Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CloudConfig ¶
type CloudConfig struct {
Global struct {
// TODO: Is there any use for this? We can get it from the instance metadata service
// Maybe if we're not running on AWS, e.g. bootstrap; for now it is not very useful
Zone string
Region string
// The AWS VPC flag enables the possibility to run the master components
// on a different aws account, on a different cloud provider or on-premises.
// If the flag is set also the KubernetesClusterTag must be provided
VPC string
// SubnetID enables using a specific subnet to use for ELB's
SubnetID string
// RouteTableID enables using a specific RouteTable
RouteTableID string
// RoleARN is the IAM role to assume when interaction with AWS APIs.
RoleARN string
// SourceARN is value which is passed while assuming role specified by RoleARN. When a service
// assumes a role in your account, you can include the aws:SourceAccount and aws:SourceArn global
// condition context keys in your role trust policy to limit access to the role to only requests that are generated
// by expected resources. https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
SourceARN string
// KubernetesClusterTag is the legacy cluster id we'll use to identify our cluster resources
KubernetesClusterTag string
// KubernetesClusterID is the cluster id we'll use to identify our cluster resources
KubernetesClusterID string
//The aws provider creates an inbound rule per load balancer on the node security
//group. However, this can run into the AWS security group rule limit of 50 if
//many LoadBalancers are created.
//
//This flag disables the automatic ingress creation. It requires that the user
//has setup a rule that allows inbound traffic on kubelet ports from the
//local VPC subnet (so load balancers can access it). E.g. 10.82.0.0/16 30000-32000.
DisableSecurityGroupIngress bool
//AWS has a hard limit of 500 security groups. For large clusters creating a security group for each ELB
//can cause the max number of security groups to be reached. If this is set instead of creating a new
//Security group for each ELB this security group will be used instead.
ElbSecurityGroup string
// NodeIPFamilies determines which IP addresses are added to node objects and their ordering.
NodeIPFamilies []string
}
// [ServiceOverride "1"]
// Service = s3
// Region = region1
// URL = https://s3.foo.bar
// SigningRegion = signing_region
// SigningMethod = signing_method
//
// [ServiceOverride "2"]
// Service = ec2
// Region = region2
// URL = https://ec2.foo.bar
// SigningRegion = signing_region
// SigningMethod = signing_method
ServiceOverride map[string]*struct {
Service string
Region string
URL string
SigningRegion string
SigningMethod string
SigningName string
}
}
CloudConfig wraps the settings for the AWS cloud provider. NOTE: Cloud config files should follow the same Kubernetes deprecation policy as flags or CLIs. Config fields should not change behavior in incompatible ways and should be deprecated for at least 2 release prior to removing. See https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecating-a-flag-or-cli for more details.
func (*CloudConfig) GetRegion ¶
func (cfg *CloudConfig) GetRegion(metadata EC2Metadata) (string, error)
GetRegion returns the AWS region from the config, if set, or gets it from the metadata service if unset and sets in config
func (*CloudConfig) GetResolver ¶
func (cfg *CloudConfig) GetResolver() endpoints.ResolverFunc
GetResolver computes the correct resolver to use
func (*CloudConfig) ValidateOverrides ¶
func (cfg *CloudConfig) ValidateOverrides() error
ValidateOverrides ensures overrides are correct
type EC2Metadata ¶
type EC2Metadata interface {
// Query the EC2 metadata service (used to discover instance-id etc)
GetMetadata(path string) (string, error)
Region() (string, error)
}
EC2Metadata is an abstraction over the AWS metadata service.
type SDKProvider ¶
SDKProvider can be used by variants to add their own handlers
Source Files
Click to show internal directories.
Click to hide internal directories.