Documentation ¶
Overview ¶
Package v1beta2 contains API Schema definitions for the controlplane v1beta2 API group +gencrdrefdocs:force +groupName=controlplane.cluster.x-k8s.io +k8s:defaulter-gen=TypeMeta
Package v1beta2 contains API Schema definitions for the controlplane v1beta2 API group +kubebuilder:object:generate=true +groupName=controlplane.cluster.x-k8s.io
Index ¶
- Constants
- Variables
- type AWSManagedControlPlane
- func (in *AWSManagedControlPlane) DeepCopy() *AWSManagedControlPlane
- func (in *AWSManagedControlPlane) DeepCopyInto(out *AWSManagedControlPlane)
- func (in *AWSManagedControlPlane) DeepCopyObject() runtime.Object
- func (r *AWSManagedControlPlane) Default()
- func (r *AWSManagedControlPlane) GetConditions() clusterv1.Conditions
- func (*AWSManagedControlPlane) Hub()
- func (r *AWSManagedControlPlane) SetConditions(conditions clusterv1.Conditions)
- func (r *AWSManagedControlPlane) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *AWSManagedControlPlane) ValidateCreate() (admission.Warnings, error)
- func (r *AWSManagedControlPlane) ValidateDelete() (admission.Warnings, error)
- func (r *AWSManagedControlPlane) ValidateUpdate(old runtime.Object) (admission.Warnings, error)
- type AWSManagedControlPlaneList
- type AWSManagedControlPlaneSpec
- type AWSManagedControlPlaneStatus
- type Addon
- type AddonIssue
- type AddonResolution
- type AddonState
- type AddonStatus
- type ControlPlaneLoggingSpec
- type EKSTokenMethod
- type EncryptionConfig
- type EndpointAccess
- type IAMAuthenticatorConfig
- type IdentityProviderStatus
- type KubeProxy
- type KubernetesMapping
- type OIDCIdentityProviderConfig
- type OIDCProviderStatus
- type RoleMapping
- type UserMapping
- type VpcCni
Constants ¶
const ( // ManagedControlPlaneFinalizer allows the controller to clean up resources on delete. ManagedControlPlaneFinalizer = "awsmanagedcontrolplane.controlplane.cluster.x-k8s.io" // AWSManagedControlPlaneKind is the Kind of AWSManagedControlPlane. AWSManagedControlPlaneKind = "AWSManagedControlPlane" )
const ( // EKSControlPlaneReadyCondition condition reports on the successful reconciliation of eks control plane. EKSControlPlaneReadyCondition clusterv1.ConditionType = "EKSControlPlaneReady" // EKSControlPlaneCreatingCondition condition reports on whether the eks // control plane is creating. EKSControlPlaneCreatingCondition clusterv1.ConditionType = "EKSControlPlaneCreating" // EKSControlPlaneUpdatingCondition condition reports on whether the eks // control plane is updating. EKSControlPlaneUpdatingCondition clusterv1.ConditionType = "EKSControlPlaneUpdating" // EKSControlPlaneReconciliationFailedReason used to report failures while reconciling EKS control plane. EKSControlPlaneReconciliationFailedReason = "EKSControlPlaneReconciliationFailed" )
const ( // IAMControlPlaneRolesReadyCondition condition reports on the successful reconciliation of eks control plane iam roles. IAMControlPlaneRolesReadyCondition clusterv1.ConditionType = "IAMControlPlaneRolesReady" // IAMControlPlaneRolesReconciliationFailedReason used to report failures while reconciling EKS control plane iam roles. IAMControlPlaneRolesReconciliationFailedReason = "IAMControlPlaneRolesReconciliationFailed" )
const ( // IAMAuthenticatorConfiguredCondition condition reports on the successful reconciliation of aws-iam-authenticator config. IAMAuthenticatorConfiguredCondition clusterv1.ConditionType = "IAMAuthenticatorConfigured" // IAMAuthenticatorConfigurationFailedReason used to report failures while reconciling the aws-iam-authenticator config. IAMAuthenticatorConfigurationFailedReason = "IAMAuthenticatorConfigurationFailed" )
const ( // EKSAddonsConfiguredCondition condition reports on the successful reconciliation of EKS addons. EKSAddonsConfiguredCondition clusterv1.ConditionType = "EKSAddonsConfigured" // EKSAddonsConfiguredFailedReason used to report failures while reconciling the EKS addons. EKSAddonsConfiguredFailedReason = "EKSAddonsConfiguredFailed" )
const ( // EKSIdentityProviderConfiguredCondition condition reports on the successful association of identity provider config. EKSIdentityProviderConfiguredCondition clusterv1.ConditionType = "EKSIdentityProviderConfigured" // EKSIdentityProviderConfiguredFailedReason used to report failures while reconciling the identity provider config association. EKSIdentityProviderConfiguredFailedReason = "EKSIdentityProviderConfiguredFailed" )
const ( // SecurityGroupCluster is the security group for communication between EKS // control plane and managed node groups. SecurityGroupCluster = infrav1.SecurityGroupRole("cluster") )
Variables ¶
var ( // GroupVersion is group version used to register these objects. GroupVersion = schema.GroupVersion{Group: "controlplane.cluster.x-k8s.io", Version: "v1beta2"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
var ( // EKSTokenMethodIAMAuthenticator indicates that IAM autenticator will be used to get a token. EKSTokenMethodIAMAuthenticator = EKSTokenMethod("iam-authenticator") // EKSTokenMethodAWSCli indicates that the AWS CLI will be used to get a token // Version 1.16.156 or greater is required of the AWS CLI. EKSTokenMethodAWSCli = EKSTokenMethod("aws-cli") )
var ( // AddonResolutionOverwrite indicates that if there are parameter conflicts then // resolution will be accomplished via overwriting. AddonResolutionOverwrite = AddonResolution("overwrite") // AddonResolutionNone indicates that if there are parameter conflicts then // resolution will not be done and an error will be reported. AddonResolutionNone = AddonResolution("none") )
var ( // AddonStatusCreating is a status to indicate the addon is creating. AddonStatusCreating = "creating" // AddonStatusActive is a status to indicate the addon is active. AddonStatusActive = "active" // AddonStatusCreateFailed is a status to indicate the addon failed creation. AddonStatusCreateFailed = "create_failed" // AddonStatusUpdating is a status to indicate the addon is updating. AddonStatusUpdating = "updating" // AddonStatusDeleting is a status to indicate the addon is deleting. AddonStatusDeleting = "deleting" // AddonStatusDeleteFailed is a status to indicate the addon failed deletion. AddonStatusDeleteFailed = "delete_failed" // AddonStatusDegraded is a status to indicate the addon is in a degraded state. AddonStatusDegraded = "degraded" )
var ( ErrRoleARNRequired = errors.New("rolearn is required") ErrUserARNRequired = errors.New("userarn is required") ErrUserNameRequired = errors.New("username is required") ErrGroupsRequired = errors.New("groups are required") ErrIsNotARN = errors.New("supplied value is not a ARN") ErrIsNotRoleARN = errors.New("supplied ARN is not a role ARN") ErrIsNotUserARN = errors.New("supplied ARN is not a user ARN") )
Errors for validation of Amazon EKS nodes that are registered with the control plane.
var ( // DefaultEKSControlPlaneRole is the name of the default IAM role to use for the EKS control plane // if no other role is supplied in the spec and if iam role creation is not enabled. The default // can be created using clusterawsadm or created manually. DefaultEKSControlPlaneRole = fmt.Sprintf("eks-controlplane%s", iamv1.DefaultNameSuffix) )
Functions ¶
This section is empty.
Types ¶
type AWSManagedControlPlane ¶
type AWSManagedControlPlane struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec AWSManagedControlPlaneSpec `json:"spec,omitempty"` Status AWSManagedControlPlaneStatus `json:"status,omitempty"` }
AWSManagedControlPlane is the schema for the Amazon EKS Managed Control Plane API.
func (*AWSManagedControlPlane) DeepCopy ¶
func (in *AWSManagedControlPlane) DeepCopy() *AWSManagedControlPlane
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlane.
func (*AWSManagedControlPlane) DeepCopyInto ¶
func (in *AWSManagedControlPlane) DeepCopyInto(out *AWSManagedControlPlane)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AWSManagedControlPlane) DeepCopyObject ¶
func (in *AWSManagedControlPlane) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AWSManagedControlPlane) Default ¶
func (r *AWSManagedControlPlane) Default()
Default will set default values for the AWSManagedControlPlane.
func (*AWSManagedControlPlane) GetConditions ¶
func (r *AWSManagedControlPlane) GetConditions() clusterv1.Conditions
GetConditions returns the control planes conditions.
func (*AWSManagedControlPlane) Hub ¶
func (*AWSManagedControlPlane) Hub()
Hub marks AWSManagedControlPlane as a conversion hub.
func (*AWSManagedControlPlane) SetConditions ¶
func (r *AWSManagedControlPlane) SetConditions(conditions clusterv1.Conditions)
SetConditions sets the status conditions for the AWSManagedControlPlane.
func (*AWSManagedControlPlane) SetupWebhookWithManager ¶
func (r *AWSManagedControlPlane) SetupWebhookWithManager(mgr ctrl.Manager) error
SetupWebhookWithManager will setup the webhooks for the AWSManagedControlPlane.
func (*AWSManagedControlPlane) ValidateCreate ¶
func (r *AWSManagedControlPlane) ValidateCreate() (admission.Warnings, error)
ValidateCreate will do any extra validation when creating a AWSManagedControlPlane.
func (*AWSManagedControlPlane) ValidateDelete ¶
func (r *AWSManagedControlPlane) ValidateDelete() (admission.Warnings, error)
ValidateDelete allows you to add any extra validation when deleting.
func (*AWSManagedControlPlane) ValidateUpdate ¶
ValidateUpdate will do any extra validation when updating a AWSManagedControlPlane.
type AWSManagedControlPlaneList ¶
type AWSManagedControlPlaneList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []AWSManagedControlPlane `json:"items"` }
AWSManagedControlPlaneList contains a list of Amazon EKS Managed Control Planes.
func (*AWSManagedControlPlaneList) DeepCopy ¶
func (in *AWSManagedControlPlaneList) DeepCopy() *AWSManagedControlPlaneList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlaneList.
func (*AWSManagedControlPlaneList) DeepCopyInto ¶
func (in *AWSManagedControlPlaneList) DeepCopyInto(out *AWSManagedControlPlaneList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AWSManagedControlPlaneList) DeepCopyObject ¶
func (in *AWSManagedControlPlaneList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*AWSManagedControlPlaneList) Hub ¶
func (*AWSManagedControlPlaneList) Hub()
Hub marks AWSManagedControlPlaneList as a conversion hub.
type AWSManagedControlPlaneSpec ¶
type AWSManagedControlPlaneSpec struct { // EKSClusterName allows you to specify the name of the EKS cluster in // AWS. If you don't specify a name then a default name will be created // based on the namespace and name of the managed control plane. // +optional EKSClusterName string `json:"eksClusterName,omitempty"` // IdentityRef is a reference to an identity to be used when reconciling the managed control plane. // If no identity is specified, the default identity for this controller will be used. IdentityRef *infrav1.AWSIdentityReference `json:"identityRef,omitempty"` // NetworkSpec encapsulates all things related to AWS network. NetworkSpec infrav1.NetworkSpec `json:"network,omitempty"` // SecondaryCidrBlock is the additional CIDR range to use for pod IPs. // Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. // +optional SecondaryCidrBlock *string `json:"secondaryCidrBlock,omitempty"` // The AWS Region the cluster lives in. Region string `json:"region,omitempty"` // Partition is the AWS security partition being used. Defaults to "aws" // +optional Partition string `json:"partition,omitempty"` // SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) // +optional SSHKeyName *string `json:"sshKeyName,omitempty"` // Version defines the desired Kubernetes version. If no version number // is supplied then the latest version of Kubernetes that EKS supports // will be used. // +kubebuilder:validation:MinLength:=2 // +kubebuilder:validation:Pattern:=^v?(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?(\.0|[1-9][0-9]*)?$ // +optional Version *string `json:"version,omitempty"` // RoleName specifies the name of IAM role that gives EKS // permission to make API calls. If the role is pre-existing // we will treat it as unmanaged and not delete it on // deletion. If the EKSEnableIAM feature flag is true // and no name is supplied then a role is created. // +kubebuilder:validation:MinLength:=2 // +optional RoleName *string `json:"roleName,omitempty"` // RoleAdditionalPolicies allows you to attach additional polices to // the control plane role. You must enable the EKSAllowAddRoles // feature flag to incorporate these into the created role. // +optional RoleAdditionalPolicies *[]string `json:"roleAdditionalPolicies,omitempty"` // Logging specifies which EKS Cluster logs should be enabled. Entries for // each of the enabled logs will be sent to CloudWatch // +optional Logging *ControlPlaneLoggingSpec `json:"logging,omitempty"` // EncryptionConfig specifies the encryption configuration for the cluster // +optional EncryptionConfig *EncryptionConfig `json:"encryptionConfig,omitempty"` // AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the // ones added by default. // +optional AdditionalTags infrav1.Tags `json:"additionalTags,omitempty"` // IAMAuthenticatorConfig allows the specification of any additional user or role mappings // for use when generating the aws-iam-authenticator configuration. If this is nil the // default configuration is still generated for the cluster. // +optional IAMAuthenticatorConfig *IAMAuthenticatorConfig `json:"iamAuthenticatorConfig,omitempty"` // Endpoints specifies access to this cluster's control plane endpoints // +optional EndpointAccess EndpointAccess `json:"endpointAccess,omitempty"` // ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. // +optional ControlPlaneEndpoint clusterv1.APIEndpoint `json:"controlPlaneEndpoint"` // ImageLookupFormat is the AMI naming format to look up machine images when // a machine does not specify an AMI. When set, this will be used for all // cluster machines unless a machine specifies a different ImageLookupOrg. // Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base // OS and kubernetes version, respectively. The BaseOS will be the value in // ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as // defined by the packages produced by kubernetes/release without v as a // prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default // image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up // searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a // Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See // also: https://golang.org/pkg/text/template/ // +optional ImageLookupFormat string `json:"imageLookupFormat,omitempty"` // ImageLookupOrg is the AWS Organization ID to look up machine images when a // machine does not specify an AMI. When set, this will be used for all // cluster machines unless a machine specifies a different ImageLookupOrg. // +optional ImageLookupOrg string `json:"imageLookupOrg,omitempty"` // ImageLookupBaseOS is the name of the base operating system used to look // up machine images when a machine does not specify an AMI. When set, this // will be used for all cluster machines unless a machine specifies a // different ImageLookupBaseOS. ImageLookupBaseOS string `json:"imageLookupBaseOS,omitempty"` // Bastion contains options to configure the bastion host. // +optional Bastion infrav1.Bastion `json:"bastion"` // TokenMethod is used to specify the method for obtaining a client token for communicating with EKS // iam-authenticator - obtains a client token using iam-authentictor // aws-cli - obtains a client token using the AWS CLI // Defaults to iam-authenticator // +kubebuilder:default=iam-authenticator // +kubebuilder:validation:Enum=iam-authenticator;aws-cli TokenMethod *EKSTokenMethod `json:"tokenMethod,omitempty"` // AssociateOIDCProvider can be enabled to automatically create an identity // provider for the controller for use with IAM roles for service accounts // +kubebuilder:default=false AssociateOIDCProvider bool `json:"associateOIDCProvider,omitempty"` // Addons defines the EKS addons to enable with the EKS cluster. // +optional Addons *[]Addon `json:"addons,omitempty"` // IdentityProviderconfig is used to specify the oidc provider config // to be attached with this eks cluster // +optional OIDCIdentityProviderConfig *OIDCIdentityProviderConfig `json:"oidcIdentityProviderConfig,omitempty"` // VpcCni is used to set configuration options for the VPC CNI plugin // +optional VpcCni VpcCni `json:"vpcCni,omitempty"` // RestrictPrivateSubnets indicates that the EKS control plane should only use private subnets. // +kubebuilder:default=false RestrictPrivateSubnets bool `json:"restrictPrivateSubnets,omitempty"` // KubeProxy defines managed attributes of the kube-proxy daemonset KubeProxy KubeProxy `json:"kubeProxy,omitempty"` }
AWSManagedControlPlaneSpec defines the desired state of an Amazon EKS Cluster.
func (*AWSManagedControlPlaneSpec) DeepCopy ¶
func (in *AWSManagedControlPlaneSpec) DeepCopy() *AWSManagedControlPlaneSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlaneSpec.
func (*AWSManagedControlPlaneSpec) DeepCopyInto ¶
func (in *AWSManagedControlPlaneSpec) DeepCopyInto(out *AWSManagedControlPlaneSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AWSManagedControlPlaneSpec) Hub ¶ added in v2.1.0
func (*AWSManagedControlPlaneSpec) Hub()
Hub marks AWSManagedControlPlaneSpec as a conversion hub.
type AWSManagedControlPlaneStatus ¶
type AWSManagedControlPlaneStatus struct { // Networks holds details about the AWS networking resources used by the control plane // +optional Network infrav1.NetworkStatus `json:"networkStatus,omitempty"` // FailureDomains specifies a list fo available availability zones that can be used // +optional FailureDomains clusterv1.FailureDomains `json:"failureDomains,omitempty"` // Bastion holds details of the instance that is used as a bastion jump box // +optional Bastion *infrav1.Instance `json:"bastion,omitempty"` // OIDCProvider holds the status of the identity provider for this cluster // +optional OIDCProvider OIDCProviderStatus `json:"oidcProvider,omitempty"` // ExternalManagedControlPlane indicates to cluster-api that the control plane // is managed by an external service such as AKS, EKS, GKE, etc. // +kubebuilder:default=true ExternalManagedControlPlane *bool `json:"externalManagedControlPlane,omitempty"` // Initialized denotes whether or not the control plane has the // uploaded kubernetes config-map. // +optional Initialized bool `json:"initialized"` // Ready denotes that the AWSManagedControlPlane API Server is ready to // receive requests and that the VPC infra is ready. // +kubebuilder:default=false Ready bool `json:"ready"` // ErrorMessage indicates that there is a terminal problem reconciling the // state, and will be set to a descriptive error message. // +optional FailureMessage *string `json:"failureMessage,omitempty"` // Conditions specifies the cpnditions for the managed control plane Conditions clusterv1.Conditions `json:"conditions,omitempty"` // Addons holds the current status of the EKS addons // +optional Addons []AddonState `json:"addons,omitempty"` // IdentityProviderStatus holds the status for // associated identity provider // +optional IdentityProviderStatus IdentityProviderStatus `json:"identityProviderStatus,omitempty"` }
AWSManagedControlPlaneStatus defines the observed state of an Amazon EKS Cluster.
func (*AWSManagedControlPlaneStatus) DeepCopy ¶
func (in *AWSManagedControlPlaneStatus) DeepCopy() *AWSManagedControlPlaneStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSManagedControlPlaneStatus.
func (*AWSManagedControlPlaneStatus) DeepCopyInto ¶
func (in *AWSManagedControlPlaneStatus) DeepCopyInto(out *AWSManagedControlPlaneStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type Addon ¶
type Addon struct { // Name is the name of the addon // +kubebuilder:validation:MinLength:=2 // +kubebuilder:validation:Required Name string `json:"name"` // Version is the version of the addon to use Version string `json:"version"` // Configuration of the EKS addon // +optional Configuration string `json:"configuration,omitempty"` // ConflictResolution is used to declare what should happen if there // are parameter conflicts. Defaults to none // +kubebuilder:default=overwrite // +kubebuilder:validation:Enum=overwrite;none ConflictResolution *AddonResolution `json:"conflictResolution,omitempty"` // ServiceAccountRoleArn is the ARN of an IAM role to bind to the addons service account // +optional ServiceAccountRoleArn *string `json:"serviceAccountRoleARN,omitempty"` }
Addon represents a EKS addon.
func (*Addon) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Addon.
func (*Addon) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AddonIssue ¶
type AddonIssue struct { // Code is the issue code Code *string `json:"code,omitempty"` // Message is the textual description of the issue Message *string `json:"message,omitempty"` // ResourceIDs is a list of resource ids for the issue ResourceIDs []string `json:"resourceIds,omitempty"` }
AddonIssue represents an issue with an addon.
func (*AddonIssue) DeepCopy ¶
func (in *AddonIssue) DeepCopy() *AddonIssue
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddonIssue.
func (*AddonIssue) DeepCopyInto ¶
func (in *AddonIssue) DeepCopyInto(out *AddonIssue)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AddonResolution ¶
type AddonResolution string
AddonResolution defines the method for resolving parameter conflicts.
type AddonState ¶
type AddonState struct { // Name is the name of the addon Name string `json:"name"` // Version is the version of the addon to use Version string `json:"version"` // ARN is the AWS ARN of the addon ARN string `json:"arn"` // ServiceAccountRoleArn is the ARN of the IAM role used for the service account ServiceAccountRoleArn *string `json:"serviceAccountRoleARN,omitempty"` // CreatedAt is the date and time the addon was created at CreatedAt metav1.Time `json:"createdAt,omitempty"` // ModifiedAt is the date and time the addon was last modified ModifiedAt metav1.Time `json:"modifiedAt,omitempty"` // Status is the status of the addon Status *string `json:"status,omitempty"` // Issues is a list of issue associated with the addon Issues []AddonIssue `json:"issues,omitempty"` }
AddonState represents the state of an addon.
func (*AddonState) DeepCopy ¶
func (in *AddonState) DeepCopy() *AddonState
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddonState.
func (*AddonState) DeepCopyInto ¶
func (in *AddonState) DeepCopyInto(out *AddonState)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ControlPlaneLoggingSpec ¶
type ControlPlaneLoggingSpec struct { // APIServer indicates if the Kubernetes API Server log (kube-apiserver) shoulkd be enabled // +kubebuilder:default=false APIServer bool `json:"apiServer"` // Audit indicates if the Kubernetes API audit log should be enabled // +kubebuilder:default=false Audit bool `json:"audit"` // Authenticator indicates if the iam authenticator log should be enabled // +kubebuilder:default=false Authenticator bool `json:"authenticator"` // ControllerManager indicates if the controller manager (kube-controller-manager) log should be enabled // +kubebuilder:default=false ControllerManager bool `json:"controllerManager"` // Scheduler indicates if the Kubernetes scheduler (kube-scheduler) log should be enabled // +kubebuilder:default=false Scheduler bool `json:"scheduler"` }
ControlPlaneLoggingSpec defines what EKS control plane logs that should be enabled.
func (*ControlPlaneLoggingSpec) DeepCopy ¶
func (in *ControlPlaneLoggingSpec) DeepCopy() *ControlPlaneLoggingSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlaneLoggingSpec.
func (*ControlPlaneLoggingSpec) DeepCopyInto ¶
func (in *ControlPlaneLoggingSpec) DeepCopyInto(out *ControlPlaneLoggingSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ControlPlaneLoggingSpec) IsLogEnabled ¶
func (s *ControlPlaneLoggingSpec) IsLogEnabled(logName string) bool
IsLogEnabled returns true if the log is enabled.
type EKSTokenMethod ¶
type EKSTokenMethod string
EKSTokenMethod defines the method for obtaining a client token to use when connecting to EKS.
type EncryptionConfig ¶
type EncryptionConfig struct { // Provider specifies the ARN or alias of the CMK (in AWS KMS) Provider *string `json:"provider,omitempty"` // Resources specifies the resources to be encrypted Resources []*string `json:"resources,omitempty"` }
EncryptionConfig specifies the encryption configuration for the EKS clsuter.
func (*EncryptionConfig) DeepCopy ¶
func (in *EncryptionConfig) DeepCopy() *EncryptionConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EncryptionConfig.
func (*EncryptionConfig) DeepCopyInto ¶
func (in *EncryptionConfig) DeepCopyInto(out *EncryptionConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type EndpointAccess ¶
type EndpointAccess struct { // Public controls whether control plane endpoints are publicly accessible // +optional Public *bool `json:"public,omitempty"` // PublicCIDRs specifies which blocks can access the public endpoint // +optional PublicCIDRs []*string `json:"publicCIDRs,omitempty"` // Private points VPC-internal control plane access to the private endpoint // +optional Private *bool `json:"private,omitempty"` }
EndpointAccess specifies how control plane endpoints are accessible.
func (*EndpointAccess) DeepCopy ¶
func (in *EndpointAccess) DeepCopy() *EndpointAccess
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EndpointAccess.
func (*EndpointAccess) DeepCopyInto ¶
func (in *EndpointAccess) DeepCopyInto(out *EndpointAccess)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IAMAuthenticatorConfig ¶
type IAMAuthenticatorConfig struct { // RoleMappings is a list of role mappings // +optional RoleMappings []RoleMapping `json:"mapRoles,omitempty"` // UserMappings is a list of user mappings // +optional UserMappings []UserMapping `json:"mapUsers,omitempty"` }
IAMAuthenticatorConfig represents an aws-iam-authenticator configuration.
func (*IAMAuthenticatorConfig) DeepCopy ¶
func (in *IAMAuthenticatorConfig) DeepCopy() *IAMAuthenticatorConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IAMAuthenticatorConfig.
func (*IAMAuthenticatorConfig) DeepCopyInto ¶
func (in *IAMAuthenticatorConfig) DeepCopyInto(out *IAMAuthenticatorConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IdentityProviderStatus ¶
type IdentityProviderStatus struct { // ARN holds the ARN of associated identity provider ARN string `json:"arn,omitempty"` // Status holds current status of associated identity provider Status string `json:"status,omitempty"` }
IdentityProviderStatus holds the status for associated identity provider.
func (*IdentityProviderStatus) DeepCopy ¶
func (in *IdentityProviderStatus) DeepCopy() *IdentityProviderStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IdentityProviderStatus.
func (*IdentityProviderStatus) DeepCopyInto ¶
func (in *IdentityProviderStatus) DeepCopyInto(out *IdentityProviderStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubeProxy ¶
type KubeProxy struct { // Disable set to true indicates that kube-proxy should be disabled. With EKS clusters // kube-proxy is automatically installed into the cluster. For clusters where you want // to use kube-proxy functionality that is provided with an alternate CNI, this option // provides a way to specify that the kube-proxy daemonset should be deleted. You cannot // set this to true if you are using the Amazon kube-proxy addon. // +kubebuilder:default=false Disable bool `json:"disable,omitempty"` }
KubeProxy specifies how the kube-proxy daemonset is managed.
func (*KubeProxy) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeProxy.
func (*KubeProxy) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type KubernetesMapping ¶
type KubernetesMapping struct { // UserName is a kubernetes RBAC user subject UserName string `json:"username"` // Groups is a list of kubernetes RBAC groups Groups []string `json:"groups"` }
KubernetesMapping represents the kubernetes RBAC mapping.
func (*KubernetesMapping) DeepCopy ¶
func (in *KubernetesMapping) DeepCopy() *KubernetesMapping
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesMapping.
func (*KubernetesMapping) DeepCopyInto ¶
func (in *KubernetesMapping) DeepCopyInto(out *KubernetesMapping)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCIdentityProviderConfig ¶
type OIDCIdentityProviderConfig struct { // This is also known as audience. The ID for the client application that makes // authentication requests to the OpenID identity provider. // +kubebuilder:validation:Required ClientID string `json:"clientId,omitempty"` // The JWT claim that the provider uses to return your groups. // +optional GroupsClaim *string `json:"groupsClaim,omitempty"` // The prefix that is prepended to group claims to prevent clashes with existing // names (such as system: groups). For example, the valueoidc: will create group // names like oidc:engineering and oidc:infra. // +optional GroupsPrefix *string `json:"groupsPrefix,omitempty"` // The name of the OIDC provider configuration. // // IdentityProviderConfigName is a required field // +kubebuilder:validation:Required IdentityProviderConfigName string `json:"identityProviderConfigName,omitempty"` // The URL of the OpenID identity provider that allows the API server to discover // public signing keys for verifying tokens. The URL must begin with https:// // and should correspond to the iss claim in the provider's OIDC ID tokens. // Per the OIDC standard, path components are allowed but query parameters are // not. Typically the URL consists of only a hostname, like https://server.example.org // or https://example.com. This URL should point to the level below .well-known/openid-configuration // and must be publicly accessible over the internet. // // +kubebuilder:validation:Required IssuerURL string `json:"issuerUrl,omitempty"` // The key value pairs that describe required claims in the identity token. // If set, each claim is verified to be present in the token with a matching // value. For the maximum number of claims that you can require, see Amazon // EKS service quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) // in the Amazon EKS User Guide. // +optional RequiredClaims map[string]string `json:"requiredClaims,omitempty"` // The JSON Web Token (JWT) claim to use as the username. The default is sub, // which is expected to be a unique identifier of the end user. You can choose // other claims, such as email or name, depending on the OpenID identity provider. // Claims other than email are prefixed with the issuer URL to prevent naming // clashes with other plug-ins. // +optional UsernameClaim *string `json:"usernameClaim,omitempty"` // The prefix that is prepended to username claims to prevent clashes with existing // names. If you do not provide this field, and username is a value other than // email, the prefix defaults to issuerurl#. You can use the value - to disable // all prefixing. // +optional UsernamePrefix *string `json:"usernamePrefix,omitempty"` // tags to apply to oidc identity provider association // +optional Tags infrav1.Tags `json:"tags,omitempty"` }
OIDCIdentityProviderConfig represents the configuration for an OIDC identity provider.
func (*OIDCIdentityProviderConfig) DeepCopy ¶
func (in *OIDCIdentityProviderConfig) DeepCopy() *OIDCIdentityProviderConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCIdentityProviderConfig.
func (*OIDCIdentityProviderConfig) DeepCopyInto ¶
func (in *OIDCIdentityProviderConfig) DeepCopyInto(out *OIDCIdentityProviderConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OIDCProviderStatus ¶
type OIDCProviderStatus struct { // ARN holds the ARN of the provider ARN string `json:"arn,omitempty"` // TrustPolicy contains the boilerplate IAM trust policy to use for IRSA TrustPolicy string `json:"trustPolicy,omitempty"` }
OIDCProviderStatus holds the status of the AWS OIDC identity provider.
func (*OIDCProviderStatus) DeepCopy ¶
func (in *OIDCProviderStatus) DeepCopy() *OIDCProviderStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OIDCProviderStatus.
func (*OIDCProviderStatus) DeepCopyInto ¶
func (in *OIDCProviderStatus) DeepCopyInto(out *OIDCProviderStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type RoleMapping ¶
type RoleMapping struct { // RoleARN is the AWS ARN for the role to map // +kubebuilder:validation:MinLength:=31 RoleARN string `json:"rolearn"` // KubernetesMapping holds the RBAC details for the mapping KubernetesMapping `json:",inline"` }
RoleMapping represents a mapping from a IAM role to Kubernetes users and groups.
func (*RoleMapping) DeepCopy ¶
func (in *RoleMapping) DeepCopy() *RoleMapping
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RoleMapping.
func (*RoleMapping) DeepCopyInto ¶
func (in *RoleMapping) DeepCopyInto(out *RoleMapping)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*RoleMapping) Validate ¶
func (r *RoleMapping) Validate() []error
Validate will return nil is there are no errors with the role mapping.
type UserMapping ¶
type UserMapping struct { // UserARN is the AWS ARN for the user to map // +kubebuilder:validation:MinLength:=31 UserARN string `json:"userarn"` // KubernetesMapping holds the RBAC details for the mapping KubernetesMapping `json:",inline"` }
UserMapping represents a mapping from an IAM user to Kubernetes users and groups.
func (*UserMapping) DeepCopy ¶
func (in *UserMapping) DeepCopy() *UserMapping
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UserMapping.
func (*UserMapping) DeepCopyInto ¶
func (in *UserMapping) DeepCopyInto(out *UserMapping)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*UserMapping) Validate ¶
func (u *UserMapping) Validate() []error
Validate will return nil is there are no errors with the user mapping.
type VpcCni ¶
type VpcCni struct { // Disable indicates that the Amazon VPC CNI should be disabled. With EKS clusters the // Amazon VPC CNI is automatically installed into the cluster. For clusters where you want // to use an alternate CNI this option provides a way to specify that the Amazon VPC CNI // should be deleted. You cannot set this to true if you are using the // Amazon VPC CNI addon. // +kubebuilder:default=false Disable bool `json:"disable,omitempty"` // Env defines a list of environment variables to apply to the `aws-node` DaemonSet // +optional Env []corev1.EnvVar `json:"env,omitempty"` }
VpcCni specifies configuration related to the VPC CNI.
func (*VpcCni) DeepCopy ¶
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VpcCni.
func (*VpcCni) DeepCopyInto ¶
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.