README ¶
aws-operator
The aws-operator manages Kubernetes clusters running on AWS.
Branches
thiccc
- Up to and including version v5.4.0.
- Contains all versions of legacy controllers (reconciling AWSConfig CRs) up to and including v5.4.0.
legacy
- From version v5.5.0 up to and including v5.x.x.
- Contains only the latest version of legacy controllers (reconciling AWSConfig CRs).
master
- From version v6.0.0.
- Contains only the latest version of controllers (reconciling cluster API objects).
Getting Project
Download the latest release: https://github.com/giantswarm/aws-operator/releases/latest
Clone the git repository: https://github.com/giantswarm/aws-operator.git
Download the latest docker image from here: https://quay.io/repository/giantswarm/aws-operator
How to build
Build the standard way.
go build github.com/giantswarm/aws-operator
Architecture
The operator uses our operatorkit framework. It manages an awsconfig
CRD using a generated client stored in our apiextensions repo. Releases
are versioned using version bundles.
The operator provisions guest Kubernetes clusters running on AWS. It runs in a host Kubernetes cluster also running on AWS.
CloudFormation
The guest Kubernetes clusters are provisioned using AWS CloudFormation. The resources are split between 3 CloudFormation stacks.
- guest-main manages the guest cluster resources.
- host-setup manages an IAM role used for VPC peering.
- host-main manages network routes for the VPC peering connection.
The host cluster may run in a separate AWS account. If so resources are created in both the host and guest AWS accounts.
Other AWS Resources
As well as the CloudFormation stacks we also provision a KMS key and S3 bucket per cluster. This is to upload cloudconfigs for the cluster nodes. The cloudconfigs contain TLS certificates which are encrypted using the KMS key.
Kubernetes Resources
The operator also creates a Kubernetes namespace per guest cluster with a service and endpoints. These are used by the host cluster to access the guest cluster.
Certificates
Authentication for the cluster components and end-users uses TLS certificates. These are provisioned using Hashicorp Vault and are managed by our cert-operator.
Secret
Here the AWS IAM credentials have to be inserted.
service:
aws:
accesskey:
id: 'TODO'
secret: 'TODO'
Here the base64 representation of the data structure above has to be inserted.
apiVersion: v1
kind: Secret
metadata:
name: aws-operator-secret
namespace: giantswarm
type: Opaque
data:
secret.yml: 'TODO'
To create the secret manually do this.
kubectl create -f ./path/to/secret.yml
We also need a key to hold the SSH public key
apiVersion: v1
kind: Secret
metadata:
name: aws-operator-ssh-key-secret
namespace: giantswarm
type: Opaque
data:
id_rsa.pub: 'TODO'
Contact
- Mailing list: giantswarm
- IRC: #giantswarm on freenode.org
- Bugs: issues
Contributing & Reporting Bugs
See CONTRIBUTING for details on submitting patches, the contribution workflow as well as reporting bugs.
License
aws-operator is under the Apache 2.0 license. See the LICENSE file for details.
Credit
Documentation ¶
There is no documentation for this package.
Directories ¶
Path | Synopsis |
---|---|
client
|
|
integration
|
|
pkg
|
|
Package server provides a server implementation to connect network transport protocols and service business logic by defining server endpoints.
|
Package server provides a server implementation to connect network transport protocols and service business logic by defining server endpoints. |
Package service implements business logic to create Kubernetes resources against the Kubernetes API.
|
Package service implements business logic to create Kubernetes resources against the Kubernetes API. |
controller/resource/region
Package region implements an operatorkit resource that addresses a problem where the tcnp resource would need to fetch the Cluster CR even though the MachineDeployment CR is reconciled.
|
Package region implements an operatorkit resource that addresses a problem where the tcnp resource would need to fetch the Cluster CR even though the MachineDeployment CR is reconciled. |
controller/resource/tccpazs
Package tccpazs implements a resource to gather all distinct availability zones for a tenant cluster.
|
Package tccpazs implements a resource to gather all distinct availability zones for a tenant cluster. |
controller/resource/tcnpazs
Package tcnpazs implements a resource to gather all private subnets for the configured availability zones of a node pool.
|
Package tcnpazs implements a resource to gather all private subnets for the configured availability zones of a node pool. |