The highest tagged major version is
README
¶
aws-operator
The aws-operator manages Kubernetes clusters running on AWS.
Getting Project
Download the latest release: https://github.com/giantswarm/aws-operator/releases/latest
Clone the git repository: https://github.com/giantswarm/aws-operator.git
Download the latest docker image from here: https://quay.io/repository/giantswarm/aws-operator
How to build
Build the standard way.
go build github.com/giantswarm/aws-operator
Architecture
The operator uses our operatorkit framework. It manages an awsconfig
CRD using a generated client stored in our apiextensions repo. Releases
are versioned using version bundles.
The operator provisions guest Kubernetes clusters running on AWS. It runs in a host Kubernetes cluster also running on AWS.
CloudFormation
The guest Kubernetes clusters are provisioned using AWS CloudFormation. The resources are split between 3 CloudFormation stacks.
- guest-main manages the guest cluster resources.
- host-setup manages an IAM role used for VPC peering.
- host-main manages network routes for the VPC peering connection.
The host cluster may run in a separate AWS account. If so resources are created in both the host and guest AWS accounts.
Other AWS Resources
As well as the CloudFormation stacks we also provision a KMS key and S3 bucket per cluster. This is to upload cloudconfigs for the cluster nodes. The cloudconfigs contain TLS certificates which are encrypted using the KMS key.
Kubernetes Resources
The operator also creates a Kubernetes namespace per guest cluster with a service and endpoints. These are used by the host cluster to access the guest cluster.
Certificates
Authentication for the cluster components and end-users uses TLS certificates. These are provisioned using Hashicorp Vault and are managed by our cert-operator.
Secret
Here the AWS IAM credentials have to be inserted.
service:
aws:
accesskey:
id: 'TODO'
secret: 'TODO'
Here the base64 representation of the data structure above has to be inserted.
apiVersion: v1
kind: Secret
metadata:
name: aws-operator-secret
namespace: giantswarm
type: Opaque
data:
secret.yml: 'TODO'
To create the secret manually do this.
kubectl create -f ./path/to/secret.yml
We also need a key to hold the SSH public key
apiVersion: v1
kind: Secret
metadata:
name: aws-operator-ssh-key-secret
namespace: giantswarm
type: Opaque
data:
id_rsa.pub: 'TODO'
Contact
- Mailing list: giantswarm
- IRC: #giantswarm on freenode.org
- Bugs: issues
Contributing & Reporting Bugs
See CONTRIBUTING for details on submitting patches, the contribution workflow as well as reporting bugs.
License
aws-operator is under the Apache 2.0 license. See the LICENSE file for details.
Credit
Documentation
¶
There is no documentation for this package.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
client
|
|
|
integration
|
|
|
pkg
|
|
|
Package server provides a server implementation to connect network transport protocols and service business logic by defining server endpoints.
|
Package server provides a server implementation to connect network transport protocols and service business logic by defining server endpoints. |
|
Package service implements business logic to create Kubernetes resources against the Kubernetes API.
|
Package service implements business logic to create Kubernetes resources against the Kubernetes API. |
|
aws
NOTE this package is deprecated and can be dropped once legacy/v23 is gone.
|
NOTE this package is deprecated and can be dropped once legacy/v23 is gone. |
|
controller/clusterapi/v29/adapter
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates.
|
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates. |
|
controller/clusterapi/v29/resource/clusterazs
Package clusterazs implements a resource to gather all distinct availability zones for a tenant cluster.
|
Package clusterazs implements a resource to gather all distinct availability zones for a tenant cluster. |
|
controller/clusterapi/v29/resource/machinedeployment
Package machinedeployment implements a temporary resource to fetch the single MachineDeployment of a tenant cluster.
|
Package machinedeployment implements a temporary resource to fetch the single MachineDeployment of a tenant cluster. |
|
controller/clusterapi/v29/resource/machinedeploymentazs
Package machinedeploymentazs implements a resource to gather all private subnets for the configured availability zones of a node pool.
|
Package machinedeploymentazs implements a resource to gather all private subnets for the configured availability zones of a node pool. |
|
controller/clusterapi/v29/resource/region
Package region implements an operatorkit resource that addresses a problem where the tcnp resource would need to fetch the Cluster CR even though the MachineDeployment CR is reconciled.
|
Package region implements an operatorkit resource that addresses a problem where the tcnp resource would need to fetch the Cluster CR even though the MachineDeployment CR is reconciled. |
|
controller/legacy/v22/adapter
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates.
|
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates. |
|
controller/legacy/v22/resource/migration
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already.
|
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already. |
|
controller/legacy/v22patch1/adapter
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates.
|
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates. |
|
controller/legacy/v22patch1/resource/migration
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already.
|
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already. |
|
controller/legacy/v23/adapter
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates.
|
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates. |
|
controller/legacy/v23/resource/migration
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already.
|
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already. |
|
controller/legacy/v24/adapter
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates.
|
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates. |
|
controller/legacy/v24/resource/migration
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already.
|
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already. |
|
controller/legacy/v25/adapter
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates.
|
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates. |
|
controller/legacy/v25/resource/migration
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already.
|
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already. |
|
controller/legacy/v26/adapter
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates.
|
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates. |
|
controller/legacy/v26/resource/migration
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already.
|
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already. |
|
controller/legacy/v27/adapter
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates.
|
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates. |
|
controller/legacy/v27/resource/migration
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already.
|
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already. |
|
controller/legacy/v28/adapter
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates.
|
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates. |
|
controller/legacy/v28/resource/migration
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already.
|
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already. |
|
controller/legacy/v29/adapter
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates.
|
Package adapter contains the required logic for creating data structures used for feeding CloudFormation templates. |
|
controller/legacy/v29/resource/migration
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already.
|
Package migration provides an operatorkit resource that migrates awsconfig CRs to reference the default credential secret if they do not already. |
|
network
Package network is DEPRECATED and can be dropped once v29 is gone.
|
Package network is DEPRECATED and can be dropped once v29 is gone. |
|
routetable
NOTE this package is deprecated.
|
NOTE this package is deprecated. |
|
vpccidr
NOTE this package is deprecated.
|
NOTE this package is deprecated. |
Click to show internal directories.
Click to hide internal directories.