Documentation ¶
Index ¶
- Constants
- func EncryptionConfig() (string, error)
- func RandomTokenString() (string, error)
- func WithTrailingDot(s string) string
- type Admission
- type AlwaysPullImages
- type AmazonSsmAgent
- type AuditLog
- type Authentication
- type AwsEnvironment
- type AwsNodeLabels
- type CachedEncryptor
- type CloudWatchLogging
- type Cluster
- func (c Cluster) APIAccessAllowedSourceCIDRsForControllerSG() []string
- func (c *Cluster) AvailabilityZones() []string
- func (c Cluster) ClusterAutoscalerSupportEnabled() bool
- func (c Cluster) Config(extra ...[]*pluginmodel.Plugin) (*Config, error)
- func (c *Cluster) ConsumeDeprecatedKeys()
- func (c *Cluster) EtcdCluster() derived.EtcdCluster
- func (c Cluster) EtcdIndexEnvVarName() string
- func (c Cluster) EtcdNodeEnvFileName() string
- func (c Cluster) ExternalDNSNames() []string
- func (c *Cluster) Load() error
- func (c *Cluster) NewAssetsOnDisk(dir string, o CredentialsOptions) (*RawAssetsOnDisk, error)
- func (c *Cluster) NewAssetsOnMemory(caKey *rsa.PrivateKey, caCert *x509.Certificate, kiamEnabled bool) (*RawAssetsOnMemory, error)
- func (c *Cluster) NewTLSCA() (*rsa.PrivateKey, *x509.Certificate, error)
- func (c Cluster) NodeLabels() model.NodeLabels
- func (c *Cluster) SetDefaults() error
- func (c Cluster) StackConfig(stackName string, opts StackTemplateOptions, session *session.Session, ...) (*StackConfig, error)
- func (c Cluster) StackNameEnvFileName() string
- func (c Cluster) StackNameEnvVarName() string
- func (c *Cluster) ValidateExistingVPC(existingVPCCIDR string, existingSubnetCIDRS []string) error
- type CompactAssets
- type ComputeResources
- type ComputedDeploymentSettings
- type Config
- func (c *Config) AdminAPIEndpointURL() string
- func (c *Config) Etcdadm() (string, error)
- func (c *Config) HelmReleasePlugin() helmReleasePlugin
- func (c Config) InternetGatewayLogicalName() string
- func (c Config) InternetGatewayRef() string
- func (c *Config) KubernetesManifestPlugin() kubernetesManifestPlugin
- func (c *Config) ManagedELBLogicalNames() []string
- func (c Config) VPCID() (string, error)
- func (c Config) VPCLogicalName() (string, error)
- func (c Config) VPCManaged() bool
- func (c Config) VPCRef() (string, error)
- type ControllerManager
- type ControllerSettings
- type CredentialsOptions
- type DefaultWorkerSettings
- type DenyEscalatingExec
- type DeploymentSettings
- func (s DeploymentSettings) AllSubnets() model.Subnets
- func (c DeploymentSettings) ApiServerLeaseEndpointReconciler() (bool, error)
- func (c DeploymentSettings) AssetsEncryptionEnabled() bool
- func (c DeploymentSettings) FindNATGatewayForPrivateSubnet(s model.Subnet) (*model.NATGateway, error)
- func (c DeploymentSettings) FindSubnetMatching(condition model.Subnet) model.Subnet
- func (c DeploymentSettings) NATGateways() []model.NATGateway
- func (c DeploymentSettings) PrivateSubnets() model.Subnets
- func (c DeploymentSettings) PublicSubnets() model.Subnets
- func (c DeploymentSettings) Validate() (*DeploymentValidationResult, error)
- type DeploymentValidationResult
- type EncryptService
- type EncryptedAssetsOnDisk
- type EncryptedCredentialOnDisk
- type EncryptionAtRest
- type EphemeralImageStorage
- type EtcdSettings
- type Experimental
- type GpuSupport
- type HostOS
- type IPVSMode
- type InfrastructureValidationResult
- type Initializers
- type KIAMServerAddresses
- type KIAMSupport
- type KMSConfig
- type Kube2IamSupport
- type KubeClusterSettings
- type KubeDns
- type KubeDnsAutoscaler
- type KubeProxy
- type KubeResourcesAutosave
- type Kubelet
- type Kubernetes
- type KubernetesDashboard
- type LoadBalancer
- type LocalStreaming
- type MutatingAdmissionWebhook
- type Networking
- type NodeAuthorizer
- type OwnerReferencesPermissionEnforcement
- type PersistentVolumeClaimResize
- type PodSecurityPolicy
- type Priority
- type RawAssetsOnDisk
- type RawAssetsOnMemory
- type RawCredentialOnDisk
- type ResourceQuota
- type RotateCerts
- type SelfHosting
- type StackConfig
- func (c *StackConfig) ClusterExportedStacksS3URI() string
- func (c *StackConfig) ClusterS3URI() string
- func (c StackConfig) EtcdSnapshotsS3Bucket() (string, error)
- func (c StackConfig) EtcdSnapshotsS3PathRef() (string, error)
- func (c StackConfig) EtcdSnapshotsS3PrefixRef() (string, error)
- func (c *StackConfig) RenderStackTemplateAsBytes() ([]byte, error)
- func (c *StackConfig) RenderStackTemplateAsString() (string, error)
- type StackTemplateOptions
- type TLSBootstrap
- type TargetGroup
- type ValidatingAdmissionWebhook
- type WaitSignal
- type Webhook
Constants ¶
const CacheFileExtension = "enc"
const ( // ControlPlaneStackName is the logical name of a CloudFormation stack resource in a root stack template // This is not needed to be unique in an AWS account because the actual name of a nested stack is generated randomly // by CloudFormation by including the logical name. // This is NOT intended to be used to reference stack name from cloud-config as the target of awscli or cfn-bootstrap-tools commands e.g. `cfn-init` and `cfn-signal` ControlPlaneStackName = "control-plane" )
const FingerprintFileExtension = "fingerprint"
Variables ¶
This section is empty.
Functions ¶
func EncryptionConfig ¶ added in v0.11.0
func RandomTokenString ¶ added in v0.11.0
func WithTrailingDot ¶
Types ¶
type Admission ¶
type Admission struct { PodSecurityPolicy PodSecurityPolicy `yaml:"podSecurityPolicy"` AlwaysPullImages AlwaysPullImages `yaml:"alwaysPullImages"` DenyEscalatingExec DenyEscalatingExec `yaml:"denyEscalatingExec"` Initializers Initializers `yaml:"initializers"` Priority Priority `yaml:"priority"` MutatingAdmissionWebhook MutatingAdmissionWebhook `yaml:"mutatingAdmissionWebhook"` ValidatingAdmissionWebhook ValidatingAdmissionWebhook `yaml:"validatingAdmissionWebhook"` OwnerReferencesPermissionEnforcement OwnerReferencesPermissionEnforcement `yaml:"ownerReferencesPermissionEnforcement"` PersistentVolumeClaimResize PersistentVolumeClaimResize `yaml:"persistentVolumeClaimResize"` }
type AlwaysPullImages ¶ added in v0.9.9
type AlwaysPullImages struct {
Enabled bool `yaml:"enabled"`
}
type AmazonSsmAgent ¶ added in v0.9.8
type Authentication ¶
type Authentication struct {
Webhook Webhook `yaml:"webhook"`
}
type AwsEnvironment ¶
type AwsNodeLabels ¶
type AwsNodeLabels struct {
Enabled bool `yaml:"enabled"`
}
type CachedEncryptor ¶
type CachedEncryptor struct {
// contains filtered or unexported fields
}
func (CachedEncryptor) EncryptedBytes ¶ added in v0.9.6
func (e CachedEncryptor) EncryptedBytes(raw []byte) ([]byte, error)
func (CachedEncryptor) EncryptedCredentialFromPath ¶
func (e CachedEncryptor) EncryptedCredentialFromPath(filePath string, defaultValue *string) (*EncryptedCredentialOnDisk, error)
type CloudWatchLogging ¶ added in v0.9.7
type CloudWatchLogging struct { Enabled bool `yaml:"enabled"` RetentionInDays int `yaml:"retentionInDays"` LocalStreaming `yaml:"localStreaming"` }
func (*CloudWatchLogging) MergeIfEmpty ¶ added in v0.9.8
func (c *CloudWatchLogging) MergeIfEmpty(other CloudWatchLogging)
type Cluster ¶
type Cluster struct { KubeClusterSettings `yaml:",inline"` DeploymentSettings `yaml:",inline"` DefaultWorkerSettings `yaml:",inline"` ControllerSettings `yaml:",inline"` EtcdSettings `yaml:",inline"` AdminAPIEndpointName string `yaml:"adminAPIEndpointName,omitempty"` RecordSetTTL int `yaml:"recordSetTTL,omitempty"` TLSCADurationDays int `yaml:"tlsCADurationDays,omitempty"` TLSCertDurationDays int `yaml:"tlsCertDurationDays,omitempty"` HostedZoneID string `yaml:"hostedZoneId,omitempty"` PluginConfigs model.PluginConfigs `yaml:"kubeAwsPlugins,omitempty"` ProvidedEncryptService EncryptService ProvidedCFInterrogator cfnstack.CFInterrogator ProvidedEC2Interrogator cfnstack.EC2Interrogator // SSHAccessAllowedSourceCIDRs is network ranges of sources you'd like SSH accesses to be allowed from, in CIDR notation SSHAccessAllowedSourceCIDRs model.CIDRRanges `yaml:"sshAccessAllowedSourceCIDRs,omitempty"` CustomSettings map[string]interface{} `yaml:"customSettings,omitempty"` KubeResourcesAutosave `yaml:"kubeResourcesAutosave,omitempty"` }
Cluster is the container of all the configurable parameters of a kube-aws cluster, customizable via cluster.yaml
func ClusterFromBytes ¶
ClusterFromBytes Necessary for unit tests, which store configs as hardcoded strings
func ClusterFromBytesWithEncryptService ¶
func ClusterFromBytesWithEncryptService(data []byte, encryptService EncryptService) (*Cluster, error)
func ClusterFromFile ¶
func NewDefaultCluster ¶
func NewDefaultCluster() *Cluster
func (Cluster) APIAccessAllowedSourceCIDRsForControllerSG ¶ added in v0.9.9
APIAccessAllowedSourceCIDRsForControllerSG returns all the CIDRs of Kubernetes API endpoints that controller nodes must allow access from
func (*Cluster) AvailabilityZones ¶
Returns the availability zones referenced by the cluster configuration
func (Cluster) ClusterAutoscalerSupportEnabled ¶ added in v0.11.0
func (*Cluster) ConsumeDeprecatedKeys ¶ added in v0.9.6
func (c *Cluster) ConsumeDeprecatedKeys()
func (*Cluster) EtcdCluster ¶
func (c *Cluster) EtcdCluster() derived.EtcdCluster
func (Cluster) EtcdIndexEnvVarName ¶
func (Cluster) EtcdNodeEnvFileName ¶
func (Cluster) ExternalDNSNames ¶ added in v0.9.6
ExternalDNSNames returns all the DNS names of Kubernetes API endpoints should be covered in the TLS cert for k8s API
func (*Cluster) NewAssetsOnDisk ¶ added in v0.9.7
func (c *Cluster) NewAssetsOnDisk(dir string, o CredentialsOptions) (*RawAssetsOnDisk, error)
func (*Cluster) NewAssetsOnMemory ¶ added in v0.9.7
func (c *Cluster) NewAssetsOnMemory(caKey *rsa.PrivateKey, caCert *x509.Certificate, kiamEnabled bool) (*RawAssetsOnMemory, error)
func (*Cluster) NewTLSCA ¶
func (c *Cluster) NewTLSCA() (*rsa.PrivateKey, *x509.Certificate, error)
func (Cluster) NodeLabels ¶ added in v0.9.7
func (c Cluster) NodeLabels() model.NodeLabels
func (*Cluster) SetDefaults ¶
func (Cluster) StackConfig ¶
func (c Cluster) StackConfig(stackName string, opts StackTemplateOptions, session *session.Session, extra ...[]*pluginmodel.Plugin) (*StackConfig, error)
func (Cluster) StackNameEnvFileName ¶ added in v0.9.10
func (Cluster) StackNameEnvVarName ¶
type CompactAssets ¶ added in v0.9.7
type CompactAssets struct { // PEM -> encrypted -> gzip -> base64 encoded TLS assets. CACert string CAKey string WorkerCACert string WorkerCAKey string APIServerCert string APIServerKey string APIServerAggregatorCert string APIServerAggregatorKey string KubeControllerManagerCert string KubeControllerManagerKey string KubeSchedulerCert string KubeSchedulerKey string WorkerCert string WorkerKey string AdminCert string AdminKey string EtcdCert string EtcdClientCert string EtcdClientKey string EtcdKey string EtcdTrustedCA string KIAMServerCert string KIAMServerKey string KIAMAgentCert string KIAMAgentKey string KIAMCACert string ServiceAccountKey string // Encrypted -> gzip -> base64 encoded assets. AuthTokens string TLSBootstrapToken string // Encrypted -> base64 encoded EncryptionConfig. EncryptionConfig string }
func ReadOrCreateCompactAssets ¶ added in v0.9.7
func ReadOrCreateUnencryptedCompactAssets ¶ added in v0.9.7
func (*CompactAssets) HasAuthTokens ¶ added in v0.9.7
func (a *CompactAssets) HasAuthTokens() bool
func (*CompactAssets) HasTLSBootstrapToken ¶ added in v0.9.7
func (a *CompactAssets) HasTLSBootstrapToken() bool
type ComputeResources ¶ added in v0.11.0
type ComputeResources struct { Requests ResourceQuota `yaml:"requests,omitempty"` Limits ResourceQuota `yaml:"limits,omitempty"` }
type ComputedDeploymentSettings ¶
type ComputedDeploymentSettings struct {
AMI string
}
Part of configuration which can't be provided via user input but is computed from user input
type Config ¶
type Config struct { Cluster AdminAPIEndpoint derived.APIEndpoint APIEndpoints derived.APIEndpoints // EtcdNodes is the golang-representation of etcd nodes, which is used to differentiate unique etcd nodes // This is used to simplify templating of the control-plane stack template. EtcdNodes []derived.EtcdNode AssetsConfig *CompactAssets KubeAwsPlugins map[string]*pluginmodel.Plugin APIServerVolumes pluginmodel.APIServerVolumes APIServerFlags pluginmodel.APIServerFlags }
Config contains configuration parameters available when rendering userdata injected into a controller or an etcd node from golang text templates
func ConfigFromBytes ¶
func (*Config) AdminAPIEndpointURL ¶ added in v0.9.6
AdminAPIEndpointURL is the url of the API endpoint which is written in kubeconfig and used to by admins
func (*Config) Etcdadm ¶ added in v0.9.6
Etcdadm returns the content of the etcdadm script to be embedded into cloud-config-etcd
func (*Config) HelmReleasePlugin ¶ added in v0.9.8
func (c *Config) HelmReleasePlugin() helmReleasePlugin
func (Config) InternetGatewayLogicalName ¶
func (Config) InternetGatewayRef ¶
func (*Config) KubernetesManifestPlugin ¶ added in v0.9.8
func (c *Config) KubernetesManifestPlugin() kubernetesManifestPlugin
func (*Config) ManagedELBLogicalNames ¶ added in v0.9.6
ManageELBLogicalNames returns all the logical names of the cfn resources corresponding to ELBs managed by kube-aws for API endpoints
func (Config) VPCLogicalName ¶
func (Config) VPCManaged ¶ added in v0.9.8
type ControllerManager ¶ added in v0.11.0
type ControllerManager struct {
ComputeResources ComputeResources `yaml:"resources,omitempty"`
}
type ControllerSettings ¶
type ControllerSettings struct {
model.Controller `yaml:"controller,omitempty"`
}
Part of configuration which is specific to controller nodes
func (ControllerSettings) ControllerRollingUpdateMinInstancesInService ¶
func (c ControllerSettings) ControllerRollingUpdateMinInstancesInService() int
func (ControllerSettings) MaxControllerCount ¶
func (c ControllerSettings) MaxControllerCount() int
func (ControllerSettings) MinControllerCount ¶
func (c ControllerSettings) MinControllerCount() int
func (ControllerSettings) Validate ¶ added in v0.9.8
func (c ControllerSettings) Validate() error
type CredentialsOptions ¶
type DefaultWorkerSettings ¶
type DefaultWorkerSettings struct { WorkerCreateTimeout string `yaml:"workerCreateTimeout,omitempty"` WorkerInstanceType string `yaml:"workerInstanceType,omitempty"` WorkerRootVolumeType string `yaml:"workerRootVolumeType,omitempty"` WorkerRootVolumeIOPS int `yaml:"workerRootVolumeIOPS,omitempty"` WorkerRootVolumeSize int `yaml:"workerRootVolumeSize,omitempty"` WorkerSpotPrice string `yaml:"workerSpotPrice,omitempty"` WorkerSecurityGroupIds []string `yaml:"workerSecurityGroupIds,omitempty"` WorkerTenancy string `yaml:"workerTenancy,omitempty"` WorkerTopologyPrivate bool `yaml:"workerTopologyPrivate,omitempty"` }
Part of configuration which is specific to worker nodes
func (DefaultWorkerSettings) Validate ¶ added in v0.9.8
func (c DefaultWorkerSettings) Validate() error
type DenyEscalatingExec ¶ added in v0.9.8
type DenyEscalatingExec struct {
Enabled bool `yaml:"enabled"`
}
type DeploymentSettings ¶
type DeploymentSettings struct { ComputedDeploymentSettings CloudFormation model.CloudFormation `yaml:"cloudformation,omitempty"` ClusterName string `yaml:"clusterName,omitempty"` S3URI string `yaml:"s3URI,omitempty"` DisableContainerLinuxAutomaticUpdates string `yaml:"disableContainerLinuxAutomaticUpdates,omitempty"` KeyName string `yaml:"keyName,omitempty"` Region model.Region `yaml:",inline"` AvailabilityZone string `yaml:"availabilityZone,omitempty"` ReleaseChannel string `yaml:"releaseChannel,omitempty"` AmiId string `yaml:"amiId,omitempty"` DeprecatedVPCID string `yaml:"vpcId,omitempty"` VPC model.VPC `yaml:"vpc,omitempty"` DeprecatedInternetGatewayID string `yaml:"internetGatewayId,omitempty"` InternetGateway model.InternetGateway `yaml:"internetGateway,omitempty"` // Required for validations like e.g. if instance cidr is contained in vpc cidr VPCCIDR string `yaml:"vpcCIDR,omitempty"` InstanceCIDR string `yaml:"instanceCIDR,omitempty"` K8sVer string `yaml:"kubernetesVersion,omitempty"` KubeAWSVersion string ContainerRuntime string `yaml:"containerRuntime,omitempty"` KMSKeyARN string `yaml:"kmsKeyArn,omitempty"` StackTags map[string]string `yaml:"stackTags,omitempty"` Subnets model.Subnets `yaml:"subnets,omitempty"` EIPAllocationIDs []string `yaml:"eipAllocationIDs,omitempty"` ElasticFileSystemID string `yaml:"elasticFileSystemId,omitempty"` SSHAuthorizedKeys []string `yaml:"sshAuthorizedKeys,omitempty"` Addons model.Addons `yaml:"addons"` Experimental Experimental `yaml:"experimental"` Kubelet Kubelet `yaml:"kubelet"` ManageCertificates bool `yaml:"manageCertificates,omitempty"` WaitSignal WaitSignal `yaml:"waitSignal"` CloudWatchLogging `yaml:"cloudWatchLogging,omitempty"` AmazonSsmAgent `yaml:"amazonSsmAgent,omitempty"` CloudFormationStreaming bool `yaml:"cloudFormationStreaming,omitempty"` KubeProxy `yaml:"kubeProxy,omitempty"` KubeDns `yaml:"kubeDns,omitempty"` KubeSystemNamespaceLabels map[string]string `yaml:"kubeSystemNamespaceLabels,omitempty"` KubernetesDashboard `yaml:"kubernetesDashboard,omitempty"` // Images repository HyperkubeImage model.Image `yaml:"hyperkubeImage,omitempty"` AWSCliImage model.Image `yaml:"awsCliImage,omitempty"` CalicoNodeImage model.Image `yaml:"calicoNodeImage,omitempty"` CalicoCniImage model.Image `yaml:"calicoCniImage,omitempty"` CalicoCtlImage model.Image `yaml:"calicoCtlImage,omitempty"` CalicoKubeControllersImage model.Image `yaml:"calicoKubeControllersImage,omitempty"` ClusterAutoscalerImage model.Image `yaml:"clusterAutoscalerImage,omitempty"` ClusterProportionalAutoscalerImage model.Image `yaml:"clusterProportionalAutoscalerImage,omitempty"` CoreDnsImage model.Image `yaml:"coreDnsImage,omitempty"` Kube2IAMImage model.Image `yaml:"kube2iamImage,omitempty"` KubeDnsImage model.Image `yaml:"kubeDnsImage,omitempty"` KubeDnsMasqImage model.Image `yaml:"kubeDnsMasqImage,omitempty"` KubeReschedulerImage model.Image `yaml:"kubeReschedulerImage,omitempty"` DnsMasqMetricsImage model.Image `yaml:"dnsMasqMetricsImage,omitempty"` ExecHealthzImage model.Image `yaml:"execHealthzImage,omitempty"` HelmImage model.Image `yaml:"helmImage,omitempty"` TillerImage model.Image `yaml:"tillerImage,omitempty"` HeapsterImage model.Image `yaml:"heapsterImage,omitempty"` MetricsServerImage model.Image `yaml:"metricsServerImage,omitempty"` AddonResizerImage model.Image `yaml:"addonResizerImage,omitempty"` KubernetesDashboardImage model.Image `yaml:"kubernetesDashboardImage,omitempty"` PauseImage model.Image `yaml:"pauseImage,omitempty"` FlannelImage model.Image `yaml:"flannelImage,omitempty"` JournaldCloudWatchLogsImage model.Image `yaml:"journaldCloudWatchLogsImage,omitempty"` Kubernetes Kubernetes `yaml:"kubernetes,omitempty"` HostOS HostOS `yaml:"hostOS,omitempty"` }
Part of configuration which can be customized for each type/group of nodes(etcd/controller/worker/) by its nature.
Please beware that it is described as just "by its nature". Whether it can actually be customized or not depends on you use node pools or not. If you've chosen to create a single cluster including all the worker, controller, etcd nodes within a single cfn stack, you can't customize per group of nodes. If you've chosen to create e.g. a separate node pool for each type of worker nodes, you can customize per node pool.
Though it is highly configurable, it's basically users' responsibility to provide `correct` values if they're going beyond the defaults.
func (DeploymentSettings) AllSubnets ¶
func (s DeploymentSettings) AllSubnets() model.Subnets
func (DeploymentSettings) ApiServerLeaseEndpointReconciler ¶ added in v0.11.0
func (c DeploymentSettings) ApiServerLeaseEndpointReconciler() (bool, error)
func (DeploymentSettings) AssetsEncryptionEnabled ¶
func (c DeploymentSettings) AssetsEncryptionEnabled() bool
func (DeploymentSettings) FindNATGatewayForPrivateSubnet ¶
func (c DeploymentSettings) FindNATGatewayForPrivateSubnet(s model.Subnet) (*model.NATGateway, error)
func (DeploymentSettings) FindSubnetMatching ¶
func (c DeploymentSettings) FindSubnetMatching(condition model.Subnet) model.Subnet
func (DeploymentSettings) NATGateways ¶
func (c DeploymentSettings) NATGateways() []model.NATGateway
func (DeploymentSettings) PrivateSubnets ¶
func (c DeploymentSettings) PrivateSubnets() model.Subnets
func (DeploymentSettings) PublicSubnets ¶
func (c DeploymentSettings) PublicSubnets() model.Subnets
func (DeploymentSettings) Validate ¶ added in v0.9.8
func (c DeploymentSettings) Validate() (*DeploymentValidationResult, error)
type DeploymentValidationResult ¶
type DeploymentValidationResult struct {
// contains filtered or unexported fields
}
type EncryptService ¶
type EncryptService interface {
Encrypt(*kms.EncryptInput) (*kms.EncryptOutput, error)
}
type EncryptedAssetsOnDisk ¶ added in v0.9.7
type EncryptedAssetsOnDisk struct { // Encrypted PEM encoded TLS assets. CACert EncryptedCredentialOnDisk CAKey EncryptedCredentialOnDisk WorkerCACert EncryptedCredentialOnDisk WorkerCAKey EncryptedCredentialOnDisk APIServerCert EncryptedCredentialOnDisk APIServerKey EncryptedCredentialOnDisk APIServerAggregatorCert EncryptedCredentialOnDisk APIServerAggregatorKey EncryptedCredentialOnDisk KubeControllerManagerCert EncryptedCredentialOnDisk KubeControllerManagerKey EncryptedCredentialOnDisk KubeSchedulerCert EncryptedCredentialOnDisk KubeSchedulerKey EncryptedCredentialOnDisk WorkerCert EncryptedCredentialOnDisk WorkerKey EncryptedCredentialOnDisk AdminCert EncryptedCredentialOnDisk AdminKey EncryptedCredentialOnDisk EtcdCert EncryptedCredentialOnDisk EtcdClientCert EncryptedCredentialOnDisk EtcdKey EncryptedCredentialOnDisk EtcdClientKey EncryptedCredentialOnDisk EtcdTrustedCA EncryptedCredentialOnDisk KIAMServerCert EncryptedCredentialOnDisk KIAMServerKey EncryptedCredentialOnDisk KIAMAgentCert EncryptedCredentialOnDisk KIAMAgentKey EncryptedCredentialOnDisk KIAMCACert EncryptedCredentialOnDisk ServiceAccountKey EncryptedCredentialOnDisk // Other encrypted assets. AuthTokens EncryptedCredentialOnDisk TLSBootstrapToken EncryptedCredentialOnDisk EncryptionConfig EncryptedCredentialOnDisk }
func ReadOrCreateEncryptedAssets ¶ added in v0.9.7
func ReadOrEncryptAssets ¶ added in v0.9.7
func ReadOrEncryptAssets(dirname string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool, encryptor CachedEncryptor) (*EncryptedAssetsOnDisk, error)
func (*EncryptedAssetsOnDisk) Compact ¶ added in v0.9.7
func (r *EncryptedAssetsOnDisk) Compact() (*CompactAssets, error)
func (*EncryptedAssetsOnDisk) WriteToDir ¶ added in v0.9.7
func (r *EncryptedAssetsOnDisk) WriteToDir(dirname string, kiamEnabled bool) error
type EncryptedCredentialOnDisk ¶
type EncryptedCredentialOnDisk struct {
// contains filtered or unexported fields
}
The fact KMS encryption produces different ciphertexts for the same plaintext had been causing unnecessary node replacements(https://github.com/kubernetes-incubator/kube-aws/issues/107) Persist encrypted assets for caching purpose so that we can avoid that.
func EncryptedCredentialCacheFromPath ¶
func EncryptedCredentialCacheFromPath(filePath string, doLoadFingerprint bool) (*EncryptedCredentialOnDisk, error)
func EncryptedCredentialCacheFromRawCredential ¶
func EncryptedCredentialCacheFromRawCredential(raw *RawCredentialOnDisk, bytesEncryptionService bytesEncryptionService) (*EncryptedCredentialOnDisk, error)
func (*EncryptedCredentialOnDisk) Fingerprint ¶
func (c *EncryptedCredentialOnDisk) Fingerprint() string
func (*EncryptedCredentialOnDisk) Persist ¶
func (c *EncryptedCredentialOnDisk) Persist() error
func (*EncryptedCredentialOnDisk) String ¶
func (c *EncryptedCredentialOnDisk) String() string
type EncryptionAtRest ¶ added in v0.11.0
type EncryptionAtRest struct {
Enabled bool `yaml:"enabled"`
}
type EphemeralImageStorage ¶
type EtcdSettings ¶
Part of configuration which is specific to etcd nodes
func (EtcdSettings) Validate ¶ added in v0.9.8
func (e EtcdSettings) Validate() error
Valid returns an error when there's any user error in the `etcd` settings
type Experimental ¶
type Experimental struct { Admission Admission `yaml:"admission"` AuditLog AuditLog `yaml:"auditLog"` Authentication Authentication `yaml:"authentication"` AwsEnvironment AwsEnvironment `yaml:"awsEnvironment"` AwsNodeLabels AwsNodeLabels `yaml:"awsNodeLabels"` // When cluster-autoscaler support is enabled, not only controller nodes but this node pool is also given // a node label and IAM permissions to run cluster-autoscaler ClusterAutoscalerSupport model.ClusterAutoscalerSupport `yaml:"clusterAutoscalerSupport"` TLSBootstrap TLSBootstrap `yaml:"tlsBootstrap"` NodeAuthorizer NodeAuthorizer `yaml:"nodeAuthorizer"` EphemeralImageStorage EphemeralImageStorage `yaml:"ephemeralImageStorage"` KIAMSupport KIAMSupport `yaml:"kiamSupport,omitempty"` Kube2IamSupport Kube2IamSupport `yaml:"kube2IamSupport,omitempty"` GpuSupport GpuSupport `yaml:"gpuSupport,omitempty"` KubeletOpts string `yaml:"kubeletOpts,omitempty"` LoadBalancer LoadBalancer `yaml:"loadBalancer"` TargetGroup TargetGroup `yaml:"targetGroup"` NodeDrainer model.NodeDrainer `yaml:"nodeDrainer"` Oidc model.Oidc `yaml:"oidc"` DisableSecurityGroupIngress bool `yaml:"disableSecurityGroupIngress"` NodeMonitorGracePeriod string `yaml:"nodeMonitorGracePeriod"` model.UnknownKeys `yaml:",inline"` }
func (Experimental) Validate ¶ added in v0.9.8
func (c Experimental) Validate(name string) error
type GpuSupport ¶ added in v0.9.10
type HostOS ¶ added in v0.11.0
type HostOS struct { BashPrompt model.BashPrompt `yaml:"bashPrompt,omitempty"` MOTDBanner model.MOTDBanner `yaml:"motdBanner,omitempty"` }
type InfrastructureValidationResult ¶
type InfrastructureValidationResult struct {
// contains filtered or unexported fields
}
type Initializers ¶ added in v0.9.9
type Initializers struct {
Enabled bool `yaml:"enabled"`
}
type KIAMServerAddresses ¶ added in v0.11.0
type KIAMSupport ¶ added in v0.9.10
type KIAMSupport struct { Enabled bool `yaml:"enabled"` Image model.Image `yaml:"image,omitempty"` SessionDuration string `yaml:"sessionDuration,omitempty"` ServerAddresses KIAMServerAddresses `yaml:"serverAddresses,omitempty"` ServerResources ComputeResources `yaml:"serverResources,omitempty"` AgentResources ComputeResources `yaml:"agentResources,omitempty"` }
type KMSConfig ¶
type KMSConfig struct { EncryptService EncryptService KMSKeyARN string }
func NewKMSConfig ¶ added in v0.11.0
func NewKMSConfig(kmsKeyARN string, encSvc EncryptService, session *session.Session) KMSConfig
type Kube2IamSupport ¶
type Kube2IamSupport struct {
Enabled bool `yaml:"enabled"`
}
type KubeClusterSettings ¶
type KubeClusterSettings struct { APIEndpointConfigs model.APIEndpoints `yaml:"apiEndpoints,omitempty"` // Required by kubelet to locate the kube-apiserver ExternalDNSName string `yaml:"externalDNSName,omitempty"` // Required by kubelet to locate the cluster-internal dns hosted on controller nodes in the base cluster DNSServiceIP string `yaml:"dnsServiceIP,omitempty"` UseCalico bool `yaml:"useCalico,omitempty"` PodCIDR string `yaml:"podCIDR,omitempty"` ServiceCIDR string `yaml:"serviceCIDR,omitempty"` }
Part of configuration which is shared between controller nodes and worker nodes. Its name is prefixed with `Kube` because it doesn't relate to etcd.
func (KubeClusterSettings) K8sNetworkPlugin ¶
func (c KubeClusterSettings) K8sNetworkPlugin() string
Required by kubelet to use the consistent network plugin with the base cluster
func (KubeClusterSettings) Validate ¶ added in v0.9.8
func (c KubeClusterSettings) Validate() (*InfrastructureValidationResult, error)
type KubeDns ¶ added in v0.9.8
type KubeDns struct { Provider string `yaml:"provider"` NodeLocalResolver bool `yaml:"nodeLocalResolver"` DeployToControllers bool `yaml:"deployToControllers"` Autoscaler KubeDnsAutoscaler `yaml:"autoscaler"` }
func (*KubeDns) MergeIfEmpty ¶ added in v0.9.8
type KubeDnsAutoscaler ¶ added in v0.9.10
type KubeResourcesAutosave ¶ added in v0.9.6
type Kubelet ¶ added in v0.9.10
type Kubelet struct { RotateCerts RotateCerts `yaml:"rotateCerts"` SystemReservedResources string `yaml:"systemReserved"` KubeReservedResources string `yaml:"kubeReserved"` }
Kubelet options
type Kubernetes ¶ added in v0.9.10
type Kubernetes struct { EncryptionAtRest EncryptionAtRest `yaml:"encryptionAtRest"` Networking Networking `yaml:"networking,omitempty"` ControllerManager ControllerManager `yaml:"controllerManager,omitempty"` }
type KubernetesDashboard ¶ added in v0.9.9
type KubernetesDashboard struct { AdminPrivileges bool `yaml:"adminPrivileges"` InsecureLogin bool `yaml:"insecureLogin"` Enabled bool `yaml:"enabled"` ComputeResources ComputeResources `yaml:"resources,omitempty"` }
type LoadBalancer ¶
type LocalStreaming ¶ added in v0.9.8
type LocalStreaming struct { Enabled bool `yaml:"enabled"` Filter string `yaml:"filter"` // contains filtered or unexported fields }
func (*LocalStreaming) Interval ¶ added in v0.9.8
func (c *LocalStreaming) Interval() int64
type MutatingAdmissionWebhook ¶ added in v0.9.10
type MutatingAdmissionWebhook struct {
Enabled bool `yaml:"enabled"`
}
type Networking ¶ added in v0.9.10
type Networking struct {
SelfHosting SelfHosting `yaml:"selfHosting"`
}
type NodeAuthorizer ¶ added in v0.9.8
type NodeAuthorizer struct {
Enabled bool `yaml:"enabled"`
}
type OwnerReferencesPermissionEnforcement ¶ added in v0.9.10
type OwnerReferencesPermissionEnforcement struct {
Enabled bool `yaml:"enabled"`
}
type PersistentVolumeClaimResize ¶ added in v0.9.10
type PersistentVolumeClaimResize struct {
Enabled bool `yaml:"enabled"`
}
type PodSecurityPolicy ¶
type PodSecurityPolicy struct {
Enabled bool `yaml:"enabled"`
}
type RawAssetsOnDisk ¶ added in v0.9.7
type RawAssetsOnDisk struct { // PEM encoded TLS assets. CACert RawCredentialOnDisk CAKey RawCredentialOnDisk WorkerCACert RawCredentialOnDisk WorkerCAKey RawCredentialOnDisk APIServerCert RawCredentialOnDisk APIServerKey RawCredentialOnDisk APIServerAggregatorCert RawCredentialOnDisk APIServerAggregatorKey RawCredentialOnDisk KubeControllerManagerCert RawCredentialOnDisk KubeControllerManagerKey RawCredentialOnDisk KubeSchedulerCert RawCredentialOnDisk KubeSchedulerKey RawCredentialOnDisk WorkerCert RawCredentialOnDisk WorkerKey RawCredentialOnDisk AdminCert RawCredentialOnDisk AdminKey RawCredentialOnDisk EtcdCert RawCredentialOnDisk EtcdClientCert RawCredentialOnDisk EtcdKey RawCredentialOnDisk EtcdClientKey RawCredentialOnDisk EtcdTrustedCA RawCredentialOnDisk KIAMServerCert RawCredentialOnDisk KIAMServerKey RawCredentialOnDisk KIAMAgentCert RawCredentialOnDisk KIAMAgentKey RawCredentialOnDisk KIAMCACert RawCredentialOnDisk ServiceAccountKey RawCredentialOnDisk // Other assets. AuthTokens RawCredentialOnDisk TLSBootstrapToken RawCredentialOnDisk EncryptionConfig RawCredentialOnDisk }
func ReadRawAssets ¶ added in v0.9.7
func (*RawAssetsOnDisk) Compact ¶ added in v0.9.7
func (r *RawAssetsOnDisk) Compact() (*CompactAssets, error)
type RawAssetsOnMemory ¶ added in v0.9.7
type RawAssetsOnMemory struct { // PEM encoded TLS assets. CACert []byte CAKey []byte WorkerCACert []byte WorkerCAKey []byte APIServerCert []byte APIServerKey []byte APIServerAggregatorCert []byte APIServerAggregatorKey []byte KubeControllerManagerCert []byte KubeControllerManagerKey []byte KubeSchedulerCert []byte KubeSchedulerKey []byte WorkerCert []byte WorkerKey []byte AdminCert []byte AdminKey []byte EtcdCert []byte EtcdClientCert []byte EtcdKey []byte EtcdClientKey []byte EtcdTrustedCA []byte KIAMServerCert []byte KIAMServerKey []byte KIAMAgentCert []byte KIAMAgentKey []byte KIAMCACert []byte ServiceAccountKey []byte // Other assets. AuthTokens []byte TLSBootstrapToken []byte EncryptionConfig []byte }
func (*RawAssetsOnMemory) WriteToDir ¶ added in v0.9.7
func (r *RawAssetsOnMemory) WriteToDir(dirname string, includeCAKey bool, kiamEnabled bool) error
type RawCredentialOnDisk ¶
type RawCredentialOnDisk struct {
// contains filtered or unexported fields
}
func RawCredentialFileFromPath ¶
func RawCredentialFileFromPath(filePath string, defaultValue *string) (*RawCredentialOnDisk, error)
func (*RawCredentialOnDisk) Fingerprint ¶
func (c *RawCredentialOnDisk) Fingerprint() string
func (*RawCredentialOnDisk) Persist ¶
func (c *RawCredentialOnDisk) Persist() error
func (*RawCredentialOnDisk) String ¶
func (c *RawCredentialOnDisk) String() string
type ResourceQuota ¶ added in v0.11.0
type RotateCerts ¶ added in v0.9.10
type RotateCerts struct {
Enabled bool `yaml:"enabled"`
}
type SelfHosting ¶ added in v0.9.10
type SelfHosting struct { Enabled bool `yaml:"enabled"` Type string `yaml:"type"` Typha bool `yaml:"typha"` CalicoNodeImage model.Image `yaml:"calicoNodeImage"` CalicoCniImage model.Image `yaml:"calicoCniImage"` FlannelImage model.Image `yaml:"flannelImage"` FlannelCniImage model.Image `yaml:"flannelCniImage"` TyphaImage model.Image `yaml:"typhaImage"` }
type StackConfig ¶
type StackConfig struct { *Config StackName string StackTemplateOptions UserDataController model.UserData UserDataEtcd model.UserData ControllerSubnetIndex int ExtraCfnResources map[string]interface{} }
StackConfig contains configuration parameters available when rendering CFN stack template from golang text templates
func (*StackConfig) ClusterExportedStacksS3URI ¶ added in v0.9.6
func (c *StackConfig) ClusterExportedStacksS3URI() string
func (*StackConfig) ClusterS3URI ¶ added in v0.9.6
func (c *StackConfig) ClusterS3URI() string
func (StackConfig) EtcdSnapshotsS3Bucket ¶ added in v0.9.6
func (c StackConfig) EtcdSnapshotsS3Bucket() (string, error)
func (StackConfig) EtcdSnapshotsS3PathRef ¶ added in v0.9.6
func (c StackConfig) EtcdSnapshotsS3PathRef() (string, error)
EtcdSnapshotsS3Path is a pair of a S3 bucket and a key of an S3 object containing an etcd cluster snapshot
func (StackConfig) EtcdSnapshotsS3PrefixRef ¶ added in v0.9.6
func (c StackConfig) EtcdSnapshotsS3PrefixRef() (string, error)
func (*StackConfig) RenderStackTemplateAsBytes ¶ added in v0.9.7
func (c *StackConfig) RenderStackTemplateAsBytes() ([]byte, error)
func (*StackConfig) RenderStackTemplateAsString ¶ added in v0.9.7
func (c *StackConfig) RenderStackTemplateAsString() (string, error)
type StackTemplateOptions ¶
type TLSBootstrap ¶ added in v0.9.6
type TLSBootstrap struct {
Enabled bool `yaml:"enabled"`
}
type TargetGroup ¶
type ValidatingAdmissionWebhook ¶ added in v0.9.10
type ValidatingAdmissionWebhook struct {
Enabled bool `yaml:"enabled"`
}
type WaitSignal ¶
type WaitSignal struct { // WaitSignal is enabled by default. If you'd like to explicitly disable it, set this to `false`. // Keeping this `nil` results in the WaitSignal to be enabled. EnabledOverride *bool `yaml:"enabled"` MaxBatchSizeOverride *int `yaml:"maxBatchSize"` }
func (WaitSignal) Enabled ¶
func (s WaitSignal) Enabled() bool
func (WaitSignal) MaxBatchSize ¶
func (s WaitSignal) MaxBatchSize() int