builder

package
v0.176.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2024 License: Apache-2.0 Imports: 39 Imported by: 16

Documentation

Index

Constants

View Source 
const (
	// KarpenterNodeRoleName is the name of the role for nodes.
	KarpenterNodeRoleName = "KarpenterNodeRole"
	// KarpenterManagedPolicy managed policy name.
	KarpenterManagedPolicy = "KarpenterControllerPolicy"
	// KarpenterNodeInstanceProfile is the name of node instance profile.
	KarpenterNodeInstanceProfile = "KarpenterNodeInstanceProfile"
	// KarpenterInterruptionQueue is the name of the interruption queue
	KarpenterInterruptionQueue = "KarpenterInterruptionQueue"
	// KarpenterInterruptionQueuePolicy interruption queue policy name
	KarpenterInterruptionQueuePolicy = "KarpenterInterruptionQueuePolicy"
	// KarpenterInterruptionQueueTarget interruption queue target ID
	KarpenterInterruptionQueueTarget = "KarpenterInterruptionQueueTarget"
)
View Source 
const (
	ScheduledChangeRule     = "ScheduledChangeRule"
	SpotInterruptionRule    = "SpotInterruptionRule"
	RebalanceRule           = "RebalanceRule"
	InstanceStateChangeRule = "InstanceStateChangeRule"
)
View Source 
const (
	VPCResourceKey = "VPC"

	// Gateways
	IGWKey                       = "InternetGateway"
	GAKey                        = "VPCGatewayAttachment"
	EgressOnlyInternetGatewayKey = "EgressOnlyInternetGateway"
	NATGatewayKey                = "NATGateway"
	ElasticIPKey                 = "EIP"

	// CIDRs
	IPv6CIDRBlockKey = "IPv6CidrBlock"
	InternetCIDR     = "0.0.0.0/0"
	InternetIPv6CIDR = "::/0"

	// Routing
	PubRouteTableKey             = "PublicRouteTable"
	PrivateRouteTableKey         = "PrivateRouteTable"
	PubRouteTableAssociation     = "RouteTableAssociationPublic"
	PrivateRouteTableAssociation = "RouteTableAssociationPrivate"
	PubSubRouteKey               = "PublicSubnetDefaultRoute"
	PubSubIPv6RouteKey           = "PublicSubnetIPv6DefaultRoute"
	PrivateSubnetRouteKey        = "PrivateSubnetDefaultRoute"
	PrivateSubnetIpv6RouteKey    = "PrivateSubnetDefaultIpv6Route"

	// Subnets
	PublicSubnetKey  = "PublicSubnet"
	PrivateSubnetKey = "PrivateSubnet"
)
View Source 
const ManagedNodeGroupResourceName = "ManagedNodeGroup"
View Source 
const MaximumCreatedTagNumberPerCall = 25
View Source 
const MaximumTagNumber = 50

MaximumTagNumber for ASGs as described here https://docs.aws.amazon.com/autoscaling/ec2/userguide/autoscaling-tagging.html

Variables

View Source 
var ControlPlaneEgressRuleDescriptionPrefix = "Allow control plane to communicate with "

ControlPlaneEgressRuleDescriptionPrefix is the prefix applied to the description for control plane security group egress rules.

View Source 
var ControlPlaneNodeGroupEgressRules = []PartialEgressRule{
	controlPlaneEgressInterCluster,
	controlPlaneEgressInterClusterAPI,
}

ControlPlaneNodeGroupEgressRules is a slice of egress rules attached to the control plane security group.

Functions

func AbstractRoleNameFromARN 

func AbstractRoleNameFromARN(arn string) string

AbstractRoleNameFromARN returns the role name from the ARN

func AssignSubnets 

func AssignSubnets(ctx context.Context, np api.NodePool, clusterConfig *api.ClusterConfig, ec2API awsapi.EC2) (*gfnt.Value, error)

AssignSubnets assigns subnets based on the availability zones, local zones and subnet IDs in the specified nodegroup.

func GenerateClusterAutoscalerTags added in v0.117.0 

func GenerateClusterAutoscalerTags(np api.NodePool, addTag func(key, value string))

GenerateClusterAutoscalerTags generates Cluster Autoscaler tags for labels and taints.

func HasManagedNodesSG 

func HasManagedNodesSG(stackResources *gjson.Result) bool

HasManagedNodesSG reports whether the stack has the security group required for communication between managed and unmanaged nodegroups

func MakeServiceRef 

func MakeServiceRef(servicePrincipalName string) *gfnt.Value

MakeServiceRef returns a reference to an intrinsic map function that looks up the servicePrincipalName in ServicePrincipalPartitionMap.

func NormalizeARN 

func NormalizeARN(arn string) string

NormalizeARN returns the ARN with just the last element in the resource path preserved. If the input does not contain at least one forward-slash then the input is returned unmodified.

When providing an existing instanceRoleARN that contains a path other than "/", nodes may fail to join the cluster as the AWS IAM Authenticator does not recognize such ARNs declared in the aws-auth ConfigMap.

See: https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#troubleshoot-container-runtime-network

Types

type AccessEntryResourceSet added in v0.167.0 

type AccessEntryResourceSet struct {
	// contains filtered or unexported fields
}

AccessEntryResourceSet is a resource set for access entry.

func NewAccessEntryResourceSet added in v0.167.0 

func NewAccessEntryResourceSet(clusterName string, accessEntry api.AccessEntry) *AccessEntryResourceSet

NewAccessEntryResourceSet creates and returns a new AccessEntryResourceSet.

func (*AccessEntryResourceSet) AddAllResources added in v0.167.0 

func (a *AccessEntryResourceSet) AddAllResources() error

AddAllResources adds all resources required for creating an access entry.

func (AccessEntryResourceSet) GetAllOutputs added in v0.167.0 

func (r AccessEntryResourceSet) GetAllOutputs(stack types.Stack) error

GetAllOutputs collects all outputs from an instance of an active stack, the outputs are defined by the current resourceSet

func (*AccessEntryResourceSet) RenderJSON added in v0.167.0 

func (a *AccessEntryResourceSet) RenderJSON() ([]byte, error)

RenderJSON implements the ResourceSet interface.

func (*AccessEntryResourceSet) WithIAM added in v0.167.0 

func (*AccessEntryResourceSet) WithIAM() bool

WithIAM implements the ResourceSet interface.

func (*AccessEntryResourceSet) WithNamedIAM added in v0.167.0 

func (*AccessEntryResourceSet) WithNamedIAM() bool

WithNamedIAM implements the ResourceSet interface.

type ClusterResourceSet 

type ClusterResourceSet struct {
	// contains filtered or unexported fields
}

ClusterResourceSet stores the resource information of the cluster

func NewClusterResourceSet 

func NewClusterResourceSet(ec2API awsapi.EC2, region string, spec *api.ClusterConfig, existingStack *gjson.Result, extendForOutposts bool) *ClusterResourceSet

NewClusterResourceSet returns a resource set for the new cluster.

func (*ClusterResourceSet) AddAllResources 

func (c *ClusterResourceSet) AddAllResources(ctx context.Context) error

AddAllResources adds all the information about the cluster to the resource set

func (*ClusterResourceSet) GetAllOutputs 

func (c *ClusterResourceSet) GetAllOutputs(stack types.Stack) error

GetAllOutputs collects all outputs of the cluster

func (*ClusterResourceSet) RenderJSON 

func (c *ClusterResourceSet) RenderJSON() ([]byte, error)

RenderJSON returns the rendered JSON

func (*ClusterResourceSet) Template 

func (c *ClusterResourceSet) Template() gfn.Template

Template returns the CloudFormation template

func (*ClusterResourceSet) WithIAM 

func (c *ClusterResourceSet) WithIAM() bool

WithIAM states, if IAM roles will be created or not

func (*ClusterResourceSet) WithNamedIAM 

func (c *ClusterResourceSet) WithNamedIAM() bool

WithNamedIAM states, if specifically named IAM roles will be created or not

type ExistingVPCResourceSet added in v0.79.0 

type ExistingVPCResourceSet struct {
	// contains filtered or unexported fields
}

func NewExistingVPCResourceSet added in v0.79.0 

func NewExistingVPCResourceSet(rs *resourceSet, clusterConfig *api.ClusterConfig, ec2API awsapi.EC2) *ExistingVPCResourceSet

NewExistingVPCResourceSet creates and returns a new VPCResourceSet

func (*ExistingVPCResourceSet) CreateTemplate added in v0.79.0 

func (v *ExistingVPCResourceSet) CreateTemplate(ctx context.Context) (*gfnt.Value, *SubnetDetails, error)

func (*ExistingVPCResourceSet) RenderJSON added in v0.79.0 

func (v *ExistingVPCResourceSet) RenderJSON() ([]byte, error)

RenderJSON returns the rendered JSON

type FargateResourceSet 

type FargateResourceSet struct {
	// contains filtered or unexported fields
}

FargateResourceSet manages only fargate resources

func NewFargateResourceSet 

func NewFargateResourceSet(spec *api.ClusterConfig) *FargateResourceSet

NewFargateResourceSet returns a resource set for managing fargate resources

func (*FargateResourceSet) AddAllResources 

func (rs *FargateResourceSet) AddAllResources() error

func (*FargateResourceSet) GetAllOutputs 

func (rs *FargateResourceSet) GetAllOutputs(stack types.Stack) error

func (*FargateResourceSet) RenderJSON 

func (rs *FargateResourceSet) RenderJSON() ([]byte, error)

func (*FargateResourceSet) WithIAM 

func (rs *FargateResourceSet) WithIAM() bool

func (*FargateResourceSet) WithNamedIAM 

func (rs *FargateResourceSet) WithNamedIAM() bool

type IAMRoleResourceSet 

type IAMRoleResourceSet struct {
	OutputRole string
	// contains filtered or unexported fields
}

IAMRoleResourceSet holds IAM Role stack build-time information

func NewIAMRoleResourceSetForPodIdentity added in v0.165.0 

func NewIAMRoleResourceSetForPodIdentity(spec *api.PodIdentityAssociation) *IAMRoleResourceSet

func NewIAMRoleResourceSetForPodIdentityWithTrustStatements added in v0.166.0 

func NewIAMRoleResourceSetForPodIdentityWithTrustStatements(spec *api.PodIdentityAssociation, trustStatements []api.IAMStatement) *IAMRoleResourceSet

func NewIAMRoleResourceSetForServiceAccount added in v0.39.0 

func NewIAMRoleResourceSetForServiceAccount(spec *api.ClusterIAMServiceAccount, oidc *iamoidc.OpenIDConnectManager) *IAMRoleResourceSet

func NewIAMRoleResourceSetWithAttachPolicy 

func NewIAMRoleResourceSetWithAttachPolicy(name, namespace, serviceAccount, permissionsBoundary string, attachPolicy api.InlineDocument, oidc *iamoidc.OpenIDConnectManager) *IAMRoleResourceSet

NewIAMRoleResourceSetWithAttachPolicy builds IAM Role stack from the give spec

func NewIAMRoleResourceSetWithAttachPolicyARNs 

func NewIAMRoleResourceSetWithAttachPolicyARNs(name, namespace, serviceAccount, permissionsBoundary string, attachPolicyARNs []string, oidc *iamoidc.OpenIDConnectManager) *IAMRoleResourceSet

NewIAMRoleResourceSetWithAttachPolicyARNs builds IAM Role stack from the give spec

func NewIAMRoleResourceSetWithWellKnownPolicies added in v0.67.0 

func NewIAMRoleResourceSetWithWellKnownPolicies(name, namespace, serviceAccount, permissionsBoundary string, wellKnownPolicies api.WellKnownPolicies, oidc *iamoidc.OpenIDConnectManager) *IAMRoleResourceSet

NewIAMRoleResourceSetWithAttachPolicyARNs builds IAM Role stack from the give spec

func (*IAMRoleResourceSet) AddAllResources 

func (rs *IAMRoleResourceSet) AddAllResources() error

AddAllResources adds all resources for the stack

func (*IAMRoleResourceSet) GetAllOutputs 

func (rs *IAMRoleResourceSet) GetAllOutputs(stack types.Stack) error

GetAllOutputs will get all outputs from iamserviceaccount stack

func (*IAMRoleResourceSet) RenderJSON 

func (rs *IAMRoleResourceSet) RenderJSON() ([]byte, error)

RenderJSON will render iamserviceaccount stack as JSON

func (*IAMRoleResourceSet) WithIAM 

func (*IAMRoleResourceSet) WithIAM() bool

WithIAM returns true

func (*IAMRoleResourceSet) WithNamedIAM 

func (rs *IAMRoleResourceSet) WithNamedIAM() bool

WithNamedIAM returns false

type IPv4VPCResourceSet added in v0.79.0 

type IPv4VPCResourceSet struct {
	// contains filtered or unexported fields
}

A IPv4VPCResourceSet builds the resources required for the specified VPC

func NewIPv4VPCResourceSet added in v0.79.0 

func NewIPv4VPCResourceSet(rs *resourceSet, clusterConfig *api.ClusterConfig, ec2API awsapi.EC2, extendForOutposts bool) *IPv4VPCResourceSet

NewIPv4VPCResourceSet creates and returns a new VPCResourceSet

func (*IPv4VPCResourceSet) CreateTemplate added in v0.79.0 

func (v *IPv4VPCResourceSet) CreateTemplate(ctx context.Context) (*gfnt.Value, *SubnetDetails, error)

func (*IPv4VPCResourceSet) RenderJSON added in v0.79.0 

func (v *IPv4VPCResourceSet) RenderJSON() ([]byte, error)

RenderJSON returns the rendered JSON

type IPv6VPCResourceSet added in v0.79.0 

type IPv6VPCResourceSet struct {
	// contains filtered or unexported fields
}

A IPv6VPCResourceSet builds the resources required for the specified VPC

func NewIPv6VPCResourceSet added in v0.79.0 

func NewIPv6VPCResourceSet(rs *resourceSet, clusterConfig *api.ClusterConfig, ec2API awsapi.EC2) *IPv6VPCResourceSet

NewIPv6VPCResourceSet creates and returns a new VPCResourceSet

func (*IPv6VPCResourceSet) CreateTemplate added in v0.79.0 

func (v *IPv6VPCResourceSet) CreateTemplate(ctx context.Context) (*gfnt.Value, *SubnetDetails, error)

func (*IPv6VPCResourceSet) RenderJSON added in v0.79.0 

func (v *IPv6VPCResourceSet) RenderJSON() ([]byte, error)

type KarpenterResourceSet added in v0.80.0 

type KarpenterResourceSet struct {
	// contains filtered or unexported fields
}

KarpenterResourceSet stores the resource information of the Karpenter stack

func NewKarpenterResourceSet added in v0.80.0 

func NewKarpenterResourceSet(spec *api.ClusterConfig, instanceProfileName string) *KarpenterResourceSet

NewKarpenterResourceSet returns a resource set for a Karpenter embedded in a cluster config

func (*KarpenterResourceSet) AddAllResources added in v0.80.0 

func (k *KarpenterResourceSet) AddAllResources() error

AddAllResources adds all the information about Karpenter to the resource set

func (*KarpenterResourceSet) GetAllOutputs added in v0.80.0 

func (k *KarpenterResourceSet) GetAllOutputs(stack types.Stack) error

GetAllOutputs collects all outputs of the nodegroup

func (*KarpenterResourceSet) RenderJSON added in v0.80.0 

func (k *KarpenterResourceSet) RenderJSON() ([]byte, error)

RenderJSON returns the rendered JSON

func (*KarpenterResourceSet) Template added in v0.80.0 

func (k *KarpenterResourceSet) Template() gfn.Template

Template returns the CloudFormation template

func (*KarpenterResourceSet) WithIAM added in v0.80.0 

func (k *KarpenterResourceSet) WithIAM() bool

WithIAM implements the ResourceSet interface

func (*KarpenterResourceSet) WithNamedIAM added in v0.80.0 

func (k *KarpenterResourceSet) WithNamedIAM() bool

WithNamedIAM implements the ResourceSet interface

type LaunchTemplateFetcher 

type LaunchTemplateFetcher struct {
	// contains filtered or unexported fields
}

LaunchTemplateFetcher fetches launch template data

func NewLaunchTemplateFetcher 

func NewLaunchTemplateFetcher(fetcher launchTemplateFetcher) *LaunchTemplateFetcher

NewLaunchTemplateFetcher creates a new LaunchTemplateFetcher

func (*LaunchTemplateFetcher) Fetch 

func (l *LaunchTemplateFetcher) Fetch(ctx context.Context, launchTemplate *api.LaunchTemplate) (*ec2types.ResponseLaunchTemplateData, error)

Fetch fetches the specified launch template

type ManagedNodeGroupResourceSet 

type ManagedNodeGroupResourceSet struct {
	// contains filtered or unexported fields
}

ManagedNodeGroupResourceSet defines the CloudFormation resources required for a managed nodegroup

func NewManagedNodeGroup 

func NewManagedNodeGroup(ec2API awsapi.EC2, cluster *api.ClusterConfig, nodeGroup *api.ManagedNodeGroup, launchTemplateFetcher *LaunchTemplateFetcher, bootstrapper nodebootstrap.Bootstrapper, forceAddCNIPolicy bool, vpcImporter vpc.Importer) *ManagedNodeGroupResourceSet

NewManagedNodeGroup creates a new ManagedNodeGroupResourceSet

func (*ManagedNodeGroupResourceSet) AddAllResources 

func (m *ManagedNodeGroupResourceSet) AddAllResources(ctx context.Context) error

AddAllResources adds all required CloudFormation resources

func (ManagedNodeGroupResourceSet) GetAllOutputs 

func (r ManagedNodeGroupResourceSet) GetAllOutputs(stack types.Stack) error

GetAllOutputs collects all outputs from an instance of an active stack, the outputs are defined by the current resourceSet

func (*ManagedNodeGroupResourceSet) RenderJSON 

func (m *ManagedNodeGroupResourceSet) RenderJSON() ([]byte, error)

RenderJSON implements the ResourceSet interface

func (*ManagedNodeGroupResourceSet) WithIAM 

func (m *ManagedNodeGroupResourceSet) WithIAM() bool

WithIAM implements the ResourceSet interface

func (*ManagedNodeGroupResourceSet) WithNamedIAM 

func (m *ManagedNodeGroupResourceSet) WithNamedIAM() bool

WithNamedIAM implements the ResourceSet interface

type NodeGroupOptions added in v0.157.0 

type NodeGroupOptions struct {
	ClusterConfig              *api.ClusterConfig
	NodeGroup                  *api.NodeGroup
	Bootstrapper               nodebootstrap.Bootstrapper
	ForceAddCNIPolicy          bool
	VPCImporter                vpc.Importer
	SkipEgressRules            bool
	DisableAccessEntryCreation bool
}

NodeGroupOptions represents options passed to a NodeGroupResourceSet.

type NodeGroupResourceSet 

type NodeGroupResourceSet struct {
	// contains filtered or unexported fields
}

NodeGroupResourceSet stores the resource information of the nodegroup

func NewNodeGroupResourceSet 

func NewNodeGroupResourceSet(ec2API awsapi.EC2, iamAPI awsapi.IAM, options NodeGroupOptions) *NodeGroupResourceSet

NewNodeGroupResourceSet returns a resource set for a nodegroup embedded in a cluster config

func (*NodeGroupResourceSet) AddAllResources 

func (n *NodeGroupResourceSet) AddAllResources(ctx context.Context) error

AddAllResources adds all the information about the nodegroup to the resource set

func (*NodeGroupResourceSet) GetAllOutputs 

func (n *NodeGroupResourceSet) GetAllOutputs(stack types.Stack) error

GetAllOutputs collects all outputs of the nodegroup

func (*NodeGroupResourceSet) RenderJSON 

func (n *NodeGroupResourceSet) RenderJSON() ([]byte, error)

RenderJSON returns the rendered JSON

func (*NodeGroupResourceSet) Template 

func (n *NodeGroupResourceSet) Template() gfn.Template

Template returns the CloudFormation template

func (*NodeGroupResourceSet) WithIAM 

func (n *NodeGroupResourceSet) WithIAM() bool

WithIAM states, if IAM roles will be created or not

func (*NodeGroupResourceSet) WithNamedIAM 

func (n *NodeGroupResourceSet) WithNamedIAM() bool

WithNamedIAM states, if specifically named IAM roles will be created or not

type PartialEgressRule added in v0.157.0 

type PartialEgressRule struct {
	FromPort   int
	ToPort     int
	IPProtocol string
}

A PartialEgressRule represents a partial security group egress rule.

type ResourceSet 

type ResourceSet interface {
	AddAllResources() error
	ResourceSetReader
}

ResourceSet is an interface which cluster and nodegroup builders must implement

type ResourceSetReader added in v0.94.0 

type ResourceSetReader interface {
	RenderJSON() ([]byte, error)
	WithIAM() bool
	WithNamedIAM() bool
	GetAllOutputs(types.Stack) error
}

ResourceSetReader contains the set of operations required to create a stack and to collect outputs.

type SubnetDetails added in v0.79.0 

type SubnetDetails struct {
	Private          []SubnetResource
	Public           []SubnetResource
	PrivateLocalZone []SubnetResource
	PublicLocalZone  []SubnetResource
	// contains filtered or unexported fields
}

func (*SubnetDetails) ControlPlaneSubnetRefs added in v0.112.0 

func (s *SubnetDetails) ControlPlaneSubnetRefs() []*gfnt.Value

func (*SubnetDetails) PrivateLocalZoneSubnetRefs added in v0.97.0 

func (s *SubnetDetails) PrivateLocalZoneSubnetRefs() []*gfnt.Value

func (*SubnetDetails) PrivateOutpostSubnetRefs added in v0.112.0 

func (s *SubnetDetails) PrivateOutpostSubnetRefs() []*gfnt.Value

func (*SubnetDetails) PrivateSubnetRefs added in v0.79.0 

func (s *SubnetDetails) PrivateSubnetRefs() []*gfnt.Value

func (*SubnetDetails) PublicLocalZoneSubnetRefs added in v0.97.0 

func (s *SubnetDetails) PublicLocalZoneSubnetRefs() []*gfnt.Value

func (*SubnetDetails) PublicOutpostSubnetRefs added in v0.112.0 

func (s *SubnetDetails) PublicOutpostSubnetRefs() []*gfnt.Value

func (*SubnetDetails) PublicSubnetRefs added in v0.79.0 

func (s *SubnetDetails) PublicSubnetRefs() []*gfnt.Value

type SubnetResource added in v0.46.0 

type SubnetResource struct {
	Subnet           *gfnt.Value
	RouteTable       *gfnt.Value
	AvailabilityZone string
	// contains filtered or unexported fields
}

type VPCEndpointResourceSet 

type VPCEndpointResourceSet struct {
	// contains filtered or unexported fields
}

A VPCEndpointResourceSet holds the resources required for VPC endpoints.

func NewVPCEndpointResourceSet 

func NewVPCEndpointResourceSet(ec2API awsapi.EC2, region string, rs *resourceSet, clusterConfig *api.ClusterConfig, vpc *gfnt.Value, subnets []SubnetResource, clusterSharedSG *gfnt.Value) *VPCEndpointResourceSet

NewVPCEndpointResourceSet creates a new VPCEndpointResourceSet.

func (*VPCEndpointResourceSet) AddResources 

func (e *VPCEndpointResourceSet) AddResources(ctx context.Context) error

AddResources adds resources for VPC endpoints.

type VPCEndpointServiceDetails 

type VPCEndpointServiceDetails struct {
	ServiceName         string
	ServiceReadableName string
	EndpointType        string
	AvailabilityZones   []string
}

VPCEndpointServiceDetails holds the details for a VPC endpoint service.

type VPCResourceSet 

type VPCResourceSet interface {
	// CreateTemplate generates all of the resources & outputs required for the VPC. Returns the
	CreateTemplate(ctx context.Context) (vpcID *gfnt.Value, subnetDetails *SubnetDetails, err error)
}

VPCResourceSet interface for creating cloudformation resource sets for generating VPC resources

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.