviceMapping specifies the block devices for the instance. You can specify virtual devices and EBS volumes.
Field | Description |
---|---|
deviceName string |
The device name exposed to the EC2 instance (for example, /dev/sdh or xvdh). |
ebs EBS |
(Optional)
You can specify either VirtualName or Ebs, but not both. |
EBS
(Appears on:BlockDeviceMapping)
EBS can be used to automatically set up EBS volumes when an instance is launched.
Field | Description |
---|---|
encrypted bool |
(Optional)
Encrypted is whether the volume should be encrypted or not. |
volumeSize int64 |
(Optional)
The size of the volume, in GiB. This can be a number from 1-1,024 for standard, 4-16,384 for io1, 1-16,384 for gp2, and 500-16,384 for st1 and sc1. If you specify a snapshot, the volume size must be equal to or larger than the snapshot size. |
volumeType string |
(Optional)
The volume type For more information, see Amazon EBS Volume Types (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) |
FargateProfileSpec
(Appears on:AWSFargateProfile)
FargateProfileSpec defines the desired state of FargateProfile.
Field | Description |
---|---|
clusterName string |
ClusterName is the name of the Cluster this object belongs to. |
profileName string |
ProfileName specifies the profile name. |
subnetIDs []string |
(Optional)
SubnetIDs specifies which subnets are used for the auto scaling group of this nodegroup. |
additionalTags Tags |
(Optional)
AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the ones added by default. |
roleName string |
(Optional)
RoleName specifies the name of IAM role for this fargate pool If the role is pre-existing we will treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM feature flag is true and no name is supplied then a role is created. |
selectors []FargateSelector |
Selectors specify fargate pod selectors. |
FargateProfileStatus
(Appears on:AWSFargateProfile)
FargateProfileStatus defines the observed state of FargateProfile.
Field | Description |
---|---|
ready bool |
Ready denotes that the FargateProfile is available. |
failureReason Cluster API errors.MachineStatusError |
(Optional)
FailureReason will be set in the event that there is a terminal problem reconciling the FargateProfile and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the FargateProfile’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of FargateProfiles can be added as events to the FargateProfile object and/or logged in the controller’s output. |
failureMessage string |
(Optional)
FailureMessage will be set in the event that there is a terminal problem reconciling the FargateProfile and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the FargateProfile’s spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of FargateProfiles can be added as events to the FargateProfile object and/or logged in the controller’s output. |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current state of the Fargate profile. |
FargateSelector
(Appears on:FargateProfileSpec)
FargateSelector specifies a selector for pods that should run on this fargate pool.
Field | Description |
---|---|
labels map[string]string |
Labels specifies which pod labels this selector should match. |
namespace string |
Namespace specifies which namespace this selector should match. |
InstancesDistribution
(Appears on:MixedInstancesPolicy)
InstancesDistribution to configure distribution of On-Demand Instances and Spot Instances.
Field | Description |
---|---|
onDemandAllocationStrategy OnDemandAllocationStrategy |
|
spotAllocationStrategy SpotAllocationStrategy |
|
onDemandBaseCapacity int64 |
|
onDemandPercentageAboveBaseCapacity int64 |
ManagedMachineAMIType
(string
alias)
(Appears on:AWSManagedMachinePoolSpec)
ManagedMachineAMIType specifies which AWS AMI to use for a managed MachinePool.
Value | Description |
---|---|
"AL2023_ARM_64_STANDARD" |
Al2023Arm64 is the AL2023 Arm AMI type. |
"AL2023_x86_64_STANDARD" |
Al2023x86_64 is the AL2023 x86-64 AMI type. |
"AL2_ARM_64" |
Al2Arm64 is the Arm AMI type. |
"AL2_x86_64" |
Al2x86_64 is the default AMI type. |
"AL2_x86_64_GPU" |
Al2x86_64GPU is the x86-64 GPU AMI type. |
ManagedMachinePoolCapacityType
(string
alias)
(Appears on:AWSManagedMachinePoolSpec)
ManagedMachinePoolCapacityType specifies the capacity type to be used for the managed MachinePool.
Value | Description |
---|---|
"onDemand" |
ManagedMachinePoolCapacityTypeOnDemand is the default capacity type, to launch on-demand instances. |
"spot" |
ManagedMachinePoolCapacityTypeSpot is the spot instance capacity type to launch spot instances. |
ManagedMachinePoolScaling
(Appears on:AWSManagedMachinePoolSpec)
ManagedMachinePoolScaling specifies scaling options.
Field | Description |
---|---|
minSize int32 |
|
maxSize int32 |
ManagedRemoteAccess
(Appears on:AWSManagedMachinePoolSpec)
ManagedRemoteAccess specifies remote access settings for EC2 instances.
Field | Description |
---|---|
sshKeyName string |
SSHKeyName specifies which EC2 SSH key can be used to access machines. If left empty, the key from the control plane is used. |
sourceSecurityGroups []string |
SourceSecurityGroups specifies which security groups are allowed access |
public bool |
Public specifies whether to open port 22 to the public internet |
MixedInstancesPolicy
(Appears on:AWSMachinePoolSpec, AutoScalingGroup)
MixedInstancesPolicy for an Auto Scaling group.
Field | Description |
---|---|
instancesDistribution InstancesDistribution |
|
overrides []Overrides |
OnDemandAllocationStrategy
(string
alias)
(Appears on:InstancesDistribution)
OnDemandAllocationStrategy indicates how to allocate instance types to fulfill On-Demand capacity.
Overrides
(Appears on:MixedInstancesPolicy)
Overrides are used to override the instance type specified by the launch template with multiple instance types that can be used to launch On-Demand Instances and Spot Instances.
Field | Description |
---|---|
instanceType string |
Processes
(Appears on:SuspendProcessesTypes)
Processes defines the processes which can be enabled or disabled individually.
Field | Description |
---|---|
launch bool |
|
terminate bool |
|
addToLoadBalancer bool |
|
alarmNotification bool |
|
azRebalance bool |
|
healthCheck bool |
|
instanceRefresh bool |
|
replaceUnhealthy bool |
|
scheduledActions bool |
ROSACluster
ROSACluster is the Schema for the ROSAClusters API.
Field | Description | ||
---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||
spec ROSAClusterSpec |
|
||
status ROSAClusterStatus |
ROSAClusterSpec
(Appears on:ROSACluster)
ROSAClusterSpec defines the desired state of ROSACluster.
Field | Description |
---|---|
controlPlaneEndpoint Cluster API api/v1beta1.APIEndpoint |
(Optional)
ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. |
ROSAClusterStatus
(Appears on:ROSACluster)
ROSAClusterStatus defines the observed state of ROSACluster.
Field | Description |
---|---|
ready bool |
(Optional)
Ready is when the ROSAControlPlane has a API server URL. |
failureDomains Cluster API api/v1beta1.FailureDomains |
(Optional)
FailureDomains specifies a list fo available availability zones that can be used |
ROSAMachinePool
ROSAMachinePool is the Schema for the rosamachinepools API.
Field | Description | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
metadata Kubernetes meta/v1.ObjectMeta |
Refer to the Kubernetes API documentation for the fields of the
metadata field.
|
||||||||||||||||||||||||||||||
spec RosaMachinePoolSpec |
|
||||||||||||||||||||||||||||||
status RosaMachinePoolStatus |
RefreshPreferences
(Appears on:AWSMachinePoolSpec)
RefreshPreferences defines the specs for instance refreshing.
Field | Description |
---|---|
disable bool |
(Optional)
Disable, if true, disables instance refresh from triggering when new launch templates are detected. This is useful in scenarios where ASG nodes are externally managed. |
strategy string |
(Optional)
The strategy to use for the instance refresh. The only valid value is Rolling. A rolling update is an update that is applied to all instances in an Auto Scaling group until all instances have been updated. |
instanceWarmup int64 |
(Optional)
The number of seconds until a newly launched instance is configured and ready to use. During this time, the next replacement will not be initiated. The default is to use the value for the health check grace period defined for the group. |
minHealthyPercentage int64 |
(Optional)
The amount of capacity as a percentage in ASG that must remain healthy during an instance refresh. The default is 90. |
maxHealthyPercentage int64 |
(Optional)
The amount of capacity as a percentage in ASG that can be in service and healthy, or pending, to support your workload when replacing instances. The value is expressed as a percentage of the desired capacity of the ASG. Value range is 100 to 200. If you specify MaxHealthyPercentage , you must also specify MinHealthyPercentage , and the difference between them cannot be greater than 100. A larger range increases the number of instances that can be replaced at the same time. |
RollingUpdate
(Appears on:RosaUpdateConfig)
RollingUpdate specifies MaxUnavailable & MaxSurge number of nodes during update.
Field | Description |
---|---|
maxUnavailable k8s.io/apimachinery/pkg/util/intstr.IntOrString |
(Optional)
MaxUnavailable is the maximum number of nodes that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired nodes (ex: 10%). Absolute number is calculated from percentage by rounding down. MaxUnavailable can not be 0 if MaxSurge is 0, default is 0. Both MaxUnavailable & MaxSurge must use the same units (absolute value or percentage). Example: when MaxUnavailable is set to 30%, old nodes can be deleted down to 70% of desired nodes immediately when the rolling update starts. Once new nodes are ready, more old nodes be deleted, followed by provisioning new nodes, ensuring that the total number of nodes available at all times during the update is at least 70% of desired nodes. |
maxSurge k8s.io/apimachinery/pkg/util/intstr.IntOrString |
(Optional)
MaxSurge is the maximum number of nodes that can be provisioned above the desired number of nodes. Value can be an absolute number (ex: 5) or a percentage of desired nodes (ex: 10%). Absolute number is calculated from percentage by rounding up. MaxSurge can not be 0 if MaxUnavailable is 0, default is 1. Both MaxSurge & MaxUnavailable must use the same units (absolute value or percentage). Example: when MaxSurge is set to 30%, new nodes can be provisioned immediately when the rolling update starts, such that the total number of old and new nodes do not exceed 130% of desired nodes. Once old nodes have been deleted, new nodes can be provisioned, ensuring that total number of nodes running at any time during the update is at most 130% of desired nodes. |
RosaMachinePoolAutoScaling
(Appears on:DefaultMachinePoolSpec, RosaMachinePoolSpec)
RosaMachinePoolAutoScaling specifies scaling options.
Field | Description |
---|---|
minReplicas int |
|
maxReplicas int |
RosaMachinePoolSpec
(Appears on:ROSAMachinePool)
RosaMachinePoolSpec defines the desired state of RosaMachinePool.
Field | Description |
---|---|
nodePoolName string |
NodePoolName specifies the name of the nodepool in Rosa must be a valid DNS-1035 label, so it must consist of lower case alphanumeric and have a max length of 15 characters. |
version string |
(Optional)
Version specifies the OpenShift version of the nodes associated with this machinepool. ROSAControlPlane version is used if not set. |
availabilityZone string |
(Optional)
AvailabilityZone is an optinal field specifying the availability zone where instances of this machine pool should run For Multi-AZ clusters, you can create a machine pool in a Single-AZ of your choice. |
subnet string |
(Optional) |
labels map[string]string |
(Optional)
Labels specifies labels for the Kubernetes node objects |
taints []RosaTaint |
(Optional)
Taints specifies the taints to apply to the nodes of the machine pool |
additionalTags Tags |
(Optional)
AdditionalTags are user-defined tags to be added on the underlying EC2 instances associated with this machine pool. |
autoRepair bool |
(Optional)
AutoRepair specifies whether health checks should be enabled for machines in the NodePool. The default is true. |
instanceType string |
InstanceType specifies the AWS instance type |
autoscaling RosaMachinePoolAutoScaling |
(Optional)
Autoscaling specifies auto scaling behaviour for this MachinePool. required if Replicas is not configured |
tuningConfigs []string |
(Optional)
TuningConfigs specifies the names of the tuning configs to be applied to this MachinePool. Tuning configs must already exist. |
additionalSecurityGroups []string |
(Optional)
AdditionalSecurityGroups is an optional set of security groups to associate with all node instances of the machine pool. |
providerIDList []string |
(Optional)
ProviderIDList contain a ProviderID for each machine instance that’s currently managed by this machine pool. |
nodeDrainGracePeriod Kubernetes meta/v1.Duration |
(Optional)
NodeDrainGracePeriod is grace period for how long Pod Disruption Budget-protected workloads will be respected during upgrades. After this grace period, any workloads protected by Pod Disruption Budgets that have not been successfully drained from a node will be forcibly evicted. Valid values are from 0 to 1 week(10080m|168h) . 0 or empty value means that the MachinePool can be drained without any time limitation. |
updateConfig RosaUpdateConfig |
(Optional)
UpdateConfig specifies update configurations. |
RosaMachinePoolStatus
(Appears on:ROSAMachinePool)
RosaMachinePoolStatus defines the observed state of RosaMachinePool.
Field | Description |
---|---|
ready bool |
Ready denotes that the RosaMachinePool nodepool has joined the cluster |
replicas int32 |
(Optional)
Replicas is the most recently observed number of replicas. |
conditions Cluster API api/v1beta1.Conditions |
(Optional)
Conditions defines current service state of the managed machine pool |
failureMessage string |
(Optional)
FailureMessage will be set in the event that there is a terminal problem reconciling the state and will be set to a descriptive error message. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the spec or the configuration of the controller, and that manual intervention is required. |
id string |
ID is the ID given by ROSA. |
RosaTaint
(Appears on:RosaMachinePoolSpec)
RosaTaint represents a taint to be applied to a node.
Field | Description |
---|---|
key string |
The taint key to be applied to a node. |
value string |
(Optional)
The taint value corresponding to the taint key. |
effect Kubernetes core/v1.TaintEffect |
The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. |
RosaUpdateConfig
(Appears on:RosaMachinePoolSpec)
RosaUpdateConfig specifies update configuration
Field | Description |
---|---|
rollingUpdate RollingUpdate |
(Optional)
RollingUpdate specifies MaxUnavailable & MaxSurge number of nodes during update. |
SpotAllocationStrategy
(string
alias)
(Appears on:InstancesDistribution)
SpotAllocationStrategy indicates how to allocate instances across Spot Instance pools.
SuspendProcessesTypes
(Appears on:AWSMachinePoolSpec)
SuspendProcessesTypes contains user friendly auto-completable values for suspended process names.
Field | Description |
---|---|
all bool |
|
processes Processes |
Tags
(map[string]string
alias)
Tags is a mapping for tags.
Taint
Taint defines the specs for a Kubernetes taint.
Field | Description |
---|---|
effect TaintEffect |
Effect specifies the effect for the taint |
key string |
Key is the key of the taint |
value string |
Value is the value of the taint |
TaintEffect
(string
alias)
(Appears on:Taint)
TaintEffect is the effect for a Kubernetes taint.
Taints
([]sigs.k8s.io/cluster-api-provider-aws/v2/exp/api/v1beta2.Taint
alias)
(Appears on:AWSManagedMachinePoolSpec)
Taints is an array of Taints.
UpdateConfig
(Appears on:AWSManagedMachinePoolSpec)
UpdateConfig is the configuration options for updating a nodegroup. Only one of MaxUnavailable and MaxUnavailablePercentage should be specified.
Field | Description |
---|---|
maxUnavailable int |
(Optional)
MaxUnavailable is the maximum number of nodes unavailable at once during a version update. Nodes will be updated in parallel. The maximum number is 100. |
maxUnavailablePercentage int |
(Optional)
MaxUnavailablePercentage is the maximum percentage of nodes unavailable during a version update. This percentage of nodes will be updated in parallel, up to 100 nodes at once. |