Giant Swarm AWS Management Cluster admission controller that implements the following rules:
-
In an AWSCluster
resource, the AWS Operator Version is defaulted based on the Release
CR if it is not set.
-
In an AWSCluster
resource, the Release Version is defaulted based on the Cluster
CR if it is not set.
-
In an AWSCluster
resource, the Credential Secret is defaulted if it is not set.
-
In an AWSCluster
resource, the Region is defaulted if it is not set.
-
In an AWSCluster
resource, the Description is defaulted if it is not set.
-
In an AWSCluster
resource, the DNS Domain is defaulted if it is not set.
-
In an AWSCluster
resource, the Pod CIDR is defaulted if it is not set.
-
In an AWSCluster
resource, in a pre-HA version, the Master attribute is defaulted if it is not set.
-
In a Cluster
resource, the Release Version is defaulted to the newest active production version if it is not set.
-
In a Cluster
resource, the Cluster Operator Version is defaulted based on the Release
CR if it is not set.
-
In a Cluster
resource, the Cluster Operator Version is defaulted based on the new release version during an upgrade.
-
In a G8sControlplane
resource, the Cluster Operator Version is defaulted based on the Cluster
CR if it is not set.
-
In a G8sControlplane
resource, the Release Version is defaulted based on the Cluster
CR if it is not set.
-
In a G8sControlPlane
resource, when the .spec.replicas
is changed from 1 to 3, the Availability Zones of the according AWSControlPlane
will be defaulted if needed.
-
In a G8sControlPlane
resource, the replicas attribute will be defaulted if it is not defined.
- For HA-Versions, in case the matching
AWSControlPlane
already exists, the number of AZs determines the value of replicas
.
In case no such AWSControlPlane
exists, the default number of AZs is assigned.
- For pre-HA versions, replicas is always set to 1 for a single master cluster.
-
In a G8sControlPlane
resource, the infrastructure reference will be set to point to the matching AWSControlPlane
.
-
In a G8sControlPlane
resource, the control-plane label will be defaulted to its name if it is not set.
-
In an AWSControlplane
resource, the AWS Operator Version is defaulted based on the AWSCluster
CR if it is not set.
-
In an AWSControlplane
resource, the Release Version is defaulted based on the Cluster
CR if it is not set.
-
In an AWSControlPlane
resource, the Availability Zones will be defaulted if they are nil
.
- For HA-Versions, in case the matching
G8sControlPlane
already exists, the number of AZs is determined by the number of replicas
defined there.
In case no such G8sControlPlane
exists, the default number of AZs is assigned.
- For Pre-HA-Versions, in case the matching
AWSCluster
already exists, the AZ is taken from there.
-
In an AWSControlPlane
resource, the Instance Type will be defaulted if it is not defined.
- For HA-Versions, the default Instance Type is chosen.
- For Pre-HA-Versions, in case the matching
AWSCluster
already exists, the Instance Type is taken from there.
-
In a AWSControlPlane
resource, the control-plane label will be defaulted to its name if it is not set.
-
In an AWSMachinedeployment
resource, the Availability Zones will be defaulted if they are nil
. The default number of
AZs is assigned based on the master AZs taken from the AWSControlPlane
CR.
-
In an AWSMachinedeployment
resource, the AWS Operator Version is defaulted based on the AWSCluster
CR if it is not set.
-
When a new AWSMachineDeployment
is created, details are logged.
-
In an AWSMachinedeployment
resource, the Release Version is defaulted based on the Cluster
CR if it is not set.
-
In a Machinedeployment
resource, the Release Version is defaulted based on the Cluster
CR if it is not set.
-
In a Machinedeployment
resource, the Cluster Operator Version is defaulted based on the Cluster
CR if it is not set.
-
In a G8sControlPlane
resource, it validates the Master Node Replicas are a valid count (Right now either 1 or 3).
-
In a G8sControlPlane
resource, it validates the Master Node Replicas are matching the number of Availability Zones in the AWSControlPlane
resource.
-
In an G8sControlPlane
resource, it validates that the control-plane label is set.
-
In an G8sControlPlane
resource, it validates that the CR is created in the org-namespace from v16.0.0
.
-
In an AWSCluster
resource, it validates that the CR is created in the org-namespace from v16.0.0
.
-
In an AWSControlPlane
resource, it validates the Master Instance Type is a valid Instance Type for the installation.
-
In an AWSControlPlane
resource, it validates that the order of Master Node Availability Zones does not change on update.
-
In an AWSControlPlane
resource, it validates that the number of distinct Master Node Availability Zones is maximal.
-
In an AWSControlPlane
resource, it validates the Master Node Availability Zones are valid AZs for the installation.
-
In an AWSControlPlane
resource, it validates the Master Node Availability Zones are a valid count (Right now either 1 or 3).
-
In an AWSControlPlane
resource, it validates the Master Node Availability Zones are matching the number of Replicas in the G8sControlPlane
resource.
-
In an AWSControlPlane
resource, it validates that the control-plane label is set.
-
In an AWSControlPlane
resource, it validates that the CR is created in the org-namespace from v16.0.0
.
-
In an AWSMachineDeployment
resource, it validates the worker node instance type.
-
In an AWSMachineDeployment
resource, it validates the worker node availability zones.
-
In an AWSMachineDeployment
resource, it validates the Machine Deployment ID is matching against MachineDeployment
resource.
-
In an AWSMachineDeployment
resource, on creation it validates that the Cluster
is not deleted.
-
In an AWSMachinedeployment
resource, it validates that the max
number of nodes is greater or equal to min
.
-
In a AWSMachineDeployment
resource, on creation it validates that the Cluster
is in the same namespace.
-
In a Cluster
resource, the release version label can only be changed to an existing and non-deprecated release by admin users and users in restricted groups.
-
In a Cluster
resource, the release version label can only be changed to a major version that is greater than the current one
-
In a Cluster
resource, the release version label can only be changed if the cluster is in a transitioned condition. ("updated" or "created")
but does not skip major versions by admin users and users in restricted groups.
-
In a Cluster
resource, the non-version label values are not allowed to be deleted or renamed by admin users and users in restricted groups.
-
In a Cluster
resource, the giantswarm.io
label keys are not allowed to be deleted or renamed by admin users and users in restricted groups.
-
In an Cluster
resource, it validates that the CR is created in the org-namespace from v16.0.0
.
-
In a Cluster
resource, it validates the alpha.giantswarm.io/update-schedule-target-release
annotation.
-
In a Cluster
resource, it validates the alpha.giantswarm.io/update-schedule-target-time
annotation.
-
In a MachineDeployment
resource, on creation it validates that the Cluster
is not deleted.
-
In a MachineDeployment
resource, on creation it validates that the Cluster
is in the same namespace.
-
In a NetworkPool
resource, it validates the .Spec.CIDRBlock from other NetworkPools and also checks if there's overlapping from Docker CIDR, Kubernetes cluster IP range or tenant cluster CIDR.
The certificates for the webhook are created with CertManager and injected through the CA Injector.