Documentation ¶
Overview ¶
Package v1beta1 contains API Schema definitions for the bootstrap v1beta1 API group +kubebuilder:object:generate=true +k8s:deepcopy-gen=package,register +k8s:defaulter-gen=TypeMeta +groupName=bootstrap.aws.infrastructure.cluster.x-k8s.io +gencrdrefdocs:force
Index ¶
- Constants
- Variables
- func RegisterDefaults(scheme *runtime.Scheme) error
- func SetDefaults_AWSIAMConfiguration(obj *AWSIAMConfiguration)
- func SetDefaults_AWSIAMConfigurationSpec(obj *AWSIAMConfigurationSpec)
- func SetDefaults_BootstrapUser(obj *BootstrapUser)
- func SetObjectDefaults_AWSIAMConfiguration(in *AWSIAMConfiguration)
- type AWSIAMConfiguration
- type AWSIAMConfigurationSpec
- type AWSIAMRoleSpec
- type BootstrapUser
- type ClusterAPIControllers
- type ControlPlane
- type EKSConfig
- type EventBridgeConfig
- type Nodes
- type S3Buckets
Constants ¶
const ( // DefaultBootstrapUserName is the default bootstrap user name. DefaultBootstrapUserName = "bootstrapper.cluster-api-provider-aws.sigs.k8s.io" // DefaultBootstrapGroupName is the default bootstrap user name. DefaultBootstrapGroupName = "bootstrapper.cluster-api-provider-aws.sigs.k8s.io" // DefaultStackName is the default CloudFormation stack name. DefaultStackName = "cluster-api-provider-aws-sigs-k8s-io" // DefaultPartitionName is the default security partition for AWS ARNs. DefaultPartitionName = "aws" // PartitionNameUSGov is the default security partition for AWS ARNs. PartitionNameUSGov = "aws-us-gov" // DefaultKMSAliasPattern is the default KMS alias. DefaultKMSAliasPattern = "cluster-api-provider-aws-*" // DefaultS3BucketPrefix is the default S3 bucket prefix. DefaultS3BucketPrefix = "cluster-api-provider-aws-" )
const GroupName = "bootstrap.aws.infrastructure.cluster.x-k8s.io"
GroupName is the group name used in this package.
Variables ¶
var ( // SchemeGroupVersion is the fully qualified group and version. SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} // SchemeBuilder is the scheme builder with scheme init functions to run for this API package. SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme is a global function that registers this API group & version to a scheme. AddToScheme = localSchemeBuilder.AddToScheme )
Functions ¶
func RegisterDefaults ¶
RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.
func SetDefaults_AWSIAMConfiguration ¶
func SetDefaults_AWSIAMConfiguration(obj *AWSIAMConfiguration)
SetDefaults_AWSIAMConfiguration is used by defaulter-gen.
func SetDefaults_AWSIAMConfigurationSpec ¶
func SetDefaults_AWSIAMConfigurationSpec(obj *AWSIAMConfigurationSpec)
SetDefaults_AWSIAMConfigurationSpec is used by defaulter-gen.
func SetDefaults_BootstrapUser ¶
func SetDefaults_BootstrapUser(obj *BootstrapUser)
SetDefaults_BootstrapUser is used by defaulter-gen.
func SetObjectDefaults_AWSIAMConfiguration ¶
func SetObjectDefaults_AWSIAMConfiguration(in *AWSIAMConfiguration)
Types ¶
type AWSIAMConfiguration ¶
type AWSIAMConfiguration struct { metav1.TypeMeta `json:",inline"` Spec AWSIAMConfigurationSpec `json:"spec,omitempty"` }
AWSIAMConfiguration controls the creation of AWS Identity and Access Management (IAM) resources for use by Kubernetes clusters and Kubernetes Cluster API Provider AWS.
func NewAWSIAMConfiguration ¶
func NewAWSIAMConfiguration() *AWSIAMConfiguration
NewAWSIAMConfiguration will generate a new default AWSIAMConfiguration.
func (*AWSIAMConfiguration) DeepCopy ¶
func (in *AWSIAMConfiguration) DeepCopy() *AWSIAMConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIAMConfiguration.
func (*AWSIAMConfiguration) DeepCopyInto ¶
func (in *AWSIAMConfiguration) DeepCopyInto(out *AWSIAMConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AWSIAMConfiguration) DeepCopyObject ¶
func (in *AWSIAMConfiguration) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AWSIAMConfiguration) GetObjectKind ¶
func (obj *AWSIAMConfiguration) GetObjectKind() schema.ObjectKind
GetObjectKind returns the AAWSIAMConfiguration's TypeMeta.
type AWSIAMConfigurationSpec ¶
type AWSIAMConfigurationSpec struct { // NamePrefix will be prepended to every AWS IAM role, user and policy created by clusterawsadm. Defaults to "". NamePrefix string `json:"namePrefix,omitempty"` // NameSuffix will be appended to every AWS IAM role, user and policy created by clusterawsadm. Defaults to // ".cluster-api-provider-aws.sigs.k8s.io". NameSuffix *string `json:"nameSuffix,omitempty"` // ControlPlane controls the configuration of the AWS IAM role for a Kubernetes cluster's control plane nodes. ControlPlane ControlPlane `json:"controlPlane,omitempty"` // ClusterAPIControllers controls the configuration of an IAM role and policy specifically for Kubernetes Cluster API Provider AWS. ClusterAPIControllers ClusterAPIControllers `json:"clusterAPIControllers,omitempty"` // Nodes controls the configuration of the AWS IAM role for all nodes in a Kubernetes cluster. Nodes Nodes `json:"nodes,omitempty"` // BootstrapUser contains a list of elements that is specific // to the configuration and enablement of an IAM user. BootstrapUser BootstrapUser `json:"bootstrapUser,omitempty"` // StackName defines the name of the AWS CloudFormation stack. StackName string `json:"stackName,omitempty"` // StackTags defines the tags of the AWS CloudFormation stack. // +optional StackTags map[string]string `json:"stackTags,omitempty"` // Region controls which region the control-plane is created in if not specified on the command line or // via environment variables. Region string `json:"region,omitempty"` // EKS controls the configuration related to EKS. Settings in here affect the control plane // and nodes roles EKS *EKSConfig `json:"eks,omitempty"` // EventBridge controls configuration for consuming EventBridge events EventBridge *EventBridgeConfig `json:"eventBridge,omitempty"` // Partition is the AWS security partition being used. Defaults to "aws" Partition string `json:"partition,omitempty"` // SecureSecretsBackend, when set to parameter-store will create AWS Systems Manager // Parameter Storage policies. By default or with the value of secrets-manager, // will generate AWS Secrets Manager policies instead. // +kubebuilder:validation:Enum=secrets-manager;ssm-parameter-store SecureSecretsBackends []infrav1.SecretBackend `json:"secureSecretBackends,omitempty"` // S3Buckets, when enabled, will add controller nodes permissions to // create S3 Buckets for workload clusters. // TODO: This field could be a pointer, but it seems it breaks setting default values? // +optional S3Buckets S3Buckets `json:"s3Buckets,omitempty"` // AllowAssumeRole enables the sts:AssumeRole permission within the CAPA policies AllowAssumeRole bool `json:"allowAssumeRole,omitempty"` }
AWSIAMConfigurationSpec defines the specification of the AWSIAMConfiguration.
func (*AWSIAMConfigurationSpec) DeepCopy ¶
func (in *AWSIAMConfigurationSpec) DeepCopy() *AWSIAMConfigurationSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIAMConfigurationSpec.
func (*AWSIAMConfigurationSpec) DeepCopyInto ¶
func (in *AWSIAMConfigurationSpec) DeepCopyInto(out *AWSIAMConfigurationSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AWSIAMRoleSpec ¶
type AWSIAMRoleSpec struct { // Disable if set to true will not create the AWS IAM role. Defaults to false. Disable bool `json:"disable"` // default: false // ExtraPolicyAttachments is a list of additional policies to be attached to the IAM role. ExtraPolicyAttachments []string `json:"extraPolicyAttachments,omitempty"` // ExtraStatements are additional IAM statements to be included inline for the role. ExtraStatements []iamv1.StatementEntry `json:"extraStatements,omitempty"` // TrustStatements is an IAM PolicyDocument defining what identities are allowed to assume this role. // See "sigs.k8s.io/cluster-api-provider-aws/v2/cmd/clusterawsadm/api/iam/v1beta1" for more documentation. TrustStatements []iamv1.StatementEntry `json:"trustStatements,omitempty"` // Tags is a map of tags to be applied to the AWS IAM role. Tags infrav1.Tags `json:"tags,omitempty"` }
AWSIAMRoleSpec defines common configuration for AWS IAM roles created by Kubernetes Cluster API Provider AWS.
func (*AWSIAMRoleSpec) DeepCopy ¶
func (in *AWSIAMRoleSpec) DeepCopy() *AWSIAMRoleSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIAMRoleSpec.
func (*AWSIAMRoleSpec) DeepCopyInto ¶
func (in *AWSIAMRoleSpec) DeepCopyInto(out *AWSIAMRoleSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BootstrapUser ¶
type BootstrapUser struct { // Enable controls whether or not a bootstrap AWS IAM user will be created. // This can be used to scope down the initial credentials used to bootstrap the // cluster. // Defaults to false. Enable bool `json:"enable"` // UserName controls the username of the bootstrap user. Defaults to // "bootstrapper.cluster-api-provider-aws.sigs.k8s.io" UserName string `json:"userName,omitempty"` // GroupName controls the group the user will belong to. Defaults to // "bootstrapper.cluster-api-provider-aws.sigs.k8s.io" GroupName string `json:"groupName,omitempty"` // ExtraPolicyAttachments is a list of additional policies to be attached to the IAM user. ExtraPolicyAttachments []string `json:"extraPolicyAttachments,omitempty"` // ExtraGroups is a list of groups to add this user to. ExtraGroups []string `json:"extraGroups,omitempty"` // ExtraStatements are additional AWS IAM policy document statements to be included inline for the user. ExtraStatements []iamv1.StatementEntry `json:"extraStatements,omitempty"` // Tags is a map of tags to be applied to the AWS IAM user. Tags infrav1.Tags `json:"tags,omitempty"` }
BootstrapUser contains a list of elements that is specific to the configuration and enablement of an IAM user.
func (*BootstrapUser) DeepCopy ¶
func (in *BootstrapUser) DeepCopy() *BootstrapUser
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapUser.
func (*BootstrapUser) DeepCopyInto ¶
func (in *BootstrapUser) DeepCopyInto(out *BootstrapUser)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ClusterAPIControllers ¶
type ClusterAPIControllers struct { AWSIAMRoleSpec `json:",inline"` // AllowedEC2InstanceProfiles controls which EC2 roles are allowed to be // consumed by Cluster API when creating an ec2 instance. Defaults to // *.<suffix>, where suffix is defaulted to .cluster-api-provider-aws.sigs.k8s.io AllowedEC2InstanceProfiles []string `json:"allowedEC2InstanceProfiles,omitempty"` }
ClusterAPIControllers controls the configuration of the AWS IAM role for the Kubernetes Cluster API Provider AWS controller.
func (*ClusterAPIControllers) DeepCopy ¶
func (in *ClusterAPIControllers) DeepCopy() *ClusterAPIControllers
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIControllers.
func (*ClusterAPIControllers) DeepCopyInto ¶
func (in *ClusterAPIControllers) DeepCopyInto(out *ClusterAPIControllers)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControlPlane ¶
type ControlPlane struct { AWSIAMRoleSpec `json:",inline"` // DisableClusterAPIControllerPolicyAttachment, if set to true, will not attach the AWS IAM policy for Cluster // API Provider AWS to the control plane role. Defaults to false. DisableClusterAPIControllerPolicyAttachment bool `json:"disableClusterAPIControllerPolicyAttachment,omitempty"` // DisableCloudProviderPolicy if set to true, will not generate and attach the AWS IAM policy for the AWS Cloud Provider. DisableCloudProviderPolicy bool `json:"disableCloudProviderPolicy"` // EnableCSIPolicy if set to true, will generate and attach the AWS IAM policy for the EBS CSI Driver. EnableCSIPolicy bool `json:"enableCSIPolicy"` }
ControlPlane controls the configuration of the AWS IAM role for the control plane of provisioned Kubernetes clusters.
func (*ControlPlane) DeepCopy ¶
func (in *ControlPlane) DeepCopy() *ControlPlane
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlane.
func (*ControlPlane) DeepCopyInto ¶
func (in *ControlPlane) DeepCopyInto(out *ControlPlane)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EKSConfig ¶
type EKSConfig struct { // Disable controls whether EKS-related permissions are granted Disable bool `json:"disable"` // AllowIAMRoleCreation controls whether the EKS controllers have permissions for creating IAM // roles per cluster AllowIAMRoleCreation bool `json:"iamRoleCreation,omitempty"` // EnableUserEKSConsolePolicy controls the creation of the policy to view EKS nodes and workloads. EnableUserEKSConsolePolicy bool `json:"enableUserEKSConsolePolicy,omitempty"` // DefaultControlPlaneRole controls the configuration of the AWS IAM role for // the EKS control plane. This is the default role that will be used if // no role is included in the spec and automatic creation of the role // isn't enabled DefaultControlPlaneRole AWSIAMRoleSpec `json:"defaultControlPlaneRole,omitempty"` // ManagedMachinePool controls the configuration of the AWS IAM role for // used by EKS managed machine pools. ManagedMachinePool *AWSIAMRoleSpec `json:"managedMachinePool,omitempty"` // Fargate controls the configuration of the AWS IAM role for // used by EKS managed machine pools. Fargate *AWSIAMRoleSpec `json:"fargate,omitempty"` // KMSAliasPrefix is prefix to use to restrict permission to KMS keys to only those that have an alias // name that is prefixed by this. // Defaults to cluster-api-provider-aws-* KMSAliasPrefix string `json:"kmsAliasPrefix,omitempty"` }
EKSConfig represents the EKS related configuration config.
func (*EKSConfig) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfig.
func (*EKSConfig) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EventBridgeConfig ¶
type EventBridgeConfig struct { // Enable controls whether permissions are granted to consume EC2 events Enable bool `json:"enable,omitempty"` }
EventBridgeConfig represents configuration for enabling experimental feature to consume EventBridge EC2 events.
func (*EventBridgeConfig) DeepCopy ¶
func (in *EventBridgeConfig) DeepCopy() *EventBridgeConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EventBridgeConfig.
func (*EventBridgeConfig) DeepCopyInto ¶
func (in *EventBridgeConfig) DeepCopyInto(out *EventBridgeConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Nodes ¶
type Nodes struct { AWSIAMRoleSpec `json:",inline"` // DisableCloudProviderPolicy if set to true, will not generate and attach the policy for the AWS Cloud Provider. // Defaults to false. DisableCloudProviderPolicy bool `json:"disableCloudProviderPolicy"` // EC2ContainerRegistryReadOnly controls whether the node has read-only access to the // EC2 container registry EC2ContainerRegistryReadOnly bool `json:"ec2ContainerRegistryReadOnly"` }
Nodes controls the configuration of the AWS IAM role for worker nodes in a cluster created by Kubernetes Cluster API Provider AWS.
func (*Nodes) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Nodes.
func (*Nodes) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type S3Buckets ¶
type S3Buckets struct { // Enable controls whether permissions are granted to manage S3 buckets. Enable bool `json:"enable"` // NamePrefix will be prepended to every AWS IAM role bucket name. Defaults to "cluster-api-provider-aws-". // AWSCluster S3 Bucket name must be prefixed with the same prefix. NamePrefix string `json:"namePrefix"` }
S3Buckets controls the configuration of the AWS IAM role for S3 buckets which can be created for storing bootstrap data for nodes requiring it.
func (*S3Buckets) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new S3Buckets.
func (*S3Buckets) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.