Documentation ¶
Index ¶
- Constants
- func RandomTLSBootstrapTokenString() (string, error)
- func WithTrailingDot(s string) string
- type Admission
- type AuditLog
- type Authentication
- type AwsEnvironment
- type AwsNodeLabels
- type CachedEncryptor
- type Cluster
- func (c *Cluster) AvailabilityZones() []string
- func (c Cluster) Config() (*Config, error)
- func (c *Cluster) ConsumeDeprecatedKeys()
- func (c *Cluster) EtcdCluster() derived.EtcdCluster
- func (c Cluster) EtcdIndexEnvVarName() string
- func (c Cluster) EtcdNodeEnvFileName() string
- func (c Cluster) ExternalDNSNames() []string
- func (c *Cluster) Load() error
- func (c Cluster) NestedStackName() string
- func (c *Cluster) NewAssetsOnDisk(dir string, renderCredentialsOpts CredentialsOptions, caKey *rsa.PrivateKey, ...) (*RawAssetsOnDisk, error)
- func (c *Cluster) NewAssetsOnMemory(caKey *rsa.PrivateKey, caCert *x509.Certificate) (*RawAssetsOnMemory, error)
- func (c *Cluster) NewTLSCA() (*rsa.PrivateKey, *x509.Certificate, error)
- func (c Cluster) NodeLabels() model.NodeLabels
- func (c *Cluster) SetDefaults()
- func (c Cluster) StackConfig(opts StackTemplateOptions) (*StackConfig, error)
- func (c Cluster) StackName() string
- func (c Cluster) StackNameEnvVarName() string
- func (c *Cluster) ValidateExistingVPC(existingVPCCIDR string, existingSubnetCIDRS []string) error
- type CompactAssets
- type CompressedStackConfig
- type ComputedDeploymentSettings
- type Config
- func (c *Config) AdminAPIEndpointURL() string
- func (c *Config) Etcdadm() (string, error)
- func (c Config) InternetGatewayLogicalName() string
- func (c Config) InternetGatewayRef() string
- func (c *Config) ManagedELBLogicalNames() []string
- func (c Config) VPCLogicalName() string
- func (c Config) VPCRef() string
- type ControllerSettings
- func (c ControllerSettings) ControllerCount() int
- func (c ControllerSettings) ControllerCreateTimeout() string
- func (c ControllerSettings) ControllerInstanceType() string
- func (c ControllerSettings) ControllerRollingUpdateMinInstancesInService() int
- func (c ControllerSettings) ControllerRootVolumeIOPS() int
- func (c ControllerSettings) ControllerRootVolumeSize() int
- func (c ControllerSettings) ControllerRootVolumeType() string
- func (c ControllerSettings) ControllerTenancy() string
- func (c ControllerSettings) MaxControllerCount() int
- func (c ControllerSettings) MinControllerCount() int
- func (c ControllerSettings) Valid() error
- type CredentialsOptions
- type DefaultWorkerSettings
- type DeploymentSettings
- func (s DeploymentSettings) AllSubnets() []model.Subnet
- func (c DeploymentSettings) AssetsEncryptionEnabled() bool
- func (c DeploymentSettings) FindNATGatewayForPrivateSubnet(s model.Subnet) (*model.NATGateway, error)
- func (c DeploymentSettings) FindSubnetMatching(condition model.Subnet) model.Subnet
- func (c DeploymentSettings) NATGateways() []model.NATGateway
- func (c DeploymentSettings) PrivateSubnets() []model.Subnet
- func (c DeploymentSettings) PublicSubnets() []model.Subnet
- func (c DeploymentSettings) Valid() (*DeploymentValidationResult, error)
- type DeploymentValidationResult
- type EncryptService
- type EncryptedAssetsOnDisk
- type EncryptedCredentialOnDisk
- type EphemeralImageStorage
- type EtcdSettings
- func (e EtcdSettings) EtcdCount() int
- func (e EtcdSettings) EtcdDataVolumeEncrypted() bool
- func (e EtcdSettings) EtcdDataVolumeEphemeral() bool
- func (e EtcdSettings) EtcdDataVolumeIOPS() int
- func (e EtcdSettings) EtcdDataVolumeSize() int
- func (e EtcdSettings) EtcdDataVolumeType() string
- func (e EtcdSettings) EtcdInstanceType() string
- func (e EtcdSettings) EtcdRootVolumeIOPS() int
- func (e EtcdSettings) EtcdRootVolumeSize() int
- func (e EtcdSettings) EtcdRootVolumeType() string
- func (e EtcdSettings) EtcdTenancy() string
- func (e EtcdSettings) Valid() error
- type Experimental
- type FlannelSettings
- type InfrastructureValidationResult
- type KMSConfig
- type Kube2IamSupport
- type KubeClusterSettings
- type KubeResourcesAutosave
- type LoadBalancer
- type Plugins
- type PodSecurityPolicy
- type RawAssetsOnDisk
- type RawAssetsOnMemory
- type RawCredentialOnDisk
- type Rbac
- type StackConfig
- func (c *StackConfig) ClusterExportedStacksS3URI() string
- func (c *StackConfig) ClusterS3URI() string
- func (c *StackConfig) Compress() (*CompressedStackConfig, error)
- func (c *StackConfig) EtcdSnapshotsS3Bucket() (string, error)
- func (c *StackConfig) EtcdSnapshotsS3PathRef() (string, error)
- func (c *StackConfig) EtcdSnapshotsS3PrefixRef() (string, error)
- func (c *StackConfig) UserDataControllerFileName() string
- func (c *StackConfig) UserDataControllerS3Prefix() (string, error)
- func (c *StackConfig) UserDataControllerS3URI() (string, error)
- func (c *StackConfig) UserDataEtcdFileName() string
- func (c *StackConfig) UserDataEtcdS3Prefix() (string, error)
- func (c *StackConfig) UserDataEtcdS3URI() (string, error)
- func (c *StackConfig) ValidateUserData() error
- type StackTemplateOptions
- type TLSBootstrap
- type TargetGroup
- type WaitSignal
- type Webhook
Constants ¶
const CacheFileExtension = "enc"
const FingerprintFileExtension = "fingerprint"
Variables ¶
This section is empty.
Functions ¶
func RandomTLSBootstrapTokenString ¶ added in v0.9.7
func WithTrailingDot ¶
Types ¶
type Admission ¶
type Admission struct {
PodSecurityPolicy PodSecurityPolicy `yaml:"podSecurityPolicy"`
}
type Authentication ¶
type Authentication struct {
Webhook Webhook `yaml:"webhook"`
}
type AwsEnvironment ¶
type AwsNodeLabels ¶
type AwsNodeLabels struct {
Enabled bool `yaml:"enabled"`
}
type CachedEncryptor ¶
type CachedEncryptor struct {
// contains filtered or unexported fields
}
func (CachedEncryptor) EncryptedBytes ¶ added in v0.9.6
func (e CachedEncryptor) EncryptedBytes(raw []byte) ([]byte, error)
func (CachedEncryptor) EncryptedCredentialFromPath ¶
func (e CachedEncryptor) EncryptedCredentialFromPath(filePath string, defaultValue *string) (*EncryptedCredentialOnDisk, error)
type Cluster ¶
type Cluster struct { KubeClusterSettings `yaml:",inline"` DeploymentSettings `yaml:",inline"` DefaultWorkerSettings `yaml:",inline"` ControllerSettings `yaml:",inline"` EtcdSettings `yaml:",inline"` FlannelSettings `yaml:",inline"` AdminAPIEndpointName string `yaml:"adminAPIEndpointName,omitempty"` ServiceCIDR string `yaml:"serviceCIDR,omitempty"` CreateRecordSet bool `yaml:"createRecordSet,omitempty"` RecordSetTTL int `yaml:"recordSetTTL,omitempty"` TLSCADurationDays int `yaml:"tlsCADurationDays,omitempty"` TLSCertDurationDays int `yaml:"tlsCertDurationDays,omitempty"` HostedZoneID string `yaml:"hostedZoneId,omitempty"` ProvidedEncryptService EncryptService // SSHAccessAllowedSourceCIDRs is network ranges of sources you'd like SSH accesses to be allowed from, in CIDR notation SSHAccessAllowedSourceCIDRs model.CIDRRanges `yaml:"sshAccessAllowedSourceCIDRs,omitempty"` CustomSettings map[string]interface{} `yaml:"customSettings,omitempty"` KubeResourcesAutosave `yaml:"kubeResourcesAutosave,omitempty"` }
func ClusterFromBytes ¶
ClusterFromBytes Necessary for unit tests, which store configs as hardcoded strings
func ClusterFromBytesWithEncryptService ¶
func ClusterFromBytesWithEncryptService(data []byte, encryptService EncryptService) (*Cluster, error)
func ClusterFromFile ¶
func NewDefaultCluster ¶
func NewDefaultCluster() *Cluster
func (*Cluster) AvailabilityZones ¶
Returns the availability zones referenced by the cluster configuration
func (*Cluster) ConsumeDeprecatedKeys ¶ added in v0.9.6
func (c *Cluster) ConsumeDeprecatedKeys()
func (*Cluster) EtcdCluster ¶
func (c *Cluster) EtcdCluster() derived.EtcdCluster
func (Cluster) EtcdIndexEnvVarName ¶
func (Cluster) EtcdNodeEnvFileName ¶
func (Cluster) ExternalDNSNames ¶ added in v0.9.6
ExternalDNSNames returns all the DNS names of Kubernetes API endpoints should be covered in the TLS cert for k8s API
func (Cluster) NestedStackName ¶
NestedStackName returns a sanitized name of this control-plane which is usable as a valid cloudformation nested stack name
func (*Cluster) NewAssetsOnDisk ¶ added in v0.9.7
func (c *Cluster) NewAssetsOnDisk(dir string, renderCredentialsOpts CredentialsOptions, caKey *rsa.PrivateKey, caCert *x509.Certificate) (*RawAssetsOnDisk, error)
func (*Cluster) NewAssetsOnMemory ¶ added in v0.9.7
func (c *Cluster) NewAssetsOnMemory(caKey *rsa.PrivateKey, caCert *x509.Certificate) (*RawAssetsOnMemory, error)
func (*Cluster) NewTLSCA ¶
func (c *Cluster) NewTLSCA() (*rsa.PrivateKey, *x509.Certificate, error)
func (Cluster) NodeLabels ¶ added in v0.9.7
func (c Cluster) NodeLabels() model.NodeLabels
func (*Cluster) SetDefaults ¶
func (c *Cluster) SetDefaults()
func (Cluster) StackConfig ¶
func (c Cluster) StackConfig(opts StackTemplateOptions) (*StackConfig, error)
func (Cluster) StackName ¶
StackName returns the logical name of a CloudFormation stack resource in a root stack template This is not needed to be unique in an AWS account because the actual name of a nested stack is generated randomly by CloudFormation by including the logical name. This is NOT intended to be used to reference stack name from cloud-config as the target of awscli or cfn-bootstrap-tools commands e.g. `cfn-init` and `cfn-signal`
func (Cluster) StackNameEnvVarName ¶
type CompactAssets ¶ added in v0.9.7
type CompactAssets struct { // PEM -> encrypted -> gzip -> base64 encoded TLS assets. CACert string CAKey string APIServerCert string APIServerKey string WorkerCert string WorkerKey string AdminCert string AdminKey string EtcdCert string EtcdClientCert string EtcdClientKey string EtcdKey string DexCert string DexKey string // Encrypted -> gzip -> base64 encoded assets. AuthTokens string TLSBootstrapToken string }
func ReadOrCreateCompactAssets ¶ added in v0.9.7
func ReadOrCreateCompactAssets(assetsDir string, manageCertificates bool, kmsConfig KMSConfig) (*CompactAssets, error)
func ReadOrCreateUnencryptedCompactAssets ¶ added in v0.9.7
func ReadOrCreateUnencryptedCompactAssets(assetsDir string, manageCertificates bool) (*CompactAssets, error)
func (*CompactAssets) HasAuthTokens ¶ added in v0.9.7
func (a *CompactAssets) HasAuthTokens() bool
func (*CompactAssets) HasTLSBootstrapToken ¶ added in v0.9.7
func (a *CompactAssets) HasTLSBootstrapToken() bool
type CompressedStackConfig ¶
type CompressedStackConfig struct {
*StackConfig
}
func (*CompressedStackConfig) RenderStackTemplateAsBytes ¶
func (c *CompressedStackConfig) RenderStackTemplateAsBytes() ([]byte, error)
func (*CompressedStackConfig) RenderStackTemplateAsString ¶
func (c *CompressedStackConfig) RenderStackTemplateAsString() (string, error)
type ComputedDeploymentSettings ¶
type ComputedDeploymentSettings struct {
AMI string
}
Part of configuration which can't be provided via user input but is computed from user input
type Config ¶
type Config struct { Cluster AdminAPIEndpoint derived.APIEndpoint APIEndpoints derived.APIEndpoints EtcdNodes []derived.EtcdNode AssetsConfig *CompactAssets }
func ConfigFromBytes ¶
func (*Config) AdminAPIEndpointURL ¶ added in v0.9.6
AdminAPIEndpointURL is the url of the API endpoint which is written in kubeconfig and used to by admins
func (*Config) Etcdadm ¶ added in v0.9.6
Etcdadm returns the content of the etcdadm script to be embedded into cloud-config-etcd
func (Config) InternetGatewayLogicalName ¶
func (Config) InternetGatewayRef ¶
func (*Config) ManagedELBLogicalNames ¶ added in v0.9.6
ManageELBLogicalNames returns all the logical names of the cfn resources corresponding to ELBs managed by kube-aws for API endpoints
func (Config) VPCLogicalName ¶
type ControllerSettings ¶
type ControllerSettings struct { model.Controller `yaml:"controller,omitempty"` DeprecatedControllerCount *int `yaml:"controllerCount,omitempty"` DeprecatedControllerCreateTimeout *string `yaml:"controllerCreateTimeout,omitempty"` DeprecatedControllerInstanceType *string `yaml:"controllerInstanceType,omitempty"` DeprecatedControllerRootVolumeType *string `yaml:"controllerRootVolumeType,omitempty"` DeprecatedControllerRootVolumeIOPS *int `yaml:"controllerRootVolumeIOPS,omitempty"` DeprecatedControllerRootVolumeSize *int `yaml:"controllerRootVolumeSize,omitempty"` DeprecatedControllerTenancy *string `yaml:"controllerTenancy,omitempty"` }
Part of configuration which is specific to controller nodes
func (ControllerSettings) ControllerCount ¶
func (c ControllerSettings) ControllerCount() int
func (ControllerSettings) ControllerCreateTimeout ¶
func (c ControllerSettings) ControllerCreateTimeout() string
func (ControllerSettings) ControllerInstanceType ¶
func (c ControllerSettings) ControllerInstanceType() string
func (ControllerSettings) ControllerRollingUpdateMinInstancesInService ¶
func (c ControllerSettings) ControllerRollingUpdateMinInstancesInService() int
func (ControllerSettings) ControllerRootVolumeIOPS ¶
func (c ControllerSettings) ControllerRootVolumeIOPS() int
func (ControllerSettings) ControllerRootVolumeSize ¶
func (c ControllerSettings) ControllerRootVolumeSize() int
func (ControllerSettings) ControllerRootVolumeType ¶
func (c ControllerSettings) ControllerRootVolumeType() string
func (ControllerSettings) ControllerTenancy ¶
func (c ControllerSettings) ControllerTenancy() string
func (ControllerSettings) MaxControllerCount ¶
func (c ControllerSettings) MaxControllerCount() int
func (ControllerSettings) MinControllerCount ¶
func (c ControllerSettings) MinControllerCount() int
func (ControllerSettings) Valid ¶
func (c ControllerSettings) Valid() error
type CredentialsOptions ¶
type DefaultWorkerSettings ¶
type DefaultWorkerSettings struct { WorkerCount int `yaml:"workerCount,omitempty"` WorkerCreateTimeout string `yaml:"workerCreateTimeout,omitempty"` WorkerInstanceType string `yaml:"workerInstanceType,omitempty"` WorkerRootVolumeType string `yaml:"workerRootVolumeType,omitempty"` WorkerRootVolumeIOPS int `yaml:"workerRootVolumeIOPS,omitempty"` WorkerRootVolumeSize int `yaml:"workerRootVolumeSize,omitempty"` WorkerSpotPrice string `yaml:"workerSpotPrice,omitempty"` WorkerSecurityGroupIds []string `yaml:"workerSecurityGroupIds,omitempty"` WorkerTenancy string `yaml:"workerTenancy,omitempty"` WorkerTopologyPrivate bool `yaml:"workerTopologyPrivate,omitempty"` }
Part of configuration which is specific to worker nodes
func (DefaultWorkerSettings) Valid ¶
func (c DefaultWorkerSettings) Valid() error
type DeploymentSettings ¶
type DeploymentSettings struct { ComputedDeploymentSettings ClusterName string `yaml:"clusterName,omitempty"` KeyName string `yaml:"keyName,omitempty"` Region model.Region `yaml:",inline"` AvailabilityZone string `yaml:"availabilityZone,omitempty"` ReleaseChannel string `yaml:"releaseChannel,omitempty"` AmiId string `yaml:"amiId,omitempty"` VPCID string `yaml:"vpcId,omitempty"` InternetGatewayID string `yaml:"internetGatewayId,omitempty"` RouteTableID string `yaml:"routeTableId,omitempty"` // Required for validations like e.g. if instance cidr is contained in vpc cidr VPCCIDR string `yaml:"vpcCIDR,omitempty"` InstanceCIDR string `yaml:"instanceCIDR,omitempty"` K8sVer string `yaml:"kubernetesVersion,omitempty"` ContainerRuntime string `yaml:"containerRuntime,omitempty"` KMSKeyARN string `yaml:"kmsKeyArn,omitempty"` StackTags map[string]string `yaml:"stackTags,omitempty"` Subnets []model.Subnet `yaml:"subnets,omitempty"` EIPAllocationIDs []string `yaml:"eipAllocationIDs,omitempty"` MapPublicIPs bool `yaml:"mapPublicIPs,omitempty"` ElasticFileSystemID string `yaml:"elasticFileSystemId,omitempty"` SSHAuthorizedKeys []string `yaml:"sshAuthorizedKeys,omitempty"` Addons model.Addons `yaml:"addons"` Experimental Experimental `yaml:"experimental"` ManageCertificates bool `yaml:"manageCertificates,omitempty"` WaitSignal WaitSignal `yaml:"waitSignal"` // Images repository HyperkubeImage model.Image `yaml:"hyperkubeImage,omitempty"` AWSCliImage model.Image `yaml:"awsCliImage,omitempty"` CalicoNodeImage model.Image `yaml:"calicoNodeImage,omitempty"` CalicoCniImage model.Image `yaml:"calicoCniImage,omitempty"` CalicoCtlImage model.Image `yaml:"calicoCtlImage,omitempty"` CalicoPolicyControllerImage model.Image `yaml:"calicoPolicyControllerImage,omitempty"` ClusterAutoscalerImage model.Image `yaml:"clusterAutoscalerImage,omitempty"` ClusterProportionalAutoscalerImage model.Image `yaml:"clusterProportionalAutoscalerImage,omitempty"` KubeDnsImage model.Image `yaml:"kubeDnsImage,omitempty"` KubeDnsMasqImage model.Image `yaml:"kubeDnsMasqImage,omitempty"` KubeReschedulerImage model.Image `yaml:"kubeReschedulerImage,omitempty"` DnsMasqMetricsImage model.Image `yaml:"dnsMasqMetricsImage,omitempty"` ExecHealthzImage model.Image `yaml:"execHealthzImage,omitempty"` HeapsterImage model.Image `yaml:"heapsterImage,omitempty"` AddonResizerImage model.Image `yaml:"addonResizerImage,omitempty"` KubeDashboardImage model.Image `yaml:"kubeDashboardImage,omitempty"` PauseImage model.Image `yaml:"pauseImage,omitempty"` FlannelImage model.Image `yaml:"flannelImage,omitempty"` DexImage model.Image `yaml:"dexImage,omitempty"` }
Part of configuration which can be customized for each type/group of nodes(etcd/controller/worker/) by its nature.
Please beware that it is described as just "by its nature". Whether it can actually be customized or not depends on you use node pools or not. If you've chosen to create a single cluster including all the worker, controller, etcd nodes within a single cfn stack, you can't customize per group of nodes. If you've chosen to create e.g. a separate node pool for each type of worker nodes, you can customize per node pool.
Though it is highly configurable, it's basically users' responsibility to provide `correct` values if they're going beyond the defaults.
func (DeploymentSettings) AllSubnets ¶
func (s DeploymentSettings) AllSubnets() []model.Subnet
func (DeploymentSettings) AssetsEncryptionEnabled ¶
func (c DeploymentSettings) AssetsEncryptionEnabled() bool
func (DeploymentSettings) FindNATGatewayForPrivateSubnet ¶
func (c DeploymentSettings) FindNATGatewayForPrivateSubnet(s model.Subnet) (*model.NATGateway, error)
func (DeploymentSettings) FindSubnetMatching ¶
func (c DeploymentSettings) FindSubnetMatching(condition model.Subnet) model.Subnet
func (DeploymentSettings) NATGateways ¶
func (c DeploymentSettings) NATGateways() []model.NATGateway
func (DeploymentSettings) PrivateSubnets ¶
func (c DeploymentSettings) PrivateSubnets() []model.Subnet
func (DeploymentSettings) PublicSubnets ¶
func (c DeploymentSettings) PublicSubnets() []model.Subnet
func (DeploymentSettings) Valid ¶
func (c DeploymentSettings) Valid() (*DeploymentValidationResult, error)
type DeploymentValidationResult ¶
type DeploymentValidationResult struct {
// contains filtered or unexported fields
}
type EncryptService ¶
type EncryptService interface {
Encrypt(*kms.EncryptInput) (*kms.EncryptOutput, error)
}
type EncryptedAssetsOnDisk ¶ added in v0.9.7
type EncryptedAssetsOnDisk struct { // Encrypted PEM encoded TLS assets. CACert EncryptedCredentialOnDisk CAKey EncryptedCredentialOnDisk APIServerCert EncryptedCredentialOnDisk APIServerKey EncryptedCredentialOnDisk WorkerCert EncryptedCredentialOnDisk WorkerKey EncryptedCredentialOnDisk AdminCert EncryptedCredentialOnDisk AdminKey EncryptedCredentialOnDisk EtcdCert EncryptedCredentialOnDisk EtcdClientCert EncryptedCredentialOnDisk EtcdKey EncryptedCredentialOnDisk EtcdClientKey EncryptedCredentialOnDisk DexCert EncryptedCredentialOnDisk DexKey EncryptedCredentialOnDisk // Other encrypted assets. AuthTokens EncryptedCredentialOnDisk TLSBootstrapToken EncryptedCredentialOnDisk }
func ReadOrCreateEncryptedAssets ¶ added in v0.9.7
func ReadOrCreateEncryptedAssets(tlsAssetsDir string, manageCertificates bool, kmsConfig KMSConfig) (*EncryptedAssetsOnDisk, error)
func ReadOrEncryptAssets ¶ added in v0.9.7
func ReadOrEncryptAssets(dirname string, manageCertificates bool, encryptor CachedEncryptor) (*EncryptedAssetsOnDisk, error)
func (*EncryptedAssetsOnDisk) Compact ¶ added in v0.9.7
func (r *EncryptedAssetsOnDisk) Compact() (*CompactAssets, error)
func (*EncryptedAssetsOnDisk) WriteToDir ¶ added in v0.9.7
func (r *EncryptedAssetsOnDisk) WriteToDir(dirname string) error
type EncryptedCredentialOnDisk ¶
type EncryptedCredentialOnDisk struct {
// contains filtered or unexported fields
}
The fact KMS encryption produces different ciphertexts for the same plaintext had been causing unnecessary node replacements(https://github.com/kubernetes-incubator/kube-aws/issues/107) Persist encrypted assets for caching purpose so that we can avoid that.
func EncryptedCredentialCacheFromPath ¶
func EncryptedCredentialCacheFromPath(filePath string) (*EncryptedCredentialOnDisk, error)
func EncryptedCredentialCacheFromRawCredential ¶
func EncryptedCredentialCacheFromRawCredential(raw *RawCredentialOnDisk, bytesEncryptionService bytesEncryptionService) (*EncryptedCredentialOnDisk, error)
func (*EncryptedCredentialOnDisk) Fingerprint ¶
func (c *EncryptedCredentialOnDisk) Fingerprint() string
func (*EncryptedCredentialOnDisk) Persist ¶
func (c *EncryptedCredentialOnDisk) Persist() error
func (*EncryptedCredentialOnDisk) String ¶
func (c *EncryptedCredentialOnDisk) String() string
type EphemeralImageStorage ¶
type EtcdSettings ¶
type EtcdSettings struct { model.Etcd `yaml:"etcd,omitempty"` DeprecatedEtcdCount *int `yaml:"etcdCount"` DeprecatedEtcdInstanceType *string `yaml:"etcdInstanceType,omitempty"` DeprecatedEtcdRootVolumeSize *int `yaml:"etcdRootVolumeSize,omitempty"` DeprecatedEtcdRootVolumeType *string `yaml:"etcdRootVolumeType,omitempty"` DeprecatedEtcdRootVolumeIOPS *int `yaml:"etcdRootVolumeIOPS,omitempty"` DeprecatedEtcdDataVolumeSize *int `yaml:"etcdDataVolumeSize,omitempty"` DeprecatedEtcdDataVolumeType *string `yaml:"etcdDataVolumeType,omitempty"` DeprecatedEtcdDataVolumeIOPS *int `yaml:"etcdDataVolumeIOPS,omitempty"` DeprecatedEtcdDataVolumeEphemeral *bool `yaml:"etcdDataVolumeEphemeral,omitempty"` DeprecatedEtcdDataVolumeEncrypted *bool `yaml:"etcdDataVolumeEncrypted,omitempty"` DeprecatedEtcdTenancy *string `yaml:"etcdTenancy,omitempty"` }
Part of configuration which is specific to etcd nodes
func (EtcdSettings) EtcdCount ¶
func (e EtcdSettings) EtcdCount() int
func (EtcdSettings) EtcdDataVolumeEncrypted ¶
func (e EtcdSettings) EtcdDataVolumeEncrypted() bool
func (EtcdSettings) EtcdDataVolumeEphemeral ¶
func (e EtcdSettings) EtcdDataVolumeEphemeral() bool
func (EtcdSettings) EtcdDataVolumeIOPS ¶
func (e EtcdSettings) EtcdDataVolumeIOPS() int
func (EtcdSettings) EtcdDataVolumeSize ¶
func (e EtcdSettings) EtcdDataVolumeSize() int
func (EtcdSettings) EtcdDataVolumeType ¶
func (e EtcdSettings) EtcdDataVolumeType() string
func (EtcdSettings) EtcdInstanceType ¶
func (e EtcdSettings) EtcdInstanceType() string
func (EtcdSettings) EtcdRootVolumeIOPS ¶
func (e EtcdSettings) EtcdRootVolumeIOPS() int
func (EtcdSettings) EtcdRootVolumeSize ¶
func (e EtcdSettings) EtcdRootVolumeSize() int
func (EtcdSettings) EtcdRootVolumeType ¶
func (e EtcdSettings) EtcdRootVolumeType() string
func (EtcdSettings) EtcdTenancy ¶
func (e EtcdSettings) EtcdTenancy() string
func (EtcdSettings) Valid ¶
func (e EtcdSettings) Valid() error
Valid returns an error when there's any user error in the `etcd` settings
type Experimental ¶
type Experimental struct { Admission Admission `yaml:"admission"` AuditLog AuditLog `yaml:"auditLog"` Authentication Authentication `yaml:"authentication"` AwsEnvironment AwsEnvironment `yaml:"awsEnvironment"` AwsNodeLabels AwsNodeLabels `yaml:"awsNodeLabels"` // When cluster-autoscaler support is enabled, not only controller nodes but this node pool is also given // a node label and IAM permissions to run cluster-autoscaler ClusterAutoscalerSupport model.ClusterAutoscalerSupport `yaml:"clusterAutoscalerSupport"` TLSBootstrap TLSBootstrap `yaml:"tlsBootstrap"` EphemeralImageStorage EphemeralImageStorage `yaml:"ephemeralImageStorage"` Kube2IamSupport Kube2IamSupport `yaml:"kube2IamSupport,omitempty"` LoadBalancer LoadBalancer `yaml:"loadBalancer"` TargetGroup TargetGroup `yaml:"targetGroup"` NodeDrainer model.NodeDrainer `yaml:"nodeDrainer"` NodeLabels model.NodeLabels `yaml:"nodeLabels"` Plugins Plugins `yaml:"plugins"` Dex model.Dex `yaml:"dex"` DisableSecurityGroupIngress bool `yaml:"disableSecurityGroupIngress"` NodeMonitorGracePeriod string `yaml:"nodeMonitorGracePeriod"` Taints model.Taints `yaml:"taints"` model.UnknownKeys `yaml:",inline"` }
func (Experimental) Valid ¶
func (c Experimental) Valid() error
type FlannelSettings ¶
type FlannelSettings struct {
PodCIDR string `yaml:"podCIDR,omitempty"`
}
Part of configuration which is specific to flanneld
type InfrastructureValidationResult ¶
type InfrastructureValidationResult struct {
// contains filtered or unexported fields
}
type KMSConfig ¶
type KMSConfig struct { Region model.Region EncryptService EncryptService KMSKeyARN string }
type Kube2IamSupport ¶
type Kube2IamSupport struct {
Enabled bool `yaml:"enabled"`
}
type KubeClusterSettings ¶
type KubeClusterSettings struct { APIEndpointConfigs model.APIEndpoints `yaml:"apiEndpoints,omitempty"` // Required by kubelet to locate the kube-apiserver ExternalDNSName string `yaml:"externalDNSName,omitempty"` // Required by kubelet to locate the cluster-internal dns hosted on controller nodes in the base cluster DNSServiceIP string `yaml:"dnsServiceIP,omitempty"` UseCalico bool `yaml:"useCalico,omitempty"` }
Part of configuration which is shared between controller nodes and worker nodes. Its name is prefixed with `Kube` because it doesn't relate to etcd.
func (KubeClusterSettings) K8sNetworkPlugin ¶
func (c KubeClusterSettings) K8sNetworkPlugin() string
Required by kubelet to use the consistent network plugin with the base cluster
func (KubeClusterSettings) Valid ¶
func (c KubeClusterSettings) Valid() (*InfrastructureValidationResult, error)
type KubeResourcesAutosave ¶ added in v0.9.6
type LoadBalancer ¶
type PodSecurityPolicy ¶
type PodSecurityPolicy struct {
Enabled bool `yaml:"enabled"`
}
type RawAssetsOnDisk ¶ added in v0.9.7
type RawAssetsOnDisk struct { // PEM encoded TLS assets. CACert RawCredentialOnDisk CAKey RawCredentialOnDisk APIServerCert RawCredentialOnDisk APIServerKey RawCredentialOnDisk WorkerCert RawCredentialOnDisk WorkerKey RawCredentialOnDisk AdminCert RawCredentialOnDisk AdminKey RawCredentialOnDisk EtcdCert RawCredentialOnDisk EtcdClientCert RawCredentialOnDisk EtcdKey RawCredentialOnDisk EtcdClientKey RawCredentialOnDisk DexCert RawCredentialOnDisk DexKey RawCredentialOnDisk // Other assets. AuthTokens RawCredentialOnDisk TLSBootstrapToken RawCredentialOnDisk }
func ReadRawAssets ¶ added in v0.9.7
func ReadRawAssets(dirname string, manageCertificates bool) (*RawAssetsOnDisk, error)
func (*RawAssetsOnDisk) Compact ¶ added in v0.9.7
func (r *RawAssetsOnDisk) Compact() (*CompactAssets, error)
type RawAssetsOnMemory ¶ added in v0.9.7
type RawAssetsOnMemory struct { // PEM encoded TLS assets. CACert []byte CAKey []byte APIServerCert []byte APIServerKey []byte WorkerCert []byte WorkerKey []byte AdminCert []byte AdminKey []byte EtcdCert []byte EtcdClientCert []byte EtcdKey []byte EtcdClientKey []byte DexCert []byte DexKey []byte // Other assets. AuthTokens []byte TLSBootstrapToken []byte }
func (*RawAssetsOnMemory) WriteToDir ¶ added in v0.9.7
func (r *RawAssetsOnMemory) WriteToDir(dirname string, includeCAKey bool) error
type RawCredentialOnDisk ¶
type RawCredentialOnDisk struct {
// contains filtered or unexported fields
}
func RawCredentialFileFromPath ¶
func RawCredentialFileFromPath(filePath string, defaultValue *string) (*RawCredentialOnDisk, error)
func (*RawCredentialOnDisk) Fingerprint ¶
func (c *RawCredentialOnDisk) Fingerprint() string
func (*RawCredentialOnDisk) Persist ¶
func (c *RawCredentialOnDisk) Persist() error
func (*RawCredentialOnDisk) String ¶
func (c *RawCredentialOnDisk) String() string
type StackConfig ¶
type StackConfig struct { *Config StackTemplateOptions UserDataWorker string UserDataController string UserDataEtcd string ControllerSubnetIndex int }
func (*StackConfig) ClusterExportedStacksS3URI ¶ added in v0.9.6
func (c *StackConfig) ClusterExportedStacksS3URI() string
func (*StackConfig) ClusterS3URI ¶ added in v0.9.6
func (c *StackConfig) ClusterS3URI() string
func (*StackConfig) Compress ¶
func (c *StackConfig) Compress() (*CompressedStackConfig, error)
func (*StackConfig) EtcdSnapshotsS3Bucket ¶ added in v0.9.6
func (c *StackConfig) EtcdSnapshotsS3Bucket() (string, error)
func (*StackConfig) EtcdSnapshotsS3PathRef ¶ added in v0.9.6
func (c *StackConfig) EtcdSnapshotsS3PathRef() (string, error)
EtcdSnapshotsS3Path is a pair of a S3 bucket and a key of an S3 object containing an etcd cluster snapshot
func (*StackConfig) EtcdSnapshotsS3PrefixRef ¶ added in v0.9.6
func (c *StackConfig) EtcdSnapshotsS3PrefixRef() (string, error)
func (*StackConfig) UserDataControllerFileName ¶
func (c *StackConfig) UserDataControllerFileName() string
UserDataControllerFileName is used to upload and download userdata-controller-<fingerprint> files
func (*StackConfig) UserDataControllerS3Prefix ¶
func (c *StackConfig) UserDataControllerS3Prefix() (string, error)
UserDataControllerS3Prefix is the prefix prepended to all userdata-controller-<fingerprint> files uploaded to S3 Use this to author the IAM policy to provide controller nodes least required permissions for getting the files from S3
func (*StackConfig) UserDataControllerS3URI ¶
func (c *StackConfig) UserDataControllerS3URI() (string, error)
UserDataControllerS3URI is the URI to an userdata-controller-<fingerprint> file used to provision controller nodes Use this to run download the file by running e.g. `aws cp *return value of UserDataControllerS3URI* ./`
func (*StackConfig) UserDataEtcdFileName ¶
func (c *StackConfig) UserDataEtcdFileName() string
UserDataEtcdFileName is used to upload and download userdata-etcd-<fingerprint> files
func (*StackConfig) UserDataEtcdS3Prefix ¶
func (c *StackConfig) UserDataEtcdS3Prefix() (string, error)
UserDataEtcdS3Prefix is the prefix prepended to all userdata-etcd-<fingerprint> files uploaded to S3 Use this to author the IAM policy to provide etcd nodes least required permissions for getting the files from S3
func (*StackConfig) UserDataEtcdS3URI ¶
func (c *StackConfig) UserDataEtcdS3URI() (string, error)
UserDataEtcdS3URI is the URI to an userdata-etcd-<fingerprint> file used to provision etcd nodes Use this to run download the file by running e.g. `aws cp *return value of UserDataEtcdS3URI* ./`
func (*StackConfig) ValidateUserData ¶
func (c *StackConfig) ValidateUserData() error
type StackTemplateOptions ¶
type TLSBootstrap ¶ added in v0.9.6
type TLSBootstrap struct {
Enabled bool `yaml:"enabled"`
}
type TargetGroup ¶
type WaitSignal ¶
type WaitSignal struct { // WaitSignal is enabled by default. If you'd like to explicitly disable it, set this to `false`. // Keeping this `nil` results in the WaitSignal to be enabled. EnabledOverride *bool `yaml:"enabled"` MaxBatchSizeOverride *int `yaml:"maxBatchSize"` }
func (WaitSignal) Enabled ¶
func (s WaitSignal) Enabled() bool
func (WaitSignal) MaxBatchSize ¶
func (s WaitSignal) MaxBatchSize() int