aws

package
v2.20.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 20, 2022 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package aws contains the Amazon Web Services (AWS) cloud provider implementation.

This provider is responsible for managing a variety of resources in the AWS cloud, some of which can pre-exist, some are always created explicitly for a given usercluster. These resources are:

  • EC2: VPC A VPC must already exist. If the user doesn't specify a VPC, the provider chooses the default VPC for the given AWS account. If during reconciliation the VPC is not found, an error is raised and no further reconciliation can happen.
  • EC2: Route Table (RT) A usercluster can use its own RT, but if none is given by the user, the default RT for the VPC will be used (shared among many userclusters). KKP never creates or deletes route tables, it only tags them with the cluster tag.
  • EC2: Security Group (SG) This one can be specified by the user, but is otherwise created automatically. Every usercluster lives in its own SG and the SG is always tagged with the cluster tag.
  • IAM: Control plane role This one can be specified by the user, but is otherwise created automatically. Every usercluster has its own control plan role. If the specified role does not exist, it is created.
  • IAM: Worker role & instance profile This one can be specified by the user, but is otherwise created automatically. Every usercluster has its own worker role/profile. If the specified profile does not exist, it is created.

During cluster deletion, KKP will try to clean up and remove unneeded resources again. However, if the user specified a given field (e.g. a SG ID), KKP does not remove the resource, assuming it is shared by either other userclusters or other things. To keep track of ownership, an owner tag is placed on all resources that KKP creates. The cluster tag for the AWS CCM is also removed, regardless whether the resource was created by KKP or not.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetCredentialsForCluster

func GetCredentialsForCluster(cloud kubermaticv1.CloudSpec, secretKeySelector provider.SecretKeySelectorValueFunc) (accessKeyID, secretAccessKey, assumeRoleARN, assumeRoleExternalID string, err error)

GetCredentialsForCluster returns the credentials for the passed in cloud spec or an error.

func GetSecurityGroups added in v2.16.3

func GetSecurityGroups(accessKeyID, secretAccessKey, assumeRoleARN, assumeRoleExternalID, region, vpc string) ([]*ec2.SecurityGroup, error)

GetSecurityGroups returns the list of AWS Security Group.

func GetSubnets

func GetSubnets(accessKeyID, secretAccessKey, assumeRoleARN, assumeRoleExternalID, region, vpcID string) ([]*ec2.Subnet, error)

GetSubnets returns the list of subnets for a selected AWS VPC.

func GetVPCS

func GetVPCS(accessKeyID, secretAccessKey, assumeRoleARN, assumeRoleExternalID, region string) ([]*ec2.Vpc, error)

GetVPCS returns the list of AWS VPCs.

func ValidateCredentials added in v2.20.0

func ValidateCredentials(accessKeyID, secretAccessKey string) error

Types

type AmazonEC2

type AmazonEC2 struct {
	// contains filtered or unexported fields
}

func NewCloudProvider

func NewCloudProvider(dc *kubermaticv1.Datacenter, secretKeyGetter provider.SecretKeySelectorValueFunc) (*AmazonEC2, error)

NewCloudProvider returns a new AmazonEC2 provider.

func (*AmazonEC2) CleanUpCloudProvider

func (a *AmazonEC2) CleanUpCloudProvider(cluster *kubermaticv1.Cluster, updater provider.ClusterUpdater) (*kubermaticv1.Cluster, error)

func (*AmazonEC2) DefaultCloudSpec

func (a *AmazonEC2) DefaultCloudSpec(spec *kubermaticv1.CloudSpec) error

func (*AmazonEC2) InitializeCloudProvider

func (a *AmazonEC2) InitializeCloudProvider(cluster *kubermaticv1.Cluster, update provider.ClusterUpdater) (*kubermaticv1.Cluster, error)

func (*AmazonEC2) ReconcileCluster added in v2.19.0

func (a *AmazonEC2) ReconcileCluster(cluster *kubermaticv1.Cluster, update provider.ClusterUpdater) (*kubermaticv1.Cluster, error)

func (*AmazonEC2) ValidateCloudSpec

func (a *AmazonEC2) ValidateCloudSpec(spec kubermaticv1.CloudSpec) error

ValidateCloudSpec validates the fields that the user can override while creating a cluster. We only check those that must pre-exist in the AWS account (i.e. the security group and VPC), because the others (like route table) will be created if they do not yet exist / are not explicitly specified. TL;DR: This validation does not need to be extended to cover more than VPC and SG.

func (*AmazonEC2) ValidateCloudSpecUpdate

func (a *AmazonEC2) ValidateCloudSpecUpdate(oldSpec kubermaticv1.CloudSpec, newSpec kubermaticv1.CloudSpec) error

ValidateCloudSpecUpdate verifies whether an update of cloud spec is valid and permitted.

type ClientSet

type ClientSet struct {
	EC2 ec2iface.EC2API
	EKS eksiface.EKSAPI
	IAM iamiface.IAMAPI
}

func GetClientSet

func GetClientSet(accessKeyID, secretAccessKey, assumeRoleARN, assumeRoleExternalID, region string) (*ClientSet, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL