Documentation
¶
Overview ¶
Package aws contains AWS-specific structures for installer configuration and management. +k8s:deepcopy-gen=package
Index ¶
Constants ¶
View Source
const ( // AvailabilityZoneType is the type of regular zone placed on the region. AvailabilityZoneType = "availability-zone" // LocalZoneType is the type of AWS Local Zones placed on the metropolitan area. LocalZoneType = "local-zone" // WavelengthZoneType is the type of AWS Wavelength Zones placed on the telecommunications // providers’ data centers at the edge of the 5G network. WavelengthZoneType = "wavelength-zone" // ZoneOptInStatusOptedIn is the opt-in status of the zone. // For Availability Zones, this parameter always has the value of opt-in-not-required. // For Local Zones and Wavelength Zones, this parameter is the opt-in status. ZoneOptInStatusOptedIn = "opted-in" )
View Source
const ( // VolumeTypeGp2 is the type of EBS volume for General Purpose SSD gp2. VolumeTypeGp2 = "gp2" // VolumeTypeGp3 is the type of EBS volume for General Purpose SSD gp3. VolumeTypeGp3 = "gp3" )
View Source
const Name string = "aws"
Name is name for the AWS platform.
Variables ¶
View Source
var ( // RegionLookupMap is a static map containing the known AWS regions and the // descriptive location information including the Continent and City/Area. RegionLookupMap = map[string]string{ "af-south-1": "Africa (Cape Town)", "ap-east-1": "Asia Pacific (Hong Kong)", "ap-south-2": "Asia Pacific (Hyderabad)", "ap-southeast-3": "Asia Pacific (Jakarta)", "ap-southeast-5": "Asia Pacific (Malaysia)", "ap-southeast-4": "Asia Pacific (Melbourne)", "ap-south-1": "Asia Pacific (Mumbai)", "ap-northeast-3": "Asia Pacific (Osaka)", "ap-northeast-2": "Asia Pacific (Seoul)", "ap-southeast-1": "Asia Pacific (Singapore)", "ap-southeast-2": "Asia Pacific (Sydney)", "ap-southeast-6": "Asia Pacific (New Zealand)", "ap-east-2": "Asia Pacific (Taipei)", "ap-southeast-7": "Asia Pacific (Thailand)", "ap-northeast-1": "Asia Pacific (Tokyo)", "us-gov-east-1": "AWS GovCloud (US-East)", "us-gov-west-1": "AWS GovCloud (US-West)", "ca-central-1": "Canada (Central)", "ca-west-1": "Canada West (Calgary)", "eu-central-1": "Europe (Frankfurt)", "eu-west-1": "Europe (Ireland)", "eu-west-2": "Europe (London)", "eu-south-1": "Europe (Milan)", "eu-west-3": "Europe (Paris)", "eu-south-2": "Europe (Spain)", "eu-north-1": "Europe (Stockholm)", "eu-central-2": "Europe (Zurich)", "il-central-1": "Israel (Tel Aviv)", "mx-central-1": "Mexico (Central)", "me-south-1": "Middle East (Bahrain)", "me-central-1": "Middle East (UAE)", "sa-east-1": "South America (São Paulo)", "us-east-1": "US East (N. Virginia)", "us-east-2": "US East (Ohio)", "us-west-1": "US West (N. California)", "us-west-2": "US West (Oregon)", } )
Functions ¶
func IsPublicOnlySubnetsEnabled ¶ added in v0.90.0
func IsPublicOnlySubnetsEnabled() bool
IsPublicOnlySubnetsEnabled returns whether the public-only subnets feature has been enabled via env var.
Types ¶
type AWSSubnetID ¶
type AWSSubnetID string // nolint:revive
AWSSubnetID is a reference to an AWS subnet ID. +kubebuilder:validation:MinLength=24 +kubebuilder:validation:MaxLength=24 +kubebuilder:validation:Pattern=`^subnet-[0-9A-Za-z]+$`
type CPUOptions ¶
type CPUOptions struct {
// ConfidentialCompute specifies whether confidential computing should be enabled for the instance,
// and, if so, which confidential computing technology to use.
// Valid values are: Disabled, AMDEncryptedVirtualizationNestedPaging and omitted.
// When set to Disabled, confidential computing will be disabled for the instance.
// When set to AMDEncryptedVirtualizationNestedPaging, AMD SEV-SNP will be used as the confidential computing technology for the instance.
// In this case, ensure the following conditions are met:
// 1) The selected instance type supports AMD SEV-SNP.
// 2) The selected AWS region supports AMD SEV-SNP.
// 3) The selected AMI supports AMD SEV-SNP.
// More details can be checked at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sev-snp.html
// When omitted, this means no opinion and the AWS platform is left to choose a reasonable default,
// which is subject to change without notice. The current default is Disabled.
// +optional
ConfidentialCompute *ConfidentialComputePolicy `json:"confidentialCompute,omitempty"`
}
CPUOptions defines CPU-related settings for the instance, including the confidential computing policy. If provided, it must not be empty — at least one field must be set. +kubebuilder:validation:MinProperties=1
func (*CPUOptions) DeepCopy ¶
func (in *CPUOptions) DeepCopy() *CPUOptions
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CPUOptions.
func (*CPUOptions) DeepCopyInto ¶
func (in *CPUOptions) DeepCopyInto(out *CPUOptions)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ConfidentialComputePolicy ¶
type ConfidentialComputePolicy string
ConfidentialComputePolicy represents the confidential compute configuration for the instance. +kubebuilder:validation:Enum=Disabled;AMDEncryptedVirtualizationNestedPaging
const ( // ConfidentialComputePolicyDisabled disables confidential computing for the instance. ConfidentialComputePolicyDisabled ConfidentialComputePolicy = "Disabled" // ConfidentialComputePolicySEVSNP enables AMD SEV-SNP as the confidential computing technology for the instance. ConfidentialComputePolicySEVSNP ConfidentialComputePolicy = "AMDEncryptedVirtualizationNestedPaging" )
type EC2Metadata ¶ added in v0.4.15
type EC2Metadata struct {
// Authentication determines whether or not the host requires the use of authentication when interacting with the metadata service.
// When using authentication, this enforces v2 interaction method (IMDSv2) with the metadata service.
// When omitted, this means the user has no opinion and the value is left to the platform to choose a good
// default, which is subject to change over time. The current default is optional.
// At this point this field represents `HttpTokens` parameter from `InstanceMetadataOptionsRequest` structure in AWS EC2 API
// https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_InstanceMetadataOptionsRequest.html
// +kubebuilder:validation:Enum=Required;Optional
// +optional
Authentication string `json:"authentication,omitempty"`
}
EC2Metadata defines the metadata service interaction options for an ec2 instance. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
func (*EC2Metadata) DeepCopy ¶
func (in *EC2Metadata) DeepCopy() *EC2Metadata
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EC2Metadata.
func (*EC2Metadata) DeepCopyInto ¶
func (in *EC2Metadata) DeepCopyInto(out *EC2Metadata)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EC2RootVolume ¶
type EC2RootVolume struct {
// IOPS defines the amount of provisioned IOPS. (KiB/s). IOPS may only be set for
// io1, io2, & gp3 volume types.
//
// +kubebuilder:validation:Minimum=0
// +optional
IOPS int `json:"iops"`
// Throughput to provision in MiB/s supported for the volume type. This
// is currently only applicable to volumes of type gp3.
//
// +kubebuilder:validation:Minimum=0
// +optional
Throughput int64 `json:"throughput"`
// Size defines the size of the volume in gibibytes (GiB).
//
// +kubebuilder:validation:Minimum=0
Size int `json:"size"`
// Type defines the type of the volume.
Type string `json:"type"`
// The KMS key that will be used to encrypt the EBS volume.
// If no key is provided the default KMS key for the account will be used.
// https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetEbsDefaultKmsKeyId.html
// +optional
KMSKeyARN string `json:"kmsKeyARN,omitempty"`
}
EC2RootVolume defines the storage for an ec2 instance.
func (*EC2RootVolume) DeepCopy ¶
func (in *EC2RootVolume) DeepCopy() *EC2RootVolume
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EC2RootVolume.
func (*EC2RootVolume) DeepCopyInto ¶
func (in *EC2RootVolume) DeepCopyInto(out *EC2RootVolume)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type MachinePool ¶
type MachinePool struct {
// Zones is list of availability zones that can be used.
//
// +optional
Zones []string `json:"zones,omitempty"`
// InstanceType defines the ec2 instance type.
// eg. m4-large
//
// +optional
InstanceType string `json:"type"`
// AMIID is the AMI that should be used to boot the ec2 instance.
// If set, the AMI should belong to the same region as the cluster.
//
// +optional
AMIID string `json:"amiID,omitempty"`
// EC2RootVolume defines the root volume for EC2 instances in the machine pool.
//
// +optional
EC2RootVolume `json:"rootVolume"`
// EC2MetadataOptions defines metadata service interaction options for EC2 instances in the machine pool.
//
// +optional
EC2Metadata EC2Metadata `json:"metadataService"`
// IAMRole is the name of the IAM Role to use for the instance profile of the machine.
// Leave unset to have the installer create the IAM Role on your behalf.
// Cannot be specified together with iamProfile.
// +optional
IAMRole string `json:"iamRole,omitempty"`
// IAMProfile is the name of the IAM instance profile to use for the machine.
// Leave unset to have the installer create the IAM Profile on your behalf.
// Cannot be specified together with iamRole.
// +optional
IAMProfile string `json:"iamProfile,omitempty"`
// AdditionalSecurityGroupIDs contains IDs of additional security groups for machines, where each ID
// is presented in the format sg-xxxx.
//
// +kubebuilder:validation:MaxItems=10
// +optional
AdditionalSecurityGroupIDs []string `json:"additionalSecurityGroupIDs,omitempty"`
// CPUOptions defines CPU-related settings for the instance, including the confidential computing policy.
// When omitted, this means no opinion and the AWS platform is left to choose a reasonable default.
// More info:
// https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CpuOptionsRequest.html,
// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/cpu-options-supported-instances-values.html
// +optional
CPUOptions *CPUOptions `json:"cpuOptions,omitempty,omitzero"`
}
MachinePool stores the configuration for a machine pool installed on AWS.
func (*MachinePool) DeepCopy ¶
func (in *MachinePool) DeepCopy() *MachinePool
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachinePool.
func (*MachinePool) DeepCopyInto ¶
func (in *MachinePool) DeepCopyInto(out *MachinePool)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*MachinePool) Set ¶
func (a *MachinePool) Set(required *MachinePool)
Set sets the values from `required` to `a`.
type Metadata ¶
type Metadata struct {
Region string `json:"region"`
// ServiceEndpoints list contains custom endpoints which will override default
// service endpoint of AWS Services.
// There must be only one ServiceEndpoint for a service.
// +optional
ServiceEndpoints []ServiceEndpoint `json:"serviceEndpoints,omitempty"`
// Identifier holds a slice of filter maps. The maps hold the
// key/value pairs for the tags we will be matching against. A
// resource matches the map if all of the key/value pairs are in its
// tags. A resource matches Identifier if it matches any of the maps.
Identifier []map[string]string `json:"identifier"`
// ClusterDomain is the domain for the cluster.
ClusterDomain string `json:"clusterDomain"`
// HostedZoneRole is the role to assume when performing operations
// on a hosted zone owned by another account.
HostedZoneRole string `json:"hostedZoneRole,omitempty"`
}
Metadata contains AWS metadata (e.g. for uninstalling the cluster).
func (*Metadata) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Metadata.
func (*Metadata) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Platform ¶
type Platform struct {
// The field is deprecated. AMIID is the AMI that should be used to boot
// machines for the cluster. If set, the AMI should belong to the same
// region as the cluster.
//
// +optional
AMIID string `json:"amiID,omitempty"`
// Region specifies the AWS region where the cluster will be created.
Region string `json:"region"`
// Subnets specifies existing subnets (by ID) where cluster
// resources will be created. Leave unset to have the installer
// create subnets in a new VPC on your behalf.
//
// Deprecated: use platform.aws.vpc.subnets
//
// +optional
DeprecatedSubnets []string `json:"subnets,omitempty"`
// VPC specifies the VPC configuration for the cluster.
//
// +optional
VPC VPC `json:"vpc,omitempty"`
// HostedZone is the ID of an existing hosted zone into which to add DNS
// records for the cluster's internal API. An existing hosted zone can
// only be used when also using existing subnets. The hosted zone must be
// associated with the VPC containing the subnets.
// Leave the hosted zone unset to have the installer create the hosted zone
// on your behalf.
// +optional
HostedZone string `json:"hostedZone,omitempty"`
// HostedZoneRole is the ARN of an IAM role to be assumed when performing
// operations on the provided HostedZone. HostedZoneRole can be used
// in a shared VPC scenario when the private hosted zone belongs to a
// different account than the rest of the cluster resources.
// If HostedZoneRole is set, HostedZone must also be set.
//
// +optional
HostedZoneRole string `json:"hostedZoneRole,omitempty"`
// UserTags additional keys and values that the installer will add
// as tags to all resources that it creates. Resources created by the
// cluster itself may not include these tags.
// +optional
UserTags map[string]string `json:"userTags,omitempty"`
// ServiceEndpoints list contains custom endpoints which will override default
// service endpoint of AWS Services.
// There must be only one ServiceEndpoint for a service.
// +optional
ServiceEndpoints []ServiceEndpoint `json:"serviceEndpoints,omitempty"`
// DefaultMachinePlatform is the default configuration used when
// installing on AWS for machine pools which do not define their own
// platform configuration.
// +optional
DefaultMachinePlatform *MachinePool `json:"defaultMachinePlatform,omitempty"`
// PropagateUserTags is a flag that directs in-cluster operators
// to include the specified user tags in the tags of the
// AWS resources that the operators create.
// +optional
PropagateUserTag bool `json:"propagateUserTags,omitempty"`
// LBType is an optional field to specify a load balancer type.
// When this field is specified, all ingresscontrollers (including the
// default ingresscontroller) will be created using the specified load-balancer
// type by default.
//
// Following are the accepted values:
//
// * "Classic": A Classic Load Balancer that makes routing decisions at
// either the transport layer (TCP/SSL) or the application layer
// (HTTP/HTTPS). See the following for additional details:
// https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb
//
// * "NLB": A Network Load Balancer that makes routing decisions at the
// transport layer (TCP/SSL). See the following for additional details:
// https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb
//
// If this field is not set explicitly, it defaults to "Classic". This
// default is subject to change over time.
//
// +optional
LBType configv1.AWSLBType `json:"lbType,omitempty"`
// PreserveBootstrapIgnition is deprecated. Use bestEffortDeleteIgnition instead.
// +optional
PreserveBootstrapIgnition bool `json:"preserveBootstrapIgnition,omitempty"`
// BestEffortDeleteIgnition is an optional field that can be used to ignore errors from S3 deletion of ignition
// objects during cluster bootstrap. The default behavior is to fail the installation if ignition objects cannot be
// deleted. Enable this functionality when there are known reasons disallowing their deletion.
// +optional
BestEffortDeleteIgnition bool `json:"bestEffortDeleteIgnition,omitempty"`
// PublicIpv4Pool is an optional field that can be used to tell the installation process to use
// Public IPv4 address that you bring to your AWS account with BYOIP.
// +optional
PublicIpv4Pool string `json:"publicIpv4Pool,omitempty"`
// UserProvisionedDNS indicates if the customer is providing their own DNS solution in place of the default
// provisioned by the Installer.
// +kubebuilder:default:="Disabled"
// +default="Disabled"
// +kubebuilder:validation:Enum="Enabled";"Disabled"
UserProvisionedDNS dns.UserProvisionedDNS `json:"userProvisionedDNS,omitempty"`
}
Platform stores all the global configuration that all machinesets use.
func (*Platform) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Platform.
func (*Platform) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ServiceEndpoint ¶ added in v0.4.15
type ServiceEndpoint struct {
// Name is the name of the AWS service.
// This must be provided and cannot be empty.
Name string `json:"name"`
// URL is fully qualified URI with scheme https, that overrides the default generated
// endpoint for a client.
// This must be provided and cannot be empty.
//
// +kubebuilder:validation:Pattern=`^https://`
URL string `json:"url"`
}
ServiceEndpoint store the configuration for services to override existing defaults of AWS Services.
func (*ServiceEndpoint) DeepCopy ¶
func (in *ServiceEndpoint) DeepCopy() *ServiceEndpoint
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEndpoint.
func (*ServiceEndpoint) DeepCopyInto ¶
func (in *ServiceEndpoint) DeepCopyInto(out *ServiceEndpoint)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Subnet ¶
type Subnet struct {
// ID specifies the subnet ID of an existing subnet.
// The subnet ID must start with "subnet-", consist only of alphanumeric characters,
// and must be exactly 24 characters long.
//
// +required
ID AWSSubnetID `json:"id"`
// Roles specifies the roles (aka functions) that the subnet will provide in the cluster.
// If no roles are specified on any subnet, then the subnet roles are decided automatically.
// Each role must be unique.
//
// +kubebuilder:validation:MaxItems=5
// +optional
Roles []SubnetRole `json:"roles,omitempty"`
}
Subnet specifies a subnet in an existing VPC and can optionally specify their intended roles.
func (*Subnet) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subnet.
func (*Subnet) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SubnetRole ¶
type SubnetRole struct {
// Type specifies the type of role (aka function) that the subnet will provide in the cluster.
// Role types include ClusterNode, EdgeNode, BootstrapNode, IngressControllerLB, ControlPlaneExternalLB, and ControlPlaneInternalLB.
//
// +required
Type SubnetRoleType `json:"type"`
}
SubnetRole specifies the role (aka function) that the subnet will provide in the cluster.
func (*SubnetRole) DeepCopy ¶
func (in *SubnetRole) DeepCopy() *SubnetRole
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SubnetRole.
func (*SubnetRole) DeepCopyInto ¶
func (in *SubnetRole) DeepCopyInto(out *SubnetRole)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type SubnetRoleType ¶
type SubnetRoleType string
SubnetRoleType defines the type of role (aka function) that the subnet will provide in the cluster. +kubebuilder:validation:Enum:="ClusterNode";"EdgeNode";"BootstrapNode";"IngressControllerLB";"ControlPlaneExternalLB";"ControlPlaneInternalLB"
const ( // ClusterNodeSubnetRole specifies subnets that will be used as subnets for the // control plane and compute nodes. ClusterNodeSubnetRole SubnetRoleType = "ClusterNode" // EdgeNodeSubnetRole specifies subnets that will be used as edge subnets residing // in Local or Wavelength Zones for edge compute nodes. EdgeNodeSubnetRole SubnetRoleType = "EdgeNode" // BootstrapNodeSubnetRole specifies subnets that will be used as subnets for the // bootstrap node used to create the cluster. BootstrapNodeSubnetRole SubnetRoleType = "BootstrapNode" // IngressControllerLBSubnetRole specifies subnets used by the default IngressController. IngressControllerLBSubnetRole SubnetRoleType = "IngressControllerLB" // ControlPlaneExternalLBSubnetRole specifies subnets used by the external control plane // load balancer that serves the Kubernetes API server. ControlPlaneExternalLBSubnetRole SubnetRoleType = "ControlPlaneExternalLB" // ControlPlaneInternalLBSubnetRole specifies subnets used by the internal control plane // load balancer that serves the Kubernetes API server. ControlPlaneInternalLBSubnetRole SubnetRoleType = "ControlPlaneInternalLB" )
type VPC ¶
type VPC struct {
// Subnets defines the subnets in an existing VPC and can optionally specify their intended roles.
// If no roles are specified on any subnet, then the subnet roles are decided automatically.
// In this case, the VPC must not contain any other non-cluster subnets without the kubernetes.io/cluster/<cluster-id> tag.
//
// For manually specified subnet role selection, each subnet must have at least one assigned role,
// and the ClusterNode, BootstrapNode, IngressControllerLB, ControlPlaneExternalLB, and ControlPlaneInternalLB roles must be assigned to at least one subnet.
// However, if the cluster scope is internal, then ControlPlaneExternalLB is not required.
//
// Subnets must contain unique IDs, and can include no more than 10 subnets with the IngressController role.
//
// Leave this field unset to have the installer create subnets in a new VPC on your behalf.
//
// +listType=atomic
// +optional
Subnets []Subnet `json:"subnets,omitempty"`
}
VPC configures the VPC for the cluster.
func (*VPC) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VPC.
func (*VPC) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.