config

package
v0.9.10-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 11, 2018 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source
const CacheFileExtension = "enc"
View Source
const FingerprintFileExtension = "fingerprint"

Variables

This section is empty.

Functions

func RandomTLSBootstrapTokenString added in v0.9.7

func RandomTLSBootstrapTokenString() (string, error)

func WithTrailingDot

func WithTrailingDot(s string) string

Types

type Admission

type Admission struct {
	PodSecurityPolicy                    PodSecurityPolicy                    `yaml:"podSecurityPolicy"`
	AlwaysPullImages                     AlwaysPullImages                     `yaml:"alwaysPullImages"`
	DenyEscalatingExec                   DenyEscalatingExec                   `yaml:"denyEscalatingExec"`
	Initializers                         Initializers                         `yaml:"initializers"`
	Priority                             Priority                             `yaml:"priority"`
	MutatingAdmissionWebhook             MutatingAdmissionWebhook             `yaml:"mutatingAdmissionWebhook"`
	ValidatingAdmissionWebhook           ValidatingAdmissionWebhook           `yaml:"validatingAdmissionWebhook"`
	OwnerReferencesPermissionEnforcement OwnerReferencesPermissionEnforcement `yaml:"ownerReferencesPermissionEnforcement"`
}

type AlwaysPullImages added in v0.9.9

type AlwaysPullImages struct {
	Enabled bool `yaml:"enabled"`
}

type AmazonSsmAgent added in v0.9.8

type AmazonSsmAgent struct {
	Enabled     bool   `yaml:"enabled"`
	DownloadUrl string `yaml:"downloadUrl"`
	Sha1Sum     string `yaml:"sha1sum"`
}

type AuditLog

type AuditLog struct {
	Enabled bool   `yaml:"enabled"`
	MaxAge  int    `yaml:"maxage"`
	LogPath string `yaml:"logpath"`
}

type Authentication

type Authentication struct {
	Webhook Webhook `yaml:"webhook"`
}

type AwsEnvironment

type AwsEnvironment struct {
	Enabled     bool              `yaml:"enabled"`
	Environment map[string]string `yaml:"environment"`
}

type AwsNodeLabels

type AwsNodeLabels struct {
	Enabled bool `yaml:"enabled"`
}

type CachedEncryptor

type CachedEncryptor struct {
	// contains filtered or unexported fields
}

func (CachedEncryptor) EncryptedBytes added in v0.9.6

func (e CachedEncryptor) EncryptedBytes(raw []byte) ([]byte, error)

func (CachedEncryptor) EncryptedCredentialFromPath

func (e CachedEncryptor) EncryptedCredentialFromPath(filePath string, defaultValue *string) (*EncryptedCredentialOnDisk, error)

type CloudWatchLogging added in v0.9.7

type CloudWatchLogging struct {
	Enabled         bool `yaml:"enabled"`
	RetentionInDays int  `yaml:"retentionInDays"`
	LocalStreaming  `yaml:"localStreaming"`
}

func (*CloudWatchLogging) MergeIfEmpty added in v0.9.8

func (c *CloudWatchLogging) MergeIfEmpty(other CloudWatchLogging)

type Cluster

type Cluster struct {
	KubeClusterSettings    `yaml:",inline"`
	DeploymentSettings     `yaml:",inline"`
	DefaultWorkerSettings  `yaml:",inline"`
	ControllerSettings     `yaml:",inline"`
	EtcdSettings           `yaml:",inline"`
	FlannelSettings        `yaml:",inline"`
	AdminAPIEndpointName   string              `yaml:"adminAPIEndpointName,omitempty"`
	ServiceCIDR            string              `yaml:"serviceCIDR,omitempty"`
	RecordSetTTL           int                 `yaml:"recordSetTTL,omitempty"`
	TLSCADurationDays      int                 `yaml:"tlsCADurationDays,omitempty"`
	TLSCertDurationDays    int                 `yaml:"tlsCertDurationDays,omitempty"`
	HostedZoneID           string              `yaml:"hostedZoneId,omitempty"`
	PluginConfigs          model.PluginConfigs `yaml:"kubeAwsPlugins,omitempty"`
	ProvidedEncryptService EncryptService
	// SSHAccessAllowedSourceCIDRs is network ranges of sources you'd like SSH accesses to be allowed from, in CIDR notation
	SSHAccessAllowedSourceCIDRs model.CIDRRanges       `yaml:"sshAccessAllowedSourceCIDRs,omitempty"`
	CustomSettings              map[string]interface{} `yaml:"customSettings,omitempty"`
	KubeResourcesAutosave       `yaml:"kubeResourcesAutosave,omitempty"`
}

Cluster is the container of all the configurable parameters of a kube-aws cluster, customizable via cluster.yaml

func ClusterFromBytes

func ClusterFromBytes(data []byte) (*Cluster, error)

ClusterFromBytes Necessary for unit tests, which store configs as hardcoded strings

func ClusterFromBytesWithEncryptService

func ClusterFromBytesWithEncryptService(data []byte, encryptService EncryptService) (*Cluster, error)

func ClusterFromFile

func ClusterFromFile(filename string) (*Cluster, error)

func NewDefaultCluster

func NewDefaultCluster() *Cluster

func (Cluster) APIAccessAllowedSourceCIDRsForControllerSG added in v0.9.9

func (c Cluster) APIAccessAllowedSourceCIDRsForControllerSG() []string

APIAccessAllowedSourceCIDRsForControllerSG returns all the CIDRs of Kubernetes API endpoints that controller nodes must allow access from

func (*Cluster) AvailabilityZones

func (c *Cluster) AvailabilityZones() []string

Returns the availability zones referenced by the cluster configuration

func (Cluster) Config

func (c Cluster) Config(extra ...[]*pluginmodel.Plugin) (*Config, error)

func (*Cluster) ConsumeDeprecatedKeys added in v0.9.6

func (c *Cluster) ConsumeDeprecatedKeys()

func (*Cluster) EtcdCluster

func (c *Cluster) EtcdCluster() derived.EtcdCluster

func (Cluster) EtcdIndexEnvVarName

func (c Cluster) EtcdIndexEnvVarName() string

func (Cluster) EtcdNodeEnvFileName

func (c Cluster) EtcdNodeEnvFileName() string

func (Cluster) ExternalDNSNames added in v0.9.6

func (c Cluster) ExternalDNSNames() []string

ExternalDNSNames returns all the DNS names of Kubernetes API endpoints should be covered in the TLS cert for k8s API

func (*Cluster) Load

func (c *Cluster) Load() error

func (Cluster) NestedStackName

func (c Cluster) NestedStackName() string

NestedStackName returns a sanitized name of this control-plane which is usable as a valid cloudformation nested stack name

func (*Cluster) NewAssetsOnDisk added in v0.9.7

func (c *Cluster) NewAssetsOnDisk(dir string, o CredentialsOptions) (*RawAssetsOnDisk, error)

func (*Cluster) NewAssetsOnMemory added in v0.9.7

func (c *Cluster) NewAssetsOnMemory(caKey *rsa.PrivateKey, caCert *x509.Certificate, kiamEnabled bool) (*RawAssetsOnMemory, error)

func (*Cluster) NewTLSCA

func (c *Cluster) NewTLSCA() (*rsa.PrivateKey, *x509.Certificate, error)

func (Cluster) NodeLabels added in v0.9.7

func (c Cluster) NodeLabels() model.NodeLabels

func (*Cluster) SetDefaults

func (c *Cluster) SetDefaults() error

func (Cluster) StackConfig

func (c Cluster) StackConfig(opts StackTemplateOptions, extra ...[]*pluginmodel.Plugin) (*StackConfig, error)

func (Cluster) StackName

func (c Cluster) StackName() string

StackName returns the logical name of a CloudFormation stack resource in a root stack template This is not needed to be unique in an AWS account because the actual name of a nested stack is generated randomly by CloudFormation by including the logical name. This is NOT intended to be used to reference stack name from cloud-config as the target of awscli or cfn-bootstrap-tools commands e.g. `cfn-init` and `cfn-signal`

func (Cluster) StackNameEnvFileName added in v0.9.10

func (c Cluster) StackNameEnvFileName() string

func (Cluster) StackNameEnvVarName

func (c Cluster) StackNameEnvVarName() string

func (*Cluster) ValidateExistingVPC

func (c *Cluster) ValidateExistingVPC(existingVPCCIDR string, existingSubnetCIDRS []string) error

Validates the an existing VPC and it's existing subnets do not conflict with this cluster configuration

type CompactAssets added in v0.9.7

type CompactAssets struct {
	// PEM -> encrypted -> gzip -> base64 encoded TLS assets.
	CACert            string
	CAKey             string
	WorkerCACert      string
	WorkerCAKey       string
	APIServerCert     string
	APIServerKey      string
	WorkerCert        string
	WorkerKey         string
	AdminCert         string
	AdminKey          string
	EtcdCert          string
	EtcdClientCert    string
	EtcdClientKey     string
	EtcdKey           string
	EtcdTrustedCA     string
	KIAMServerCert    string
	KIAMServerKey     string
	KIAMAgentCert     string
	KIAMAgentKey      string
	KIAMCACert        string
	ServiceAccountKey string

	// Encrypted -> gzip -> base64 encoded assets.
	AuthTokens        string
	TLSBootstrapToken string
}

func ReadOrCreateCompactAssets added in v0.9.7

func ReadOrCreateCompactAssets(assetsDir string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool, kmsConfig KMSConfig) (*CompactAssets, error)

func ReadOrCreateUnencryptedCompactAssets added in v0.9.7

func ReadOrCreateUnencryptedCompactAssets(assetsDir string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool) (*CompactAssets, error)

func (*CompactAssets) HasAuthTokens added in v0.9.7

func (a *CompactAssets) HasAuthTokens() bool

func (*CompactAssets) HasTLSBootstrapToken added in v0.9.7

func (a *CompactAssets) HasTLSBootstrapToken() bool

type ComputedDeploymentSettings

type ComputedDeploymentSettings struct {
	AMI string
}

Part of configuration which can't be provided via user input but is computed from user input

type Config

type Config struct {
	Cluster

	AdminAPIEndpoint derived.APIEndpoint
	APIEndpoints     derived.APIEndpoints

	// EtcdNodes is the golang-representation of etcd nodes, which is used to differentiate unique etcd nodes
	// This is used to simplify templating of the control-plane stack template.
	EtcdNodes []derived.EtcdNode

	AssetsConfig *CompactAssets

	KubeAwsPlugins map[string]*pluginmodel.Plugin

	APIServerVolumes pluginmodel.APIServerVolumes
	APIServerFlags   pluginmodel.APIServerFlags
}

Config contains configuration parameters available when rendering userdata injected into a controller or an etcd node from golang text templates

func ConfigFromBytes

func ConfigFromBytes(data []byte) (*Config, error)

func (*Config) AdminAPIEndpointURL added in v0.9.6

func (c *Config) AdminAPIEndpointURL() string

AdminAPIEndpointURL is the url of the API endpoint which is written in kubeconfig and used to by admins

func (*Config) Etcdadm added in v0.9.6

func (c *Config) Etcdadm() (string, error)

Etcdadm returns the content of the etcdadm script to be embedded into cloud-config-etcd

func (*Config) HelmReleasePlugin added in v0.9.8

func (c *Config) HelmReleasePlugin() helmReleasePlugin

func (Config) InternetGatewayLogicalName

func (c Config) InternetGatewayLogicalName() string

func (Config) InternetGatewayRef

func (c Config) InternetGatewayRef() string

func (*Config) KubernetesManifestPlugin added in v0.9.8

func (c *Config) KubernetesManifestPlugin() kubernetesManifestPlugin

func (*Config) ManagedELBLogicalNames added in v0.9.6

func (c *Config) ManagedELBLogicalNames() []string

ManageELBLogicalNames returns all the logical names of the cfn resources corresponding to ELBs managed by kube-aws for API endpoints

func (Config) VPCID added in v0.9.8

func (c Config) VPCID() (string, error)

func (Config) VPCLogicalName

func (c Config) VPCLogicalName() (string, error)

func (Config) VPCManaged added in v0.9.8

func (c Config) VPCManaged() bool

func (Config) VPCRef

func (c Config) VPCRef() (string, error)

type ControllerSettings

type ControllerSettings struct {
	model.Controller `yaml:"controller,omitempty"`
}

Part of configuration which is specific to controller nodes

func (ControllerSettings) ControllerRollingUpdateMinInstancesInService

func (c ControllerSettings) ControllerRollingUpdateMinInstancesInService() int

func (ControllerSettings) MaxControllerCount

func (c ControllerSettings) MaxControllerCount() int

func (ControllerSettings) MinControllerCount

func (c ControllerSettings) MinControllerCount() int

func (ControllerSettings) Validate added in v0.9.8

func (c ControllerSettings) Validate() error

type CredentialsOptions

type CredentialsOptions struct {
	GenerateCA bool
	CaKeyPath  string
	CaCertPath string
	// KIAM is set to true when you want kube-aws to render TLS assets for uswitch/kiam
	KIAM bool
}

type DefaultWorkerSettings

type DefaultWorkerSettings struct {
	WorkerCreateTimeout    string   `yaml:"workerCreateTimeout,omitempty"`
	WorkerInstanceType     string   `yaml:"workerInstanceType,omitempty"`
	WorkerRootVolumeType   string   `yaml:"workerRootVolumeType,omitempty"`
	WorkerRootVolumeIOPS   int      `yaml:"workerRootVolumeIOPS,omitempty"`
	WorkerRootVolumeSize   int      `yaml:"workerRootVolumeSize,omitempty"`
	WorkerSpotPrice        string   `yaml:"workerSpotPrice,omitempty"`
	WorkerSecurityGroupIds []string `yaml:"workerSecurityGroupIds,omitempty"`
	WorkerTenancy          string   `yaml:"workerTenancy,omitempty"`
	WorkerTopologyPrivate  bool     `yaml:"workerTopologyPrivate,omitempty"`
}

Part of configuration which is specific to worker nodes

func (DefaultWorkerSettings) Validate added in v0.9.8

func (c DefaultWorkerSettings) Validate() error

type DenyEscalatingExec added in v0.9.8

type DenyEscalatingExec struct {
	Enabled bool `yaml:"enabled"`
}

type DeploymentSettings

type DeploymentSettings struct {
	ComputedDeploymentSettings
	CloudFormation              model.CloudFormation  `yaml:"cloudformation,omitempty"`
	ClusterName                 string                `yaml:"clusterName,omitempty"`
	S3URI                       string                `yaml:"s3URI,omitempty"`
	KeyName                     string                `yaml:"keyName,omitempty"`
	Region                      model.Region          `yaml:",inline"`
	AvailabilityZone            string                `yaml:"availabilityZone,omitempty"`
	ReleaseChannel              string                `yaml:"releaseChannel,omitempty"`
	AmiId                       string                `yaml:"amiId,omitempty"`
	DeprecatedVPCID             string                `yaml:"vpcId,omitempty"`
	VPC                         model.VPC             `yaml:"vpc,omitempty"`
	DeprecatedInternetGatewayID string                `yaml:"internetGatewayId,omitempty"`
	InternetGateway             model.InternetGateway `yaml:"internetGateway,omitempty"`
	// Required for validations like e.g. if instance cidr is contained in vpc cidr
	VPCCIDR                 string            `yaml:"vpcCIDR,omitempty"`
	InstanceCIDR            string            `yaml:"instanceCIDR,omitempty"`
	K8sVer                  string            `yaml:"kubernetesVersion,omitempty"`
	ContainerRuntime        string            `yaml:"containerRuntime,omitempty"`
	KMSKeyARN               string            `yaml:"kmsKeyArn,omitempty"`
	StackTags               map[string]string `yaml:"stackTags,omitempty"`
	Subnets                 model.Subnets     `yaml:"subnets,omitempty"`
	EIPAllocationIDs        []string          `yaml:"eipAllocationIDs,omitempty"`
	ElasticFileSystemID     string            `yaml:"elasticFileSystemId,omitempty"`
	SharedPersistentVolume  bool              `yaml:"sharedPersistentVolume,omitempty"`
	SSHAuthorizedKeys       []string          `yaml:"sshAuthorizedKeys,omitempty"`
	Addons                  model.Addons      `yaml:"addons"`
	Experimental            Experimental      `yaml:"experimental"`
	Kubelet                 Kubelet           `yaml:"kubelet"`
	ManageCertificates      bool              `yaml:"manageCertificates,omitempty"`
	WaitSignal              WaitSignal        `yaml:"waitSignal"`
	CloudWatchLogging       `yaml:"cloudWatchLogging,omitempty"`
	AmazonSsmAgent          `yaml:"amazonSsmAgent,omitempty"`
	CloudFormationStreaming bool `yaml:"cloudFormationStreaming,omitempty"`
	KubeProxy               `yaml:"kubeProxy,omitempty"`
	KubeDns                 `yaml:"kubeDns,omitempty"`
	KubernetesDashboard     `yaml:"kubernetesDashboard,omitempty"`
	// Images repository
	HyperkubeImage model.Image `yaml:"hyperkubeImage,omitempty"`
	AWSCliImage    model.Image `yaml:"awsCliImage,omitempty"`

	CalicoNodeImage model.Image `yaml:"calicoNodeImage,omitempty"`

	CalicoCniImage                     model.Image `yaml:"calicoCniImage,omitempty"`
	CalicoCtlImage                     model.Image `yaml:"calicoCtlImage,omitempty"`
	CalicoKubeControllersImage         model.Image `yaml:"calicoKubeControllersImage,omitempty"`
	ClusterAutoscalerImage             model.Image `yaml:"clusterAutoscalerImage,omitempty"`
	ClusterProportionalAutoscalerImage model.Image `yaml:"clusterProportionalAutoscalerImage,omitempty"`
	KIAMImage                          model.Image `yaml:"kiamImage,omitempty"`
	Kube2IAMImage                      model.Image `yaml:"kube2iamImage,omitempty"`
	KubeDnsImage                       model.Image `yaml:"kubeDnsImage,omitempty"`
	KubeDnsMasqImage                   model.Image `yaml:"kubeDnsMasqImage,omitempty"`
	KubeReschedulerImage               model.Image `yaml:"kubeReschedulerImage,omitempty"`
	DnsMasqMetricsImage                model.Image `yaml:"dnsMasqMetricsImage,omitempty"`
	ExecHealthzImage                   model.Image `yaml:"execHealthzImage,omitempty"`
	HelmImage                          model.Image `yaml:"helmImage,omitempty"`
	TillerImage                        model.Image `yaml:"tillerImage,omitempty"`
	HeapsterImage                      model.Image `yaml:"heapsterImage,omitempty"`
	MetricsServerImage                 model.Image `yaml:"metricsServerImage,omitempty"`
	AddonResizerImage                  model.Image `yaml:"addonResizerImage,omitempty"`
	KubernetesDashboardImage           model.Image `yaml:"kubernetesDashboardImage,omitempty"`
	PauseImage                         model.Image `yaml:"pauseImage,omitempty"`
	FlannelImage                       model.Image `yaml:"flannelImage,omitempty"`
	JournaldCloudWatchLogsImage        model.Image `yaml:"journaldCloudWatchLogsImage,omitempty"`
	Kubernetes                         Kubernetes  `yaml:"kubernetes,omitempty"`
}

Part of configuration which can be customized for each type/group of nodes(etcd/controller/worker/) by its nature.

Please beware that it is described as just "by its nature". Whether it can actually be customized or not depends on you use node pools or not. If you've chosen to create a single cluster including all the worker, controller, etcd nodes within a single cfn stack, you can't customize per group of nodes. If you've chosen to create e.g. a separate node pool for each type of worker nodes, you can customize per node pool.

Though it is highly configurable, it's basically users' responsibility to provide `correct` values if they're going beyond the defaults.

func (DeploymentSettings) AllSubnets

func (s DeploymentSettings) AllSubnets() model.Subnets

func (DeploymentSettings) AssetsEncryptionEnabled

func (c DeploymentSettings) AssetsEncryptionEnabled() bool

func (DeploymentSettings) FindNATGatewayForPrivateSubnet

func (c DeploymentSettings) FindNATGatewayForPrivateSubnet(s model.Subnet) (*model.NATGateway, error)

func (DeploymentSettings) FindSubnetMatching

func (c DeploymentSettings) FindSubnetMatching(condition model.Subnet) model.Subnet

func (DeploymentSettings) NATGateways

func (c DeploymentSettings) NATGateways() []model.NATGateway

func (DeploymentSettings) PrivateSubnets

func (c DeploymentSettings) PrivateSubnets() model.Subnets

func (DeploymentSettings) PublicSubnets

func (c DeploymentSettings) PublicSubnets() model.Subnets

func (DeploymentSettings) Validate added in v0.9.8

type DeploymentValidationResult

type DeploymentValidationResult struct {
	// contains filtered or unexported fields
}

type EncryptService

type EncryptService interface {
	Encrypt(*kms.EncryptInput) (*kms.EncryptOutput, error)
}

type EncryptedAssetsOnDisk added in v0.9.7

type EncryptedAssetsOnDisk struct {
	// Encrypted PEM encoded TLS assets.
	CACert            EncryptedCredentialOnDisk
	CAKey             EncryptedCredentialOnDisk
	WorkerCACert      EncryptedCredentialOnDisk
	WorkerCAKey       EncryptedCredentialOnDisk
	APIServerCert     EncryptedCredentialOnDisk
	APIServerKey      EncryptedCredentialOnDisk
	WorkerCert        EncryptedCredentialOnDisk
	WorkerKey         EncryptedCredentialOnDisk
	AdminCert         EncryptedCredentialOnDisk
	AdminKey          EncryptedCredentialOnDisk
	EtcdCert          EncryptedCredentialOnDisk
	EtcdClientCert    EncryptedCredentialOnDisk
	EtcdKey           EncryptedCredentialOnDisk
	EtcdClientKey     EncryptedCredentialOnDisk
	EtcdTrustedCA     EncryptedCredentialOnDisk
	KIAMServerCert    EncryptedCredentialOnDisk
	KIAMServerKey     EncryptedCredentialOnDisk
	KIAMAgentCert     EncryptedCredentialOnDisk
	KIAMAgentKey      EncryptedCredentialOnDisk
	KIAMCACert        EncryptedCredentialOnDisk
	ServiceAccountKey EncryptedCredentialOnDisk

	// Other encrypted assets.
	AuthTokens        EncryptedCredentialOnDisk
	TLSBootstrapToken EncryptedCredentialOnDisk
}

func ReadOrCreateEncryptedAssets added in v0.9.7

func ReadOrCreateEncryptedAssets(tlsAssetsDir string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool, kmsConfig KMSConfig) (*EncryptedAssetsOnDisk, error)

func ReadOrEncryptAssets added in v0.9.7

func ReadOrEncryptAssets(dirname string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool, encryptor CachedEncryptor) (*EncryptedAssetsOnDisk, error)

func (*EncryptedAssetsOnDisk) Compact added in v0.9.7

func (r *EncryptedAssetsOnDisk) Compact() (*CompactAssets, error)

func (*EncryptedAssetsOnDisk) WriteToDir added in v0.9.7

func (r *EncryptedAssetsOnDisk) WriteToDir(dirname string, kiamEnabled bool) error

type EncryptedCredentialOnDisk

type EncryptedCredentialOnDisk struct {
	// contains filtered or unexported fields
}

The fact KMS encryption produces different ciphertexts for the same plaintext had been causing unnecessary node replacements(https://github.com/kubernetes-incubator/kube-aws/issues/107) Persist encrypted assets for caching purpose so that we can avoid that.

func EncryptedCredentialCacheFromPath

func EncryptedCredentialCacheFromPath(filePath string, doLoadFingerprint bool) (*EncryptedCredentialOnDisk, error)

func EncryptedCredentialCacheFromRawCredential

func EncryptedCredentialCacheFromRawCredential(raw *RawCredentialOnDisk, bytesEncryptionService bytesEncryptionService) (*EncryptedCredentialOnDisk, error)

func (*EncryptedCredentialOnDisk) Fingerprint

func (c *EncryptedCredentialOnDisk) Fingerprint() string

func (*EncryptedCredentialOnDisk) Persist

func (c *EncryptedCredentialOnDisk) Persist() error

func (*EncryptedCredentialOnDisk) String

func (c *EncryptedCredentialOnDisk) String() string

type EphemeralImageStorage

type EphemeralImageStorage struct {
	Enabled    bool   `yaml:"enabled"`
	Disk       string `yaml:"disk"`
	Filesystem string `yaml:"filesystem"`
}

type EtcdSettings

type EtcdSettings struct {
	model.Etcd `yaml:"etcd,omitempty"`
}

Part of configuration which is specific to etcd nodes

func (EtcdSettings) Validate added in v0.9.8

func (e EtcdSettings) Validate() error

Valid returns an error when there's any user error in the `etcd` settings

type Experimental

type Experimental struct {
	Admission      Admission      `yaml:"admission"`
	AuditLog       AuditLog       `yaml:"auditLog"`
	Authentication Authentication `yaml:"authentication"`
	AwsEnvironment AwsEnvironment `yaml:"awsEnvironment"`
	AwsNodeLabels  AwsNodeLabels  `yaml:"awsNodeLabels"`
	// When cluster-autoscaler support is enabled, not only controller nodes but this node pool is also given
	// a node label and IAM permissions to run cluster-autoscaler
	ClusterAutoscalerSupport    model.ClusterAutoscalerSupport `yaml:"clusterAutoscalerSupport"`
	TLSBootstrap                TLSBootstrap                   `yaml:"tlsBootstrap"`
	NodeAuthorizer              NodeAuthorizer                 `yaml:"nodeAuthorizer"`
	EphemeralImageStorage       EphemeralImageStorage          `yaml:"ephemeralImageStorage"`
	KIAMSupport                 KIAMSupport                    `yaml:"kiamSupport,omitempty"`
	Kube2IamSupport             Kube2IamSupport                `yaml:"kube2IamSupport,omitempty"`
	GpuSupport                  GpuSupport                     `yaml:"gpuSupport,omitempty"`
	KubeletOpts                 string                         `yaml:"kubeletOpts,omitempty"`
	LoadBalancer                LoadBalancer                   `yaml:"loadBalancer"`
	TargetGroup                 TargetGroup                    `yaml:"targetGroup"`
	NodeDrainer                 model.NodeDrainer              `yaml:"nodeDrainer"`
	Oidc                        model.Oidc                     `yaml:"oidc"`
	DisableSecurityGroupIngress bool                           `yaml:"disableSecurityGroupIngress"`
	NodeMonitorGracePeriod      string                         `yaml:"nodeMonitorGracePeriod"`
	model.UnknownKeys           `yaml:",inline"`
}

func (Experimental) Validate added in v0.9.8

func (c Experimental) Validate() error

type FlannelSettings

type FlannelSettings struct {
	PodCIDR string `yaml:"podCIDR,omitempty"`
}

Part of configuration which is specific to flanneld

type GpuSupport added in v0.9.10

type GpuSupport struct {
	Enabled      bool   `yaml:"enabled"`
	Version      string `yaml:"version"`
	InstallImage string `yaml:"installImage"`
}

type IPVSMode added in v0.9.10

type IPVSMode struct {
	Enabled       bool   `yaml:"enabled"`
	Scheduler     string `yaml:"scheduler"`
	SyncPeriod    string `yaml:"syncPeriod"`
	MinSyncPeriod string `yaml:"minSyncPeriod"`
}

type InfrastructureValidationResult

type InfrastructureValidationResult struct {
	// contains filtered or unexported fields
}

type InitialConfig added in v0.9.9

type InitialConfig struct {
	AmiId            string
	AvailabilityZone string
	ClusterName      string
	ExternalDNSName  string
	HostedZoneID     string
	KMSKeyARN        string
	KeyName          string
	NoRecordSet      bool
	Region           model.Region
	S3URI            string
}

type Initializers added in v0.9.9

type Initializers struct {
	Enabled bool `yaml:"enabled"`
}

type KIAMSupport added in v0.9.10

type KIAMSupport struct {
	Enabled bool `yaml:"enabled"`
}

type KMSConfig

type KMSConfig struct {
	Region         model.Region
	EncryptService EncryptService
	KMSKeyARN      string
}

type Kube2IamSupport

type Kube2IamSupport struct {
	Enabled bool `yaml:"enabled"`
}

type KubeClusterSettings

type KubeClusterSettings struct {
	APIEndpointConfigs model.APIEndpoints `yaml:"apiEndpoints,omitempty"`
	// Required by kubelet to locate the kube-apiserver
	ExternalDNSName string `yaml:"externalDNSName,omitempty"`
	// Required by kubelet to locate the cluster-internal dns hosted on controller nodes in the base cluster
	DNSServiceIP string `yaml:"dnsServiceIP,omitempty"`
	UseCalico    bool   `yaml:"useCalico,omitempty"`
}

Part of configuration which is shared between controller nodes and worker nodes. Its name is prefixed with `Kube` because it doesn't relate to etcd.

func (KubeClusterSettings) K8sNetworkPlugin

func (c KubeClusterSettings) K8sNetworkPlugin() string

Required by kubelet to use the consistent network plugin with the base cluster

func (KubeClusterSettings) Validate added in v0.9.8

type KubeDns added in v0.9.8

type KubeDns struct {
	NodeLocalResolver   bool              `yaml:"nodeLocalResolver"`
	DeployToControllers bool              `yaml:"deployToControllers"`
	Autoscaler          KubeDnsAutoscaler `yaml:"autoscaler"`
}

func (*KubeDns) MergeIfEmpty added in v0.9.8

func (c *KubeDns) MergeIfEmpty(other KubeDns)

type KubeDnsAutoscaler added in v0.9.10

type KubeDnsAutoscaler struct {
	CoresPerReplica int `yaml:"coresPerReplica"`
	NodesPerReplica int `yaml:"nodesPerReplica"`
	Min             int `yaml:"min"`
}

type KubeProxy added in v0.9.10

type KubeProxy struct {
	IPVSMode IPVSMode `yaml:"ipvsMode"`
}

type KubeResourcesAutosave added in v0.9.6

type KubeResourcesAutosave struct {
	Enabled bool `yaml:"enabled"`
	S3Path  string
}

type Kubelet added in v0.9.10

type Kubelet struct {
	RotateCerts RotateCerts `yaml:"rotateCerts"`
}

Kubelet options

type Kubernetes added in v0.9.10

type Kubernetes struct {
	Networking Networking `yaml:"networking,omitempty"`
}

type KubernetesDashboard added in v0.9.9

type KubernetesDashboard struct {
	AdminPrivileges bool `yaml:"adminPrivileges"`
	InsecureLogin   bool `yaml:"insecureLogin"`
}

type LoadBalancer

type LoadBalancer struct {
	Enabled          bool     `yaml:"enabled"`
	Names            []string `yaml:"names"`
	SecurityGroupIds []string `yaml:"securityGroupIds"`
}

type LocalStreaming added in v0.9.8

type LocalStreaming struct {
	Enabled bool   `yaml:"enabled"`
	Filter  string `yaml:"filter"`
	// contains filtered or unexported fields
}

func (*LocalStreaming) Interval added in v0.9.8

func (c *LocalStreaming) Interval() int64

type MutatingAdmissionWebhook added in v0.9.10

type MutatingAdmissionWebhook struct {
	Enabled bool `yaml:"enabled"`
}

type Networking added in v0.9.10

type Networking struct {
	SelfHosting SelfHosting `yaml:"selfHosting"`
}

type NodeAuthorizer added in v0.9.8

type NodeAuthorizer struct {
	Enabled bool `yaml:"enabled"`
}

type OwnerReferencesPermissionEnforcement added in v0.9.10

type OwnerReferencesPermissionEnforcement struct {
	Enabled bool `yaml:"enabled"`
}

type PodSecurityPolicy

type PodSecurityPolicy struct {
	Enabled bool `yaml:"enabled"`
}

type Priority added in v0.9.10

type Priority struct {
	Enabled bool `yaml:"enabled"`
}

type RawAssetsOnDisk added in v0.9.7

type RawAssetsOnDisk struct {
	// PEM encoded TLS assets.
	CACert            RawCredentialOnDisk
	CAKey             RawCredentialOnDisk
	WorkerCACert      RawCredentialOnDisk
	WorkerCAKey       RawCredentialOnDisk
	APIServerCert     RawCredentialOnDisk
	APIServerKey      RawCredentialOnDisk
	WorkerCert        RawCredentialOnDisk
	WorkerKey         RawCredentialOnDisk
	AdminCert         RawCredentialOnDisk
	AdminKey          RawCredentialOnDisk
	EtcdCert          RawCredentialOnDisk
	EtcdClientCert    RawCredentialOnDisk
	EtcdKey           RawCredentialOnDisk
	EtcdClientKey     RawCredentialOnDisk
	EtcdTrustedCA     RawCredentialOnDisk
	KIAMServerCert    RawCredentialOnDisk
	KIAMServerKey     RawCredentialOnDisk
	KIAMAgentCert     RawCredentialOnDisk
	KIAMAgentKey      RawCredentialOnDisk
	KIAMCACert        RawCredentialOnDisk
	ServiceAccountKey RawCredentialOnDisk

	// Other assets.
	AuthTokens        RawCredentialOnDisk
	TLSBootstrapToken RawCredentialOnDisk
}

func ReadRawAssets added in v0.9.7

func ReadRawAssets(dirname string, manageCertificates bool, caKeyRequiredOnController bool, kiamEnabled bool) (*RawAssetsOnDisk, error)

func (*RawAssetsOnDisk) Compact added in v0.9.7

func (r *RawAssetsOnDisk) Compact() (*CompactAssets, error)

type RawAssetsOnMemory added in v0.9.7

type RawAssetsOnMemory struct {
	// PEM encoded TLS assets.
	CACert            []byte
	CAKey             []byte
	WorkerCACert      []byte
	WorkerCAKey       []byte
	APIServerCert     []byte
	APIServerKey      []byte
	WorkerCert        []byte
	WorkerKey         []byte
	AdminCert         []byte
	AdminKey          []byte
	EtcdCert          []byte
	EtcdClientCert    []byte
	EtcdKey           []byte
	EtcdClientKey     []byte
	EtcdTrustedCA     []byte
	KIAMServerCert    []byte
	KIAMServerKey     []byte
	KIAMAgentCert     []byte
	KIAMAgentKey      []byte
	KIAMCACert        []byte
	ServiceAccountKey []byte

	// Other assets.
	AuthTokens        []byte
	TLSBootstrapToken []byte
}

func (*RawAssetsOnMemory) WriteToDir added in v0.9.7

func (r *RawAssetsOnMemory) WriteToDir(dirname string, includeCAKey bool, kiamEnabled bool) error

type RawCredentialOnDisk

type RawCredentialOnDisk struct {
	// contains filtered or unexported fields
}

func RawCredentialFileFromPath

func RawCredentialFileFromPath(filePath string, defaultValue *string) (*RawCredentialOnDisk, error)

func (*RawCredentialOnDisk) Fingerprint

func (c *RawCredentialOnDisk) Fingerprint() string

func (*RawCredentialOnDisk) Persist

func (c *RawCredentialOnDisk) Persist() error

func (*RawCredentialOnDisk) String

func (c *RawCredentialOnDisk) String() string

type RotateCerts added in v0.9.10

type RotateCerts struct {
	Enabled bool `yaml:"enabled"`
}

type SelfHosting added in v0.9.10

type SelfHosting struct {
	Enabled         bool        `yaml:"enabled"`
	Type            string      `yaml:"type"`
	Typha           bool        `yaml:"typha"`
	CalicoNodeImage model.Image `yaml:"calicoNodeImage"`
	CalicoCniImage  model.Image `yaml:"calicoCniImage"`
	FlannelImage    model.Image `yaml:"flannelImage"`
	FlannelCniImage model.Image `yaml:"flannelCniImage"`
	TyphaImage      model.Image `yaml:"typhaImage"`
}

type StackConfig

type StackConfig struct {
	*Config
	StackTemplateOptions
	UserDataController    model.UserData
	UserDataEtcd          model.UserData
	ControllerSubnetIndex int
	ExtraCfnResources     map[string]interface{}
}

StackConfig contains configuration parameters available when rendering CFN stack template from golang text templates

func (*StackConfig) ClusterExportedStacksS3URI added in v0.9.6

func (c *StackConfig) ClusterExportedStacksS3URI() string

func (*StackConfig) ClusterS3URI added in v0.9.6

func (c *StackConfig) ClusterS3URI() string

func (StackConfig) EtcdSnapshotsS3Bucket added in v0.9.6

func (c StackConfig) EtcdSnapshotsS3Bucket() (string, error)

func (StackConfig) EtcdSnapshotsS3PathRef added in v0.9.6

func (c StackConfig) EtcdSnapshotsS3PathRef() (string, error)

EtcdSnapshotsS3Path is a pair of a S3 bucket and a key of an S3 object containing an etcd cluster snapshot

func (StackConfig) EtcdSnapshotsS3PrefixRef added in v0.9.6

func (c StackConfig) EtcdSnapshotsS3PrefixRef() (string, error)

func (*StackConfig) RenderStackTemplateAsBytes added in v0.9.7

func (c *StackConfig) RenderStackTemplateAsBytes() ([]byte, error)

func (*StackConfig) RenderStackTemplateAsString added in v0.9.7

func (c *StackConfig) RenderStackTemplateAsString() (string, error)

type StackTemplateOptions

type StackTemplateOptions struct {
	AssetsDir             string
	ControllerTmplFile    string
	EtcdTmplFile          string
	StackTemplateTmplFile string
	S3URI                 string
	PrettyPrint           bool
	SkipWait              bool
}

type TLSBootstrap added in v0.9.6

type TLSBootstrap struct {
	Enabled bool `yaml:"enabled"`
}

type TargetGroup

type TargetGroup struct {
	Enabled          bool     `yaml:"enabled"`
	Arns             []string `yaml:"arns"`
	SecurityGroupIds []string `yaml:"securityGroupIds"`
}

type ValidatingAdmissionWebhook added in v0.9.10

type ValidatingAdmissionWebhook struct {
	Enabled bool `yaml:"enabled"`
}

type WaitSignal

type WaitSignal struct {
	// WaitSignal is enabled by default. If you'd like to explicitly disable it, set this to `false`.
	// Keeping this `nil` results in the WaitSignal to be enabled.
	EnabledOverride      *bool `yaml:"enabled"`
	MaxBatchSizeOverride *int  `yaml:"maxBatchSize"`
}

func (WaitSignal) Enabled

func (s WaitSignal) Enabled() bool

func (WaitSignal) MaxBatchSize

func (s WaitSignal) MaxBatchSize() int

type Webhook

type Webhook struct {
	Enabled  bool   `yaml:"enabled"`
	CacheTTL string `yaml:"cacheTTL"`
	Config   string `yaml:"configBase64"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL