config

package
v0.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 26, 2018 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source
const CacheFileExtension = "enc"
View Source
const (

	// ControlPlaneStackName is the logical name of a CloudFormation stack resource in a root stack template
	// This is not needed to be unique in an AWS account because the actual name of a nested stack is generated randomly
	// by CloudFormation by including the logical name.
	// This is NOT intended to be used to reference stack name from cloud-config as the target of awscli or cfn-bootstrap-tools commands e.g. `cfn-init` and `cfn-signal`
	ControlPlaneStackName = "control-plane"
)
View Source
const FingerprintFileExtension = "fingerprint"

Variables

This section is empty.

Functions

func EncryptionConfig added in v0.11.0

func EncryptionConfig() (string, error)

func RandomTokenString added in v0.11.0

func RandomTokenString() (string, error)

func WithTrailingDot

func WithTrailingDot(s string) string

Types

type Admission

type Admission struct {
	PodSecurityPolicy                    PodSecurityPolicy                    `yaml:"podSecurityPolicy"`
	AlwaysPullImages                     AlwaysPullImages                     `yaml:"alwaysPullImages"`
	DenyEscalatingExec                   DenyEscalatingExec                   `yaml:"denyEscalatingExec"`
	Initializers                         Initializers                         `yaml:"initializers"`
	Priority                             Priority                             `yaml:"priority"`
	MutatingAdmissionWebhook             MutatingAdmissionWebhook             `yaml:"mutatingAdmissionWebhook"`
	ValidatingAdmissionWebhook           ValidatingAdmissionWebhook           `yaml:"validatingAdmissionWebhook"`
	OwnerReferencesPermissionEnforcement OwnerReferencesPermissionEnforcement `yaml:"ownerReferencesPermissionEnforcement"`
	PersistentVolumeClaimResize          PersistentVolumeClaimResize          `yaml:"persistentVolumeClaimResize"`
}

type AlwaysPullImages added in v0.9.9

type AlwaysPullImages struct {
	Enabled bool `yaml:"enabled"`
}

type AmazonSsmAgent added in v0.9.8

type AmazonSsmAgent struct {
	Enabled     bool   `yaml:"enabled"`
	DownloadUrl string `yaml:"downloadUrl"`
	Sha1Sum     string `yaml:"sha1sum"`
}

type AuditLog

type AuditLog struct {
	Enabled   bool   `yaml:"enabled"`
	LogPath   string `yaml:"logPath"`
	MaxAge    int    `yaml:"maxAge"`
	MaxBackup int    `yaml:"maxBackup"`
	MaxSize   int    `yaml:"maxSize"`
}

type Authentication

type Authentication struct {
	Webhook Webhook `yaml:"webhook"`
}

type AwsEnvironment

type AwsEnvironment struct {
	Enabled     bool              `yaml:"enabled"`
	Environment map[string]string `yaml:"environment"`
}

type AwsNodeLabels

type AwsNodeLabels struct {
	Enabled bool `yaml:"enabled"`
}

type CachedEncryptor

type CachedEncryptor struct {
	// contains filtered or unexported fields
}

func (CachedEncryptor) EncryptedBytes added in v0.9.6

func (e CachedEncryptor) EncryptedBytes(raw []byte) ([]byte, error)

func (CachedEncryptor) EncryptedCredentialFromPath

func (e CachedEncryptor) EncryptedCredentialFromPath(filePath string, defaultValue *string) (*EncryptedCredentialOnDisk, error)

type CloudWatchLogging added in v0.9.7

type CloudWatchLogging struct {
	Enabled         bool `yaml:"enabled"`
	RetentionInDays int  `yaml:"retentionInDays"`
	LocalStreaming  `yaml:"localStreaming"`
}

func (*CloudWatchLogging) MergeIfEmpty added in v0.9.8

func (c *CloudWatchLogging) MergeIfEmpty(other CloudWatchLogging)

type Cluster

type Cluster struct {
	KubeClusterSettings     `yaml:",inline"`
	DeploymentSettings      `yaml:",inline"`
	DefaultWorkerSettings   `yaml:",inline"`
	ControllerSettings      `yaml:",inline"`
	EtcdSettings            `yaml:",inline"`
	AdminAPIEndpointName    string              `yaml:"adminAPIEndpointName,omitempty"`
	RecordSetTTL            int                 `yaml:"recordSetTTL,omitempty"`
	TLSCADurationDays       int                 `yaml:"tlsCADurationDays,omitempty"`
	TLSCertDurationDays     int                 `yaml:"tlsCertDurationDays,omitempty"`
	HostedZoneID            string              `yaml:"hostedZoneId,omitempty"`
	PluginConfigs           model.PluginConfigs `yaml:"kubeAwsPlugins,omitempty"`
	ProvidedEncryptService  EncryptService
	ProvidedCFInterrogator  cfnstack.CFInterrogator
	ProvidedEC2Interrogator cfnstack.EC2Interrogator
	// SSHAccessAllowedSourceCIDRs is network ranges of sources you'd like SSH accesses to be allowed from, in CIDR notation
	SSHAccessAllowedSourceCIDRs model.CIDRRanges       `yaml:"sshAccessAllowedSourceCIDRs,omitempty"`
	CustomSettings              map[string]interface{} `yaml:"customSettings,omitempty"`
	KubeResourcesAutosave       `yaml:"kubeResourcesAutosave,omitempty"`
}

Cluster is the container of all the configurable parameters of a kube-aws cluster, customizable via cluster.yaml

func ClusterFromBytes

func ClusterFromBytes(data []byte) (*Cluster, error)

ClusterFromBytes Necessary for unit tests, which store configs as hardcoded strings

func ClusterFromBytesWithEncryptService

func ClusterFromBytesWithEncryptService(data []byte, encryptService EncryptService) (*Cluster, error)

func ClusterFromFile

func ClusterFromFile(filename string) (*Cluster, error)

func NewDefaultCluster

func NewDefaultCluster() *Cluster

func (Cluster) APIAccessAllowedSourceCIDRsForControllerSG added in v0.9.9

func (c Cluster) APIAccessAllowedSourceCIDRsForControllerSG() []string

APIAccessAllowedSourceCIDRsForControllerSG returns all the CIDRs of Kubernetes API endpoints that controller nodes must allow access from

func (*Cluster) AvailabilityZones

func (c *Cluster) AvailabilityZones() []string

Returns the availability zones referenced by the cluster configuration

func (Cluster) ClusterAutoscalerSupportEnabled added in v0.11.0

func (c Cluster) ClusterAutoscalerSupportEnabled() bool

func (Cluster) Config

func (c Cluster) Config(extra ...[]*pluginmodel.Plugin) (*Config, error)

func (*Cluster) ConsumeDeprecatedKeys added in v0.9.6

func (c *Cluster) ConsumeDeprecatedKeys()

func (*Cluster) EtcdCluster

func (c *Cluster) EtcdCluster() derived.EtcdCluster

func (Cluster) EtcdIndexEnvVarName

func (c Cluster) EtcdIndexEnvVarName() string

func (Cluster) EtcdNodeEnvFileName

func (c Cluster) EtcdNodeEnvFileName() string

func (Cluster) ExternalDNSNames added in v0.9.6

func (c Cluster) ExternalDNSNames() []string

ExternalDNSNames returns all the DNS names of Kubernetes API endpoints should be covered in the TLS cert for k8s API

func (*Cluster) Load

func (c *Cluster) Load() error

func (*Cluster) NewAssetsOnDisk added in v0.9.7

func (c *Cluster) NewAssetsOnDisk(dir string, o CredentialsOptions) (*RawAssetsOnDisk, error)

func (*Cluster) NewAssetsOnMemory added in v0.9.7

func (c *Cluster) NewAssetsOnMemory(caKey *rsa.PrivateKey, caCert *x509.Certificate, kiamEnabled bool) (*RawAssetsOnMemory, error)

func (*Cluster) NewTLSCA

func (c *Cluster) NewTLSCA() (*rsa.PrivateKey, *x509.Certificate, error)

func (Cluster) NodeLabels added in v0.9.7

func (c Cluster) NodeLabels() model.NodeLabels

func (*Cluster) SetDefaults

func (c *Cluster) SetDefaults() error

func (Cluster) StackConfig

func (c Cluster) StackConfig(stackName string, opts StackTemplateOptions, session *session.Session, extra ...[]*pluginmodel.Plugin) (*StackConfig, error)

func (Cluster) StackNameEnvFileName added in v0.9.10

func (c Cluster) StackNameEnvFileName() string

func (Cluster) StackNameEnvVarName

func (c Cluster) StackNameEnvVarName() string

func (*Cluster) ValidateExistingVPC

func (c *Cluster) ValidateExistingVPC(existingVPCCIDR string, existingSubnetCIDRS []string) error

Validates the an existing VPC and it's existing subnets do not conflict with this cluster configuration

type CompactAssets added in v0.9.7

type CompactAssets struct {
	// PEM -> encrypted -> gzip -> base64 encoded TLS assets.
	CACert                    string
	CAKey                     string
	WorkerCACert              string
	WorkerCAKey               string
	APIServerCert             string
	APIServerKey              string
	APIServerAggregatorCert   string
	APIServerAggregatorKey    string
	KubeControllerManagerCert string
	KubeControllerManagerKey  string
	KubeSchedulerCert         string
	KubeSchedulerKey          string
	WorkerCert                string
	WorkerKey                 string
	AdminCert                 string
	AdminKey                  string
	EtcdCert                  string
	EtcdClientCert            string
	EtcdClientKey             string
	EtcdKey                   string
	EtcdTrustedCA             string
	KIAMServerCert            string
	KIAMServerKey             string
	KIAMAgentCert             string
	KIAMAgentKey              string
	KIAMCACert                string
	ServiceAccountKey         string

	// Encrypted -> gzip -> base64 encoded assets.
	AuthTokens        string
	TLSBootstrapToken string

	// Encrypted -> base64 encoded EncryptionConfig.
	EncryptionConfig string
}

func ReadOrCreateCompactAssets added in v0.9.7

func ReadOrCreateCompactAssets(assetsDir string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool, kmsConfig KMSConfig) (*CompactAssets, error)

func ReadOrCreateUnencryptedCompactAssets added in v0.9.7

func ReadOrCreateUnencryptedCompactAssets(assetsDir string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool) (*CompactAssets, error)

func (*CompactAssets) HasAuthTokens added in v0.9.7

func (a *CompactAssets) HasAuthTokens() bool

func (*CompactAssets) HasTLSBootstrapToken added in v0.9.7

func (a *CompactAssets) HasTLSBootstrapToken() bool

type ComputeResources added in v0.11.0

type ComputeResources struct {
	Requests ResourceQuota `yaml:"requests,omitempty"`
	Limits   ResourceQuota `yaml:"limits,omitempty"`
}

type ComputedDeploymentSettings

type ComputedDeploymentSettings struct {
	AMI string
}

Part of configuration which can't be provided via user input but is computed from user input

type Config

type Config struct {
	Cluster

	AdminAPIEndpoint derived.APIEndpoint
	APIEndpoints     derived.APIEndpoints

	// EtcdNodes is the golang-representation of etcd nodes, which is used to differentiate unique etcd nodes
	// This is used to simplify templating of the control-plane stack template.
	EtcdNodes []derived.EtcdNode

	AssetsConfig *CompactAssets

	KubeAwsPlugins map[string]*pluginmodel.Plugin

	APIServerVolumes pluginmodel.APIServerVolumes
	APIServerFlags   pluginmodel.APIServerFlags
}

Config contains configuration parameters available when rendering userdata injected into a controller or an etcd node from golang text templates

func ConfigFromBytes

func ConfigFromBytes(data []byte) (*Config, error)

func (*Config) AdminAPIEndpointURL added in v0.9.6

func (c *Config) AdminAPIEndpointURL() string

AdminAPIEndpointURL is the url of the API endpoint which is written in kubeconfig and used to by admins

func (*Config) Etcdadm added in v0.9.6

func (c *Config) Etcdadm() (string, error)

Etcdadm returns the content of the etcdadm script to be embedded into cloud-config-etcd

func (*Config) HelmReleasePlugin added in v0.9.8

func (c *Config) HelmReleasePlugin() helmReleasePlugin

func (Config) InternetGatewayLogicalName

func (c Config) InternetGatewayLogicalName() string

func (Config) InternetGatewayRef

func (c Config) InternetGatewayRef() string

func (*Config) KubernetesManifestPlugin added in v0.9.8

func (c *Config) KubernetesManifestPlugin() kubernetesManifestPlugin

func (*Config) ManagedELBLogicalNames added in v0.9.6

func (c *Config) ManagedELBLogicalNames() []string

ManageELBLogicalNames returns all the logical names of the cfn resources corresponding to ELBs managed by kube-aws for API endpoints

func (Config) VPCID added in v0.9.8

func (c Config) VPCID() (string, error)

func (Config) VPCLogicalName

func (c Config) VPCLogicalName() (string, error)

func (Config) VPCManaged added in v0.9.8

func (c Config) VPCManaged() bool

func (Config) VPCRef

func (c Config) VPCRef() (string, error)

type ControllerManager added in v0.11.0

type ControllerManager struct {
	ComputeResources ComputeResources `yaml:"resources,omitempty"`
}

type ControllerSettings

type ControllerSettings struct {
	model.Controller `yaml:"controller,omitempty"`
}

Part of configuration which is specific to controller nodes

func (ControllerSettings) ControllerRollingUpdateMinInstancesInService

func (c ControllerSettings) ControllerRollingUpdateMinInstancesInService() int

func (ControllerSettings) MaxControllerCount

func (c ControllerSettings) MaxControllerCount() int

func (ControllerSettings) MinControllerCount

func (c ControllerSettings) MinControllerCount() int

func (ControllerSettings) Validate added in v0.9.8

func (c ControllerSettings) Validate() error

type CredentialsOptions

type CredentialsOptions struct {
	GenerateCA bool
	CaKeyPath  string
	CaCertPath string
	// KIAM is set to true when you want kube-aws to render TLS assets for uswitch/kiam
	KIAM bool
}

type DefaultWorkerSettings

type DefaultWorkerSettings struct {
	WorkerCreateTimeout    string   `yaml:"workerCreateTimeout,omitempty"`
	WorkerInstanceType     string   `yaml:"workerInstanceType,omitempty"`
	WorkerRootVolumeType   string   `yaml:"workerRootVolumeType,omitempty"`
	WorkerRootVolumeIOPS   int      `yaml:"workerRootVolumeIOPS,omitempty"`
	WorkerRootVolumeSize   int      `yaml:"workerRootVolumeSize,omitempty"`
	WorkerSpotPrice        string   `yaml:"workerSpotPrice,omitempty"`
	WorkerSecurityGroupIds []string `yaml:"workerSecurityGroupIds,omitempty"`
	WorkerTenancy          string   `yaml:"workerTenancy,omitempty"`
	WorkerTopologyPrivate  bool     `yaml:"workerTopologyPrivate,omitempty"`
}

Part of configuration which is specific to worker nodes

func (DefaultWorkerSettings) Validate added in v0.9.8

func (c DefaultWorkerSettings) Validate() error

type DenyEscalatingExec added in v0.9.8

type DenyEscalatingExec struct {
	Enabled bool `yaml:"enabled"`
}

type DeploymentSettings

type DeploymentSettings struct {
	ComputedDeploymentSettings
	CloudFormation                        model.CloudFormation  `yaml:"cloudformation,omitempty"`
	ClusterName                           string                `yaml:"clusterName,omitempty"`
	S3URI                                 string                `yaml:"s3URI,omitempty"`
	DisableContainerLinuxAutomaticUpdates string                `yaml:"disableContainerLinuxAutomaticUpdates,omitempty"`
	KeyName                               string                `yaml:"keyName,omitempty"`
	Region                                model.Region          `yaml:",inline"`
	AvailabilityZone                      string                `yaml:"availabilityZone,omitempty"`
	ReleaseChannel                        string                `yaml:"releaseChannel,omitempty"`
	AmiId                                 string                `yaml:"amiId,omitempty"`
	DeprecatedVPCID                       string                `yaml:"vpcId,omitempty"`
	VPC                                   model.VPC             `yaml:"vpc,omitempty"`
	DeprecatedInternetGatewayID           string                `yaml:"internetGatewayId,omitempty"`
	InternetGateway                       model.InternetGateway `yaml:"internetGateway,omitempty"`
	// Required for validations like e.g. if instance cidr is contained in vpc cidr
	VPCCIDR                   string `yaml:"vpcCIDR,omitempty"`
	InstanceCIDR              string `yaml:"instanceCIDR,omitempty"`
	K8sVer                    string `yaml:"kubernetesVersion,omitempty"`
	KubeAWSVersion            string
	ContainerRuntime          string            `yaml:"containerRuntime,omitempty"`
	KMSKeyARN                 string            `yaml:"kmsKeyArn,omitempty"`
	StackTags                 map[string]string `yaml:"stackTags,omitempty"`
	Subnets                   model.Subnets     `yaml:"subnets,omitempty"`
	EIPAllocationIDs          []string          `yaml:"eipAllocationIDs,omitempty"`
	ElasticFileSystemID       string            `yaml:"elasticFileSystemId,omitempty"`
	SharedPersistentVolume    bool              `yaml:"sharedPersistentVolume,omitempty"`
	SSHAuthorizedKeys         []string          `yaml:"sshAuthorizedKeys,omitempty"`
	Addons                    model.Addons      `yaml:"addons"`
	Experimental              Experimental      `yaml:"experimental"`
	Kubelet                   Kubelet           `yaml:"kubelet"`
	ManageCertificates        bool              `yaml:"manageCertificates,omitempty"`
	WaitSignal                WaitSignal        `yaml:"waitSignal"`
	CloudWatchLogging         `yaml:"cloudWatchLogging,omitempty"`
	AmazonSsmAgent            `yaml:"amazonSsmAgent,omitempty"`
	CloudFormationStreaming   bool `yaml:"cloudFormationStreaming,omitempty"`
	KubeProxy                 `yaml:"kubeProxy,omitempty"`
	KubeDns                   `yaml:"kubeDns,omitempty"`
	KubeSystemNamespaceLabels map[string]string `yaml:"kubeSystemNamespaceLabels,omitempty"`
	KubernetesDashboard       `yaml:"kubernetesDashboard,omitempty"`
	// Images repository
	HyperkubeImage                     model.Image `yaml:"hyperkubeImage,omitempty"`
	AWSCliImage                        model.Image `yaml:"awsCliImage,omitempty"`
	CalicoNodeImage                    model.Image `yaml:"calicoNodeImage,omitempty"`
	CalicoCniImage                     model.Image `yaml:"calicoCniImage,omitempty"`
	CalicoCtlImage                     model.Image `yaml:"calicoCtlImage,omitempty"`
	CalicoKubeControllersImage         model.Image `yaml:"calicoKubeControllersImage,omitempty"`
	ClusterAutoscalerImage             model.Image `yaml:"clusterAutoscalerImage,omitempty"`
	ClusterProportionalAutoscalerImage model.Image `yaml:"clusterProportionalAutoscalerImage,omitempty"`
	CoreDnsImage                       model.Image `yaml:"coreDnsImage,omitempty"`
	Kube2IAMImage                      model.Image `yaml:"kube2iamImage,omitempty"`
	KubeDnsImage                       model.Image `yaml:"kubeDnsImage,omitempty"`
	KubeDnsMasqImage                   model.Image `yaml:"kubeDnsMasqImage,omitempty"`
	KubeReschedulerImage               model.Image `yaml:"kubeReschedulerImage,omitempty"`
	DnsMasqMetricsImage                model.Image `yaml:"dnsMasqMetricsImage,omitempty"`
	ExecHealthzImage                   model.Image `yaml:"execHealthzImage,omitempty"`
	HelmImage                          model.Image `yaml:"helmImage,omitempty"`
	TillerImage                        model.Image `yaml:"tillerImage,omitempty"`
	HeapsterImage                      model.Image `yaml:"heapsterImage,omitempty"`
	MetricsServerImage                 model.Image `yaml:"metricsServerImage,omitempty"`
	AddonResizerImage                  model.Image `yaml:"addonResizerImage,omitempty"`
	KubernetesDashboardImage           model.Image `yaml:"kubernetesDashboardImage,omitempty"`
	PauseImage                         model.Image `yaml:"pauseImage,omitempty"`
	FlannelImage                       model.Image `yaml:"flannelImage,omitempty"`
	JournaldCloudWatchLogsImage        model.Image `yaml:"journaldCloudWatchLogsImage,omitempty"`
	Kubernetes                         Kubernetes  `yaml:"kubernetes,omitempty"`
	HostOS                             HostOS      `yaml:"hostOS,omitempty"`
}

Part of configuration which can be customized for each type/group of nodes(etcd/controller/worker/) by its nature.

Please beware that it is described as just "by its nature". Whether it can actually be customized or not depends on you use node pools or not. If you've chosen to create a single cluster including all the worker, controller, etcd nodes within a single cfn stack, you can't customize per group of nodes. If you've chosen to create e.g. a separate node pool for each type of worker nodes, you can customize per node pool.

Though it is highly configurable, it's basically users' responsibility to provide `correct` values if they're going beyond the defaults.

func (DeploymentSettings) AllSubnets

func (s DeploymentSettings) AllSubnets() model.Subnets

func (DeploymentSettings) ApiServerLeaseEndpointReconciler added in v0.11.0

func (c DeploymentSettings) ApiServerLeaseEndpointReconciler() (bool, error)

func (DeploymentSettings) AssetsEncryptionEnabled

func (c DeploymentSettings) AssetsEncryptionEnabled() bool

func (DeploymentSettings) FindNATGatewayForPrivateSubnet

func (c DeploymentSettings) FindNATGatewayForPrivateSubnet(s model.Subnet) (*model.NATGateway, error)

func (DeploymentSettings) FindSubnetMatching

func (c DeploymentSettings) FindSubnetMatching(condition model.Subnet) model.Subnet

func (DeploymentSettings) NATGateways

func (c DeploymentSettings) NATGateways() []model.NATGateway

func (DeploymentSettings) PrivateSubnets

func (c DeploymentSettings) PrivateSubnets() model.Subnets

func (DeploymentSettings) PublicSubnets

func (c DeploymentSettings) PublicSubnets() model.Subnets

func (DeploymentSettings) Validate added in v0.9.8

type DeploymentValidationResult

type DeploymentValidationResult struct {
	// contains filtered or unexported fields
}

type EncryptService

type EncryptService interface {
	Encrypt(*kms.EncryptInput) (*kms.EncryptOutput, error)
}

type EncryptedAssetsOnDisk added in v0.9.7

type EncryptedAssetsOnDisk struct {
	// Encrypted PEM encoded TLS assets.
	CACert                    EncryptedCredentialOnDisk
	CAKey                     EncryptedCredentialOnDisk
	WorkerCACert              EncryptedCredentialOnDisk
	WorkerCAKey               EncryptedCredentialOnDisk
	APIServerCert             EncryptedCredentialOnDisk
	APIServerKey              EncryptedCredentialOnDisk
	APIServerAggregatorCert   EncryptedCredentialOnDisk
	APIServerAggregatorKey    EncryptedCredentialOnDisk
	KubeControllerManagerCert EncryptedCredentialOnDisk
	KubeControllerManagerKey  EncryptedCredentialOnDisk
	KubeSchedulerCert         EncryptedCredentialOnDisk
	KubeSchedulerKey          EncryptedCredentialOnDisk
	WorkerCert                EncryptedCredentialOnDisk
	WorkerKey                 EncryptedCredentialOnDisk
	AdminCert                 EncryptedCredentialOnDisk
	AdminKey                  EncryptedCredentialOnDisk
	EtcdCert                  EncryptedCredentialOnDisk
	EtcdClientCert            EncryptedCredentialOnDisk
	EtcdKey                   EncryptedCredentialOnDisk
	EtcdClientKey             EncryptedCredentialOnDisk
	EtcdTrustedCA             EncryptedCredentialOnDisk
	KIAMServerCert            EncryptedCredentialOnDisk
	KIAMServerKey             EncryptedCredentialOnDisk
	KIAMAgentCert             EncryptedCredentialOnDisk
	KIAMAgentKey              EncryptedCredentialOnDisk
	KIAMCACert                EncryptedCredentialOnDisk
	ServiceAccountKey         EncryptedCredentialOnDisk

	// Other encrypted assets.
	AuthTokens        EncryptedCredentialOnDisk
	TLSBootstrapToken EncryptedCredentialOnDisk
	EncryptionConfig  EncryptedCredentialOnDisk
}

func ReadOrCreateEncryptedAssets added in v0.9.7

func ReadOrCreateEncryptedAssets(tlsAssetsDir string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool, kmsConfig KMSConfig) (*EncryptedAssetsOnDisk, error)

func ReadOrEncryptAssets added in v0.9.7

func ReadOrEncryptAssets(dirname string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool, encryptor CachedEncryptor) (*EncryptedAssetsOnDisk, error)

func (*EncryptedAssetsOnDisk) Compact added in v0.9.7

func (r *EncryptedAssetsOnDisk) Compact() (*CompactAssets, error)

func (*EncryptedAssetsOnDisk) WriteToDir added in v0.9.7

func (r *EncryptedAssetsOnDisk) WriteToDir(dirname string, kiamEnabled bool) error

type EncryptedCredentialOnDisk

type EncryptedCredentialOnDisk struct {
	// contains filtered or unexported fields
}

The fact KMS encryption produces different ciphertexts for the same plaintext had been causing unnecessary node replacements(https://github.com/kubernetes-incubator/kube-aws/issues/107) Persist encrypted assets for caching purpose so that we can avoid that.

func EncryptedCredentialCacheFromPath

func EncryptedCredentialCacheFromPath(filePath string, doLoadFingerprint bool) (*EncryptedCredentialOnDisk, error)

func EncryptedCredentialCacheFromRawCredential

func EncryptedCredentialCacheFromRawCredential(raw *RawCredentialOnDisk, bytesEncryptionService bytesEncryptionService) (*EncryptedCredentialOnDisk, error)

func (*EncryptedCredentialOnDisk) Fingerprint

func (c *EncryptedCredentialOnDisk) Fingerprint() string

func (*EncryptedCredentialOnDisk) Persist

func (c *EncryptedCredentialOnDisk) Persist() error

func (*EncryptedCredentialOnDisk) String

func (c *EncryptedCredentialOnDisk) String() string

type EncryptionAtRest added in v0.11.0

type EncryptionAtRest struct {
	Enabled bool `yaml:"enabled"`
}

type EphemeralImageStorage

type EphemeralImageStorage struct {
	Enabled    bool   `yaml:"enabled"`
	Disk       string `yaml:"disk"`
	Filesystem string `yaml:"filesystem"`
}

type EtcdSettings

type EtcdSettings struct {
	model.Etcd `yaml:"etcd,omitempty"`
}

Part of configuration which is specific to etcd nodes

func (EtcdSettings) Validate added in v0.9.8

func (e EtcdSettings) Validate() error

Valid returns an error when there's any user error in the `etcd` settings

type Experimental

type Experimental struct {
	Admission      Admission      `yaml:"admission"`
	AuditLog       AuditLog       `yaml:"auditLog"`
	Authentication Authentication `yaml:"authentication"`
	AwsEnvironment AwsEnvironment `yaml:"awsEnvironment"`
	AwsNodeLabels  AwsNodeLabels  `yaml:"awsNodeLabels"`
	// When cluster-autoscaler support is enabled, not only controller nodes but this node pool is also given
	// a node label and IAM permissions to run cluster-autoscaler
	ClusterAutoscalerSupport    model.ClusterAutoscalerSupport `yaml:"clusterAutoscalerSupport"`
	TLSBootstrap                TLSBootstrap                   `yaml:"tlsBootstrap"`
	NodeAuthorizer              NodeAuthorizer                 `yaml:"nodeAuthorizer"`
	EphemeralImageStorage       EphemeralImageStorage          `yaml:"ephemeralImageStorage"`
	KIAMSupport                 KIAMSupport                    `yaml:"kiamSupport,omitempty"`
	Kube2IamSupport             Kube2IamSupport                `yaml:"kube2IamSupport,omitempty"`
	GpuSupport                  GpuSupport                     `yaml:"gpuSupport,omitempty"`
	KubeletOpts                 string                         `yaml:"kubeletOpts,omitempty"`
	LoadBalancer                LoadBalancer                   `yaml:"loadBalancer"`
	TargetGroup                 TargetGroup                    `yaml:"targetGroup"`
	NodeDrainer                 model.NodeDrainer              `yaml:"nodeDrainer"`
	Oidc                        model.Oidc                     `yaml:"oidc"`
	DisableSecurityGroupIngress bool                           `yaml:"disableSecurityGroupIngress"`
	NodeMonitorGracePeriod      string                         `yaml:"nodeMonitorGracePeriod"`
	model.UnknownKeys           `yaml:",inline"`
}

func (Experimental) Validate added in v0.9.8

func (c Experimental) Validate(name string) error

type GpuSupport added in v0.9.10

type GpuSupport struct {
	Enabled      bool   `yaml:"enabled"`
	Version      string `yaml:"version"`
	InstallImage string `yaml:"installImage"`
}

type HostOS added in v0.11.0

type HostOS struct {
	BashPrompt model.BashPrompt `yaml:"bashPrompt,omitempty"`
	MOTDBanner model.MOTDBanner `yaml:"motdBanner,omitempty"`
}

type IPVSMode added in v0.9.10

type IPVSMode struct {
	Enabled       bool   `yaml:"enabled"`
	Scheduler     string `yaml:"scheduler"`
	SyncPeriod    string `yaml:"syncPeriod"`
	MinSyncPeriod string `yaml:"minSyncPeriod"`
}

type InfrastructureValidationResult

type InfrastructureValidationResult struct {
	// contains filtered or unexported fields
}

type Initializers added in v0.9.9

type Initializers struct {
	Enabled bool `yaml:"enabled"`
}

type KIAMServerAddresses added in v0.11.0

type KIAMServerAddresses struct {
	ServerAddress string `yaml:"serverAddress,omitempty"`
	AgentAddress  string `yaml:"agentAddress,omitempty"`
}

type KIAMSupport added in v0.9.10

type KIAMSupport struct {
	Enabled         bool                `yaml:"enabled"`
	Image           model.Image         `yaml:"image,omitempty"`
	SessionDuration string              `yaml:"sessionDuration,omitempty"`
	ServerAddresses KIAMServerAddresses `yaml:"serverAddresses,omitempty"`
	ServerResources ComputeResources    `yaml:"serverResources,omitempty"`
	AgentResources  ComputeResources    `yaml:"agentResources,omitempty"`
}

type KMSConfig

type KMSConfig struct {
	EncryptService EncryptService
	KMSKeyARN      string
}

func NewKMSConfig added in v0.11.0

func NewKMSConfig(kmsKeyARN string, encSvc EncryptService, session *session.Session) KMSConfig

type Kube2IamSupport

type Kube2IamSupport struct {
	Enabled bool `yaml:"enabled"`
}

type KubeClusterSettings

type KubeClusterSettings struct {
	APIEndpointConfigs model.APIEndpoints `yaml:"apiEndpoints,omitempty"`
	// Required by kubelet to locate the kube-apiserver
	ExternalDNSName string `yaml:"externalDNSName,omitempty"`
	// Required by kubelet to locate the cluster-internal dns hosted on controller nodes in the base cluster
	DNSServiceIP string `yaml:"dnsServiceIP,omitempty"`
	UseCalico    bool   `yaml:"useCalico,omitempty"`
	PodCIDR      string `yaml:"podCIDR,omitempty"`
	ServiceCIDR  string `yaml:"serviceCIDR,omitempty"`
}

Part of configuration which is shared between controller nodes and worker nodes. Its name is prefixed with `Kube` because it doesn't relate to etcd.

func (KubeClusterSettings) K8sNetworkPlugin

func (c KubeClusterSettings) K8sNetworkPlugin() string

Required by kubelet to use the consistent network plugin with the base cluster

func (KubeClusterSettings) Validate added in v0.9.8

type KubeDns added in v0.9.8

type KubeDns struct {
	Provider            string            `yaml:"provider"`
	NodeLocalResolver   bool              `yaml:"nodeLocalResolver"`
	DeployToControllers bool              `yaml:"deployToControllers"`
	Autoscaler          KubeDnsAutoscaler `yaml:"autoscaler"`
}

func (*KubeDns) MergeIfEmpty added in v0.9.8

func (c *KubeDns) MergeIfEmpty(other KubeDns)

type KubeDnsAutoscaler added in v0.9.10

type KubeDnsAutoscaler struct {
	CoresPerReplica int `yaml:"coresPerReplica"`
	NodesPerReplica int `yaml:"nodesPerReplica"`
	Min             int `yaml:"min"`
}

type KubeProxy added in v0.9.10

type KubeProxy struct {
	IPVSMode IPVSMode `yaml:"ipvsMode"`
}

type KubeResourcesAutosave added in v0.9.6

type KubeResourcesAutosave struct {
	Enabled bool `yaml:"enabled"`
	S3Path  string
}

type Kubelet added in v0.9.10

type Kubelet struct {
	RotateCerts             RotateCerts `yaml:"rotateCerts"`
	SystemReservedResources string      `yaml:"systemReserved"`
	KubeReservedResources   string      `yaml:"kubeReserved"`
}

Kubelet options

type Kubernetes added in v0.9.10

type Kubernetes struct {
	EncryptionAtRest  EncryptionAtRest  `yaml:"encryptionAtRest"`
	Networking        Networking        `yaml:"networking,omitempty"`
	ControllerManager ControllerManager `yaml:"controllerManager,omitempty"`
}

type KubernetesDashboard added in v0.9.9

type KubernetesDashboard struct {
	AdminPrivileges  bool             `yaml:"adminPrivileges"`
	InsecureLogin    bool             `yaml:"insecureLogin"`
	Enabled          bool             `yaml:"enabled"`
	ComputeResources ComputeResources `yaml:"resources,omitempty"`
}

type LoadBalancer

type LoadBalancer struct {
	Enabled          bool     `yaml:"enabled"`
	Names            []string `yaml:"names"`
	SecurityGroupIds []string `yaml:"securityGroupIds"`
}

type LocalStreaming added in v0.9.8

type LocalStreaming struct {
	Enabled bool   `yaml:"enabled"`
	Filter  string `yaml:"filter"`
	// contains filtered or unexported fields
}

func (*LocalStreaming) Interval added in v0.9.8

func (c *LocalStreaming) Interval() int64

type MutatingAdmissionWebhook added in v0.9.10

type MutatingAdmissionWebhook struct {
	Enabled bool `yaml:"enabled"`
}

type Networking added in v0.9.10

type Networking struct {
	SelfHosting SelfHosting `yaml:"selfHosting"`
}

type NodeAuthorizer added in v0.9.8

type NodeAuthorizer struct {
	Enabled bool `yaml:"enabled"`
}

type OwnerReferencesPermissionEnforcement added in v0.9.10

type OwnerReferencesPermissionEnforcement struct {
	Enabled bool `yaml:"enabled"`
}

type PersistentVolumeClaimResize added in v0.9.10

type PersistentVolumeClaimResize struct {
	Enabled bool `yaml:"enabled"`
}

type PodSecurityPolicy

type PodSecurityPolicy struct {
	Enabled bool `yaml:"enabled"`
}

type Priority added in v0.9.10

type Priority struct {
	Enabled bool `yaml:"enabled"`
}

type RawAssetsOnDisk added in v0.9.7

type RawAssetsOnDisk struct {
	// PEM encoded TLS assets.
	CACert                    RawCredentialOnDisk
	CAKey                     RawCredentialOnDisk
	WorkerCACert              RawCredentialOnDisk
	WorkerCAKey               RawCredentialOnDisk
	APIServerCert             RawCredentialOnDisk
	APIServerKey              RawCredentialOnDisk
	APIServerAggregatorCert   RawCredentialOnDisk
	APIServerAggregatorKey    RawCredentialOnDisk
	KubeControllerManagerCert RawCredentialOnDisk
	KubeControllerManagerKey  RawCredentialOnDisk
	KubeSchedulerCert         RawCredentialOnDisk
	KubeSchedulerKey          RawCredentialOnDisk
	WorkerCert                RawCredentialOnDisk
	WorkerKey                 RawCredentialOnDisk
	AdminCert                 RawCredentialOnDisk
	AdminKey                  RawCredentialOnDisk
	EtcdCert                  RawCredentialOnDisk
	EtcdClientCert            RawCredentialOnDisk
	EtcdKey                   RawCredentialOnDisk
	EtcdClientKey             RawCredentialOnDisk
	EtcdTrustedCA             RawCredentialOnDisk
	KIAMServerCert            RawCredentialOnDisk
	KIAMServerKey             RawCredentialOnDisk
	KIAMAgentCert             RawCredentialOnDisk
	KIAMAgentKey              RawCredentialOnDisk
	KIAMCACert                RawCredentialOnDisk
	ServiceAccountKey         RawCredentialOnDisk

	// Other assets.
	AuthTokens        RawCredentialOnDisk
	TLSBootstrapToken RawCredentialOnDisk
	EncryptionConfig  RawCredentialOnDisk
}

func ReadRawAssets added in v0.9.7

func ReadRawAssets(dirname string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool) (*RawAssetsOnDisk, error)

func (*RawAssetsOnDisk) Compact added in v0.9.7

func (r *RawAssetsOnDisk) Compact() (*CompactAssets, error)

type RawAssetsOnMemory added in v0.9.7

type RawAssetsOnMemory struct {
	// PEM encoded TLS assets.
	CACert                    []byte
	CAKey                     []byte
	WorkerCACert              []byte
	WorkerCAKey               []byte
	APIServerCert             []byte
	APIServerKey              []byte
	APIServerAggregatorCert   []byte
	APIServerAggregatorKey    []byte
	KubeControllerManagerCert []byte
	KubeControllerManagerKey  []byte
	KubeSchedulerCert         []byte
	KubeSchedulerKey          []byte
	WorkerCert                []byte
	WorkerKey                 []byte
	AdminCert                 []byte
	AdminKey                  []byte
	EtcdCert                  []byte
	EtcdClientCert            []byte
	EtcdKey                   []byte
	EtcdClientKey             []byte
	EtcdTrustedCA             []byte
	KIAMServerCert            []byte
	KIAMServerKey             []byte
	KIAMAgentCert             []byte
	KIAMAgentKey              []byte
	KIAMCACert                []byte
	ServiceAccountKey         []byte

	// Other assets.
	AuthTokens        []byte
	TLSBootstrapToken []byte
	EncryptionConfig  []byte
}

func (*RawAssetsOnMemory) WriteToDir added in v0.9.7

func (r *RawAssetsOnMemory) WriteToDir(dirname string, includeCAKey bool, kiamEnabled bool) error

type RawCredentialOnDisk

type RawCredentialOnDisk struct {
	// contains filtered or unexported fields
}

func RawCredentialFileFromPath

func RawCredentialFileFromPath(filePath string, defaultValue *string) (*RawCredentialOnDisk, error)

func (*RawCredentialOnDisk) Fingerprint

func (c *RawCredentialOnDisk) Fingerprint() string

func (*RawCredentialOnDisk) Persist

func (c *RawCredentialOnDisk) Persist() error

func (*RawCredentialOnDisk) String

func (c *RawCredentialOnDisk) String() string

type ResourceQuota added in v0.11.0

type ResourceQuota struct {
	Cpu    string `yaml:"cpu"`
	Memory string `yaml:"memory"`
}

type RotateCerts added in v0.9.10

type RotateCerts struct {
	Enabled bool `yaml:"enabled"`
}

type SelfHosting added in v0.9.10

type SelfHosting struct {
	Enabled         bool        `yaml:"enabled"`
	Type            string      `yaml:"type"`
	Typha           bool        `yaml:"typha"`
	CalicoNodeImage model.Image `yaml:"calicoNodeImage"`
	CalicoCniImage  model.Image `yaml:"calicoCniImage"`
	FlannelImage    model.Image `yaml:"flannelImage"`
	FlannelCniImage model.Image `yaml:"flannelCniImage"`
	TyphaImage      model.Image `yaml:"typhaImage"`
}

type StackConfig

type StackConfig struct {
	*Config
	StackName string
	StackTemplateOptions
	UserDataController    model.UserData
	UserDataEtcd          model.UserData
	ControllerSubnetIndex int
	ExtraCfnResources     map[string]interface{}
}

StackConfig contains configuration parameters available when rendering CFN stack template from golang text templates

func (*StackConfig) ClusterExportedStacksS3URI added in v0.9.6

func (c *StackConfig) ClusterExportedStacksS3URI() string

func (*StackConfig) ClusterS3URI added in v0.9.6

func (c *StackConfig) ClusterS3URI() string

func (StackConfig) EtcdSnapshotsS3Bucket added in v0.9.6

func (c StackConfig) EtcdSnapshotsS3Bucket() (string, error)

func (StackConfig) EtcdSnapshotsS3PathRef added in v0.9.6

func (c StackConfig) EtcdSnapshotsS3PathRef() (string, error)

EtcdSnapshotsS3Path is a pair of a S3 bucket and a key of an S3 object containing an etcd cluster snapshot

func (StackConfig) EtcdSnapshotsS3PrefixRef added in v0.9.6

func (c StackConfig) EtcdSnapshotsS3PrefixRef() (string, error)

func (*StackConfig) RenderStackTemplateAsBytes added in v0.9.7

func (c *StackConfig) RenderStackTemplateAsBytes() ([]byte, error)

func (*StackConfig) RenderStackTemplateAsString added in v0.9.7

func (c *StackConfig) RenderStackTemplateAsString() (string, error)

type StackTemplateOptions

type StackTemplateOptions struct {
	AssetsDir             string
	ControllerTmplFile    string
	EtcdTmplFile          string
	StackTemplateTmplFile string
	S3URI                 string
	PrettyPrint           bool
	SkipWait              bool
}

type TLSBootstrap added in v0.9.6

type TLSBootstrap struct {
	Enabled bool `yaml:"enabled"`
}

type TargetGroup

type TargetGroup struct {
	Enabled          bool     `yaml:"enabled"`
	Arns             []string `yaml:"arns"`
	SecurityGroupIds []string `yaml:"securityGroupIds"`
}

type ValidatingAdmissionWebhook added in v0.9.10

type ValidatingAdmissionWebhook struct {
	Enabled bool `yaml:"enabled"`
}

type WaitSignal

type WaitSignal struct {
	// WaitSignal is enabled by default. If you'd like to explicitly disable it, set this to `false`.
	// Keeping this `nil` results in the WaitSignal to be enabled.
	EnabledOverride      *bool `yaml:"enabled"`
	MaxBatchSizeOverride *int  `yaml:"maxBatchSize"`
}

func (WaitSignal) Enabled

func (s WaitSignal) Enabled() bool

func (WaitSignal) MaxBatchSize

func (s WaitSignal) MaxBatchSize() int

type Webhook

type Webhook struct {
	Enabled  bool   `yaml:"enabled"`
	CacheTTL string `yaml:"cacheTTL"`
	Config   string `yaml:"configBase64"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL