v1beta1

package
v2.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 22, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package v1beta1 contains API Schema definitions for the bootstrap v1beta1 API group +kubebuilder:object:generate=true +k8s:deepcopy-gen=package,register +k8s:defaulter-gen=TypeMeta +groupName=bootstrap.aws.infrastructure.cluster.x-k8s.io +gencrdrefdocs:force

Index

Constants

View Source
const (
	// DefaultBootstrapUserName is the default bootstrap user name.
	DefaultBootstrapUserName = "bootstrapper.cluster-api-provider-aws.sigs.k8s.io"
	// DefaultBootstrapGroupName is the default bootstrap user name.
	DefaultBootstrapGroupName = "bootstrapper.cluster-api-provider-aws.sigs.k8s.io"
	// DefaultStackName is the default CloudFormation stack name.
	DefaultStackName = "cluster-api-provider-aws-sigs-k8s-io"
	// DefaultPartitionName is the default security partition for AWS ARNs.
	DefaultPartitionName = "aws"
	// PartitionNameUSGov is the default security partition for AWS ARNs.
	PartitionNameUSGov = "aws-us-gov"
	// DefaultKMSAliasPattern is the default KMS alias.
	DefaultKMSAliasPattern = "cluster-api-provider-aws-*"
	// DefaultS3BucketPrefix is the default S3 bucket prefix.
	DefaultS3BucketPrefix = "cluster-api-provider-aws-"
)
View Source
const GroupName = "bootstrap.aws.infrastructure.cluster.x-k8s.io"

GroupName is the group name used in this package.

Variables

View Source
var (
	// SchemeGroupVersion is the fully qualified group and version.
	SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
	// SchemeBuilder is the scheme builder with scheme init functions to run for this API package.
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)

	// AddToScheme is a global function that registers this API group & version to a scheme.
	AddToScheme = localSchemeBuilder.AddToScheme
)

Functions

func RegisterDefaults

func RegisterDefaults(scheme *runtime.Scheme) error

RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

func SetDefaults_AWSIAMConfiguration

func SetDefaults_AWSIAMConfiguration(obj *AWSIAMConfiguration)

SetDefaults_AWSIAMConfiguration is used by defaulter-gen.

func SetDefaults_AWSIAMConfigurationSpec

func SetDefaults_AWSIAMConfigurationSpec(obj *AWSIAMConfigurationSpec)

SetDefaults_AWSIAMConfigurationSpec is used by defaulter-gen.

func SetDefaults_BootstrapUser

func SetDefaults_BootstrapUser(obj *BootstrapUser)

SetDefaults_BootstrapUser is used by defaulter-gen.

func SetObjectDefaults_AWSIAMConfiguration

func SetObjectDefaults_AWSIAMConfiguration(in *AWSIAMConfiguration)

Types

type AWSIAMConfiguration

type AWSIAMConfiguration struct {
	metav1.TypeMeta `json:",inline"`

	Spec AWSIAMConfigurationSpec `json:"spec,omitempty"`
}

AWSIAMConfiguration controls the creation of AWS Identity and Access Management (IAM) resources for use by Kubernetes clusters and Kubernetes Cluster API Provider AWS.

func NewAWSIAMConfiguration

func NewAWSIAMConfiguration() *AWSIAMConfiguration

NewAWSIAMConfiguration will generate a new default AWSIAMConfiguration.

func (*AWSIAMConfiguration) DeepCopy

func (in *AWSIAMConfiguration) DeepCopy() *AWSIAMConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIAMConfiguration.

func (*AWSIAMConfiguration) DeepCopyInto

func (in *AWSIAMConfiguration) DeepCopyInto(out *AWSIAMConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AWSIAMConfiguration) DeepCopyObject

func (in *AWSIAMConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AWSIAMConfiguration) GetObjectKind

func (obj *AWSIAMConfiguration) GetObjectKind() schema.ObjectKind

GetObjectKind returns the AAWSIAMConfiguration's TypeMeta.

type AWSIAMConfigurationSpec

type AWSIAMConfigurationSpec struct {
	// NamePrefix will be prepended to every AWS IAM role, user and policy created by clusterawsadm. Defaults to "".
	NamePrefix string `json:"namePrefix,omitempty"`

	// NameSuffix will be appended to every AWS IAM role, user and policy created by clusterawsadm. Defaults to
	// ".cluster-api-provider-aws.sigs.k8s.io".
	NameSuffix *string `json:"nameSuffix,omitempty"`

	// ControlPlane controls the configuration of the AWS IAM role for a Kubernetes cluster's control plane nodes.
	ControlPlane ControlPlane `json:"controlPlane,omitempty"`

	// ClusterAPIControllers controls the configuration of an IAM role and policy specifically for Kubernetes Cluster API Provider AWS.
	ClusterAPIControllers ClusterAPIControllers `json:"clusterAPIControllers,omitempty"`

	// Nodes controls the configuration of the AWS IAM role for all nodes in a Kubernetes cluster.
	Nodes Nodes `json:"nodes,omitempty"`

	// BootstrapUser contains a list of elements that is specific
	// to the configuration and enablement of an IAM user.
	BootstrapUser BootstrapUser `json:"bootstrapUser,omitempty"`

	// StackName defines the name of the AWS CloudFormation stack.
	StackName string `json:"stackName,omitempty"`

	// StackTags defines the tags of the AWS CloudFormation stack.
	// +optional
	StackTags map[string]string `json:"stackTags,omitempty"`

	// Region controls which region the control-plane is created in if not specified on the command line or
	// via environment variables.
	Region string `json:"region,omitempty"`

	// EKS controls the configuration related to EKS. Settings in here affect the control plane
	// and nodes roles
	EKS *EKSConfig `json:"eks,omitempty"`

	// EventBridge controls configuration for consuming EventBridge events
	EventBridge *EventBridgeConfig `json:"eventBridge,omitempty"`

	// Partition is the AWS security partition being used. Defaults to "aws"
	Partition string `json:"partition,omitempty"`

	// SecureSecretsBackend, when set to parameter-store will create AWS Systems Manager
	// Parameter Storage policies. By default or with the value of secrets-manager,
	// will generate AWS Secrets Manager policies instead.
	// +kubebuilder:validation:Enum=secrets-manager;ssm-parameter-store
	SecureSecretsBackends []infrav1.SecretBackend `json:"secureSecretBackends,omitempty"`

	// S3Buckets, when enabled, will add controller nodes permissions to
	// create S3 Buckets for workload clusters.
	// TODO: This field could be a pointer, but it seems it breaks setting default values?
	// +optional
	S3Buckets S3Buckets `json:"s3Buckets,omitempty"`

	// AllowAssumeRole enables the sts:AssumeRole permission within the CAPA policies
	AllowAssumeRole bool `json:"allowAssumeRole,omitempty"`
}

AWSIAMConfigurationSpec defines the specification of the AWSIAMConfiguration.

func (*AWSIAMConfigurationSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIAMConfigurationSpec.

func (*AWSIAMConfigurationSpec) DeepCopyInto

func (in *AWSIAMConfigurationSpec) DeepCopyInto(out *AWSIAMConfigurationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSIAMRoleSpec

type AWSIAMRoleSpec struct {
	// Disable if set to true will not create the AWS IAM role. Defaults to false.
	Disable bool `json:"disable"` // default: false

	// ExtraPolicyAttachments is a list of additional policies to be attached to the IAM role.
	ExtraPolicyAttachments []string `json:"extraPolicyAttachments,omitempty"`

	// ExtraStatements are additional IAM statements to be included inline for the role.
	ExtraStatements []iamv1.StatementEntry `json:"extraStatements,omitempty"`

	// TrustStatements is an IAM PolicyDocument defining what identities are allowed to assume this role.
	// See "sigs.k8s.io/cluster-api-provider-aws/v2/cmd/clusterawsadm/api/iam/v1beta1" for more documentation.
	TrustStatements []iamv1.StatementEntry `json:"trustStatements,omitempty"`

	// Tags is a map of tags to be applied to the AWS IAM role.
	Tags infrav1.Tags `json:"tags,omitempty"`
}

AWSIAMRoleSpec defines common configuration for AWS IAM roles created by Kubernetes Cluster API Provider AWS.

func (*AWSIAMRoleSpec) DeepCopy

func (in *AWSIAMRoleSpec) DeepCopy() *AWSIAMRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIAMRoleSpec.

func (*AWSIAMRoleSpec) DeepCopyInto

func (in *AWSIAMRoleSpec) DeepCopyInto(out *AWSIAMRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BootstrapUser

type BootstrapUser struct {

	// Enable controls whether or not a bootstrap AWS IAM user will be created.
	// This can be used to scope down the initial credentials used to bootstrap the
	// cluster.
	// Defaults to false.
	Enable bool `json:"enable"`

	// UserName controls the username of the bootstrap user. Defaults to
	// "bootstrapper.cluster-api-provider-aws.sigs.k8s.io"
	UserName string `json:"userName,omitempty"`

	// GroupName controls the group the user will belong to. Defaults to
	// "bootstrapper.cluster-api-provider-aws.sigs.k8s.io"
	GroupName string `json:"groupName,omitempty"`

	// ExtraPolicyAttachments is a list of additional policies to be attached to the IAM user.
	ExtraPolicyAttachments []string `json:"extraPolicyAttachments,omitempty"`

	// ExtraGroups is a list of groups to add this user to.
	ExtraGroups []string `json:"extraGroups,omitempty"`

	// ExtraStatements are additional AWS IAM policy document statements to be included inline for the user.
	ExtraStatements []iamv1.StatementEntry `json:"extraStatements,omitempty"`

	// Tags is a map of tags to be applied to the AWS IAM user.
	Tags infrav1.Tags `json:"tags,omitempty"`
}

BootstrapUser contains a list of elements that is specific to the configuration and enablement of an IAM user.

func (*BootstrapUser) DeepCopy

func (in *BootstrapUser) DeepCopy() *BootstrapUser

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapUser.

func (*BootstrapUser) DeepCopyInto

func (in *BootstrapUser) DeepCopyInto(out *BootstrapUser)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterAPIControllers

type ClusterAPIControllers struct {
	AWSIAMRoleSpec `json:",inline"`
	// AllowedEC2InstanceProfiles controls which EC2 roles are allowed to be
	// consumed by Cluster API when creating an ec2 instance. Defaults to
	// *.<suffix>, where suffix is defaulted to .cluster-api-provider-aws.sigs.k8s.io
	AllowedEC2InstanceProfiles []string `json:"allowedEC2InstanceProfiles,omitempty"`
}

ClusterAPIControllers controls the configuration of the AWS IAM role for the Kubernetes Cluster API Provider AWS controller.

func (*ClusterAPIControllers) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIControllers.

func (*ClusterAPIControllers) DeepCopyInto

func (in *ClusterAPIControllers) DeepCopyInto(out *ClusterAPIControllers)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ControlPlane

type ControlPlane struct {
	AWSIAMRoleSpec `json:",inline"`

	// DisableClusterAPIControllerPolicyAttachment, if set to true, will not attach the AWS IAM policy for Cluster
	// API Provider AWS to the control plane role. Defaults to false.
	DisableClusterAPIControllerPolicyAttachment bool `json:"disableClusterAPIControllerPolicyAttachment,omitempty"`

	// DisableCloudProviderPolicy if set to true, will not generate and attach the AWS IAM policy for the AWS Cloud Provider.
	DisableCloudProviderPolicy bool `json:"disableCloudProviderPolicy"`

	// EnableCSIPolicy if set to true, will generate and attach the AWS IAM policy for the EBS CSI Driver.
	EnableCSIPolicy bool `json:"enableCSIPolicy"`
}

ControlPlane controls the configuration of the AWS IAM role for the control plane of provisioned Kubernetes clusters.

func (*ControlPlane) DeepCopy

func (in *ControlPlane) DeepCopy() *ControlPlane

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlane.

func (*ControlPlane) DeepCopyInto

func (in *ControlPlane) DeepCopyInto(out *ControlPlane)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EKSConfig

type EKSConfig struct {
	// Disable controls whether EKS-related permissions are granted
	Disable bool `json:"disable"`
	// AllowIAMRoleCreation controls whether the EKS controllers have permissions for creating IAM
	// roles per cluster
	AllowIAMRoleCreation bool `json:"iamRoleCreation,omitempty"`
	// EnableUserEKSConsolePolicy controls the creation of the policy to view EKS nodes and workloads.
	EnableUserEKSConsolePolicy bool `json:"enableUserEKSConsolePolicy,omitempty"`
	// DefaultControlPlaneRole controls the configuration of the AWS IAM role for
	// the EKS control plane. This is the default role that will be used if
	// no role is included in the spec and automatic creation of the role
	// isn't enabled
	DefaultControlPlaneRole AWSIAMRoleSpec `json:"defaultControlPlaneRole,omitempty"`
	// ManagedMachinePool controls the configuration of the AWS IAM role for
	// used by EKS managed machine pools.
	ManagedMachinePool *AWSIAMRoleSpec `json:"managedMachinePool,omitempty"`
	// Fargate controls the configuration of the AWS IAM role for
	// used by EKS managed machine pools.
	Fargate *AWSIAMRoleSpec `json:"fargate,omitempty"`
	// KMSAliasPrefix is prefix to use to restrict permission to KMS keys to only those that have an alias
	// name that is prefixed by this.
	// Defaults to cluster-api-provider-aws-*
	KMSAliasPrefix string `json:"kmsAliasPrefix,omitempty"`
}

EKSConfig represents the EKS related configuration config.

func (*EKSConfig) DeepCopy

func (in *EKSConfig) DeepCopy() *EKSConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfig.

func (*EKSConfig) DeepCopyInto

func (in *EKSConfig) DeepCopyInto(out *EKSConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EventBridgeConfig

type EventBridgeConfig struct {
	// Enable controls whether permissions are granted to consume EC2 events
	Enable bool `json:"enable,omitempty"`
}

EventBridgeConfig represents configuration for enabling experimental feature to consume EventBridge EC2 events.

func (*EventBridgeConfig) DeepCopy

func (in *EventBridgeConfig) DeepCopy() *EventBridgeConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventBridgeConfig.

func (*EventBridgeConfig) DeepCopyInto

func (in *EventBridgeConfig) DeepCopyInto(out *EventBridgeConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Nodes

type Nodes struct {
	AWSIAMRoleSpec `json:",inline"`

	// DisableCloudProviderPolicy if set to true, will not generate and attach the policy for the AWS Cloud Provider.
	// Defaults to false.
	DisableCloudProviderPolicy bool `json:"disableCloudProviderPolicy"`

	// EC2ContainerRegistryReadOnly controls whether the node has read-only access to the
	// EC2 container registry
	EC2ContainerRegistryReadOnly bool `json:"ec2ContainerRegistryReadOnly"`
}

Nodes controls the configuration of the AWS IAM role for worker nodes in a cluster created by Kubernetes Cluster API Provider AWS.

func (*Nodes) DeepCopy

func (in *Nodes) DeepCopy() *Nodes

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Nodes.

func (*Nodes) DeepCopyInto

func (in *Nodes) DeepCopyInto(out *Nodes)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type S3Buckets

type S3Buckets struct {
	// Enable controls whether permissions are granted to manage S3 buckets.
	Enable bool `json:"enable"`

	// NamePrefix will be prepended to every AWS IAM role bucket name. Defaults to "cluster-api-provider-aws-".
	// AWSCluster S3 Bucket name must be prefixed with the same prefix.
	NamePrefix string `json:"namePrefix"`
}

S3Buckets controls the configuration of the AWS IAM role for S3 buckets which can be created for storing bootstrap data for nodes requiring it.

func (*S3Buckets) DeepCopy

func (in *S3Buckets) DeepCopy() *S3Buckets

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S3Buckets.

func (*S3Buckets) DeepCopyInto

func (in *S3Buckets) DeepCopyInto(out *S3Buckets)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL