Documentation

Overview

Package v1alpha1 contains API Schema definitions for the bootstrap v1alpha1 API group +kubebuilder:object:generate=true +k8s:deepcopy-gen=package,register +k8s:defaulter-gen=TypeMeta +groupName=bootstrap.aws.infrastructure.cluster.x-k8s.io

Index

Constants

const (
	// DefaultBootstrapUserName is the default bootstrap user name.
	DefaultBootstrapUserName = "bootstrapper.cluster-api-provider-aws.sigs.k8s.io"
	// DefaultStackName is the default CloudFormation stack name.
	DefaultStackName = "cluster-api-provider-aws-sigs-k8s-io"
)

const GroupName = "bootstrap.aws.infrastructure.cluster.x-k8s.io"

GroupName is the group name used in this package


Variables

var (
	// SchemeGroupVersion is the fully qualified group and version
	SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}
	// SchemeBuilder is the scheme builder with scheme init functions to run for this API package
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)

	// AddToScheme is a global function that registers this API group & version to a scheme
	AddToScheme = localSchemeBuilder.AddToScheme
)

Functions

func RegisterDefaults

func RegisterDefaults(scheme *runtime.Scheme) error

RegisterDefaults adds defaulters functions to the given scheme. Public to allow building arbitrary schemes. All generated defaulters are covering - they call all nested defaulters.

func SetDefaults_AWSIAMConfiguration

func SetDefaults_AWSIAMConfiguration(obj *AWSIAMConfiguration)

SetDefaults_AWSIAMConfiguration is used by defaulter-gen

func SetDefaults_AWSIAMConfigurationSpec

func SetDefaults_AWSIAMConfigurationSpec(obj *AWSIAMConfigurationSpec)

SetDefaults_AWSIAMConfigurationSpec is used by defaulter-gen

func SetDefaults_BootstrapUser

func SetDefaults_BootstrapUser(obj *BootstrapUser)

SetDefaults_BootstrapUser is used by defaulter-gen

func SetObjectDefaults_AWSIAMConfiguration

func SetObjectDefaults_AWSIAMConfiguration(in *AWSIAMConfiguration)

Types

type AWSIAMConfiguration

type AWSIAMConfiguration struct {
	metav1.TypeMeta `json:",inline"`

	Spec AWSIAMConfigurationSpec `json:"spec,omitempty"`
}

+kubebuilder:object:root=true +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object AWSIAMConfiguration controls the creation of AWS Identity and Access Management (IAM) resources for use by Kubernetes clusters and Kubernetes Cluster API Provider AWS.

func NewAWSIAMConfiguration

func NewAWSIAMConfiguration() *AWSIAMConfiguration

func (*AWSIAMConfiguration) DeepCopy

func (in *AWSIAMConfiguration) DeepCopy() *AWSIAMConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIAMConfiguration.

func (*AWSIAMConfiguration) DeepCopyInto

func (in *AWSIAMConfiguration) DeepCopyInto(out *AWSIAMConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AWSIAMConfiguration) DeepCopyObject

func (in *AWSIAMConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AWSIAMConfiguration) GetObjectKind

func (obj *AWSIAMConfiguration) GetObjectKind() schema.ObjectKind

type AWSIAMConfigurationSpec

type AWSIAMConfigurationSpec struct {
	// NamePrefix will be prepended to every AWS IAM role, user and policy created by clusterawsadm. Defaults to "".
	NamePrefix string `json:"namePrefix,omitempty"`

	// NameSuffix will be appended to every AWS IAM role, user and policy created by clusterawsadm. Defaults to
	// ".cluster-api-provider-aws.sigs.k8s.io".
	NameSuffix *string `json:"nameSuffix,omitempty"`

	// ControlPlane controls the configuration of the AWS IAM role for a Kubernetes cluster's control plane nodes.
	ControlPlane ControlPlane `json:"controlPlane,omitempty"`

	// ClusterAPIControllers controls the configuration of an IAM role and policy specifically for Kubernetes Cluster API Provider AWS.
	ClusterAPIControllers ClusterAPIControllers `json:"clusterAPIControllers,omitempty"`

	// Nodes controls the configuration of the AWS IAM role for all nodes in a Kubernetes cluster.
	Nodes Nodes `json:"nodes,omitempty"`

	// BootstrapUser contains a list of elements that is specific
	// to the configuration and enablement of an IAM user.
	BootstrapUser BootstrapUser `json:"bootstrapUser,omitempty"`

	// StackName defines the name of the AWS CloudFormation stack.
	StackName string `json:"stackName,omitempty"`

	// Region controls which region the control-plane is created in if not specified on the command line or
	// via environment variables.
	Region string `json:"region,omitempty"`

	// EKS controls the configuration related to EKS. Settings in here affect the control plane
	// and nodes roles
	EKS *EKSConfig `json:"eks,omitempty"`

	// SecureSecretsBackend, when set to parameter-store will create AWS Systems Manager
	// Parameter Storage policies. By default or with the value of secrets-manager,
	// will generate AWS Secrets Manager policies instead.
	// +kubebuilder:validation:Enum=secrets-manager;ssm-parameter-store
	SecureSecretsBackends []infrav1.SecretBackend `json:"secureSecretBackends,omitempty"`
}

AWSIAMConfigurationSpec defines the specification of the AWSIAMConfiguration.

func (*AWSIAMConfigurationSpec) DeepCopy

func (in *AWSIAMConfigurationSpec) DeepCopy() *AWSIAMConfigurationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIAMConfigurationSpec.

func (*AWSIAMConfigurationSpec) DeepCopyInto

func (in *AWSIAMConfigurationSpec) DeepCopyInto(out *AWSIAMConfigurationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AWSIAMRoleSpec

type AWSIAMRoleSpec struct {
	// Disable if set to true will not create the AWS IAM role. Defaults to false.
	Disable bool `json:"disable"` // default: false

	// ExtraPolicyAttachments is a list of additional policies to be attached to the IAM role.
	ExtraPolicyAttachments []string `json:"extraPolicyAttachments,omitempty"`

	// ExtraStatements are additional IAM statements to be included inline for the role.
	ExtraStatements []iamv1.StatementEntry `json:"extraStatements,omitempty"`

	// TrustStatements is an IAM PolicyDocument defining what principals are allowed to assume this role.
	// See "sigs.k8s.io/cluster-api-provider-aws/cmd/clusterawsadm/api/iam/v1alpha1" for more documentation.
	TrustStatements []iamv1.StatementEntry `json:"trustStatements,omitempty"`

	// Tags is a map of tags to be applied to the AWS IAM role.
	Tags infrav1.Tags `json:"tags,omitempty"`
}

AWSIAMRoleSpec defines common configuration for AWS IAM roles created by Kubernetes Cluster API Provider AWS

func (*AWSIAMRoleSpec) DeepCopy

func (in *AWSIAMRoleSpec) DeepCopy() *AWSIAMRoleSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AWSIAMRoleSpec.

func (*AWSIAMRoleSpec) DeepCopyInto

func (in *AWSIAMRoleSpec) DeepCopyInto(out *AWSIAMRoleSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BootstrapUser

type BootstrapUser struct {

	// Enable controls whether or not a bootstrap AWS IAM user will be created.
	// This can be used to scope down the initial credentials used to bootstrap the
	// cluster.
	// Defaults to false.
	Enable bool `json:"enable"`

	// UserName controls the username of the bootstrap user. Defaults to
	// "bootstrapper.cluster-api-provider-aws.sigs.k8s.io"
	UserName string `json:"userName,omitempty"`

	// GroupName controls the group the user will belong to. Defaults to
	// "bootstrapper.cluster-api-provider-aws.sigs.k8s.io"
	GroupName string `json:"groupName,omitempty"`

	// ExtraPolicyAttachments is a list of additional policies to be attached to the IAM user.
	ExtraPolicyAttachments []string `json:"extraPolicyAttachments,omitempty"`

	// ExtraGroups is a list of groups to add this user to.
	ExtraGroups []string `json:"extraGroups,omitempty"`

	// ExtraStatements are additional AWS IAM policy document statements to be included inline for the user.
	ExtraStatements []iamv1.StatementEntry `json:"extraStatements,omitempty"`

	// Tags is a map of tags to be applied to the AWS IAM user.
	Tags infrav1.Tags `json:"tags,omitempty"`
}

BootstrapUser contains a list of elements that is specific to the configuration and enablement of an IAM user.

func (*BootstrapUser) DeepCopy

func (in *BootstrapUser) DeepCopy() *BootstrapUser

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BootstrapUser.

func (*BootstrapUser) DeepCopyInto

func (in *BootstrapUser) DeepCopyInto(out *BootstrapUser)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ClusterAPIControllers

type ClusterAPIControllers struct {
	AWSIAMRoleSpec `json:",inline"`
	// AllowedEC2InstanceProfiles controls which EC2 roles are allowed to be
	// consumed by Cluster API when creating an ec2 instance. Defaults to
	// *.<suffix>, where suffix is defaulted to .cluster-api-provider-aws.sigs.k8s.io
	AllowedEC2InstanceProfiles []string `json:"allowedEC2InstanceProfiles,omitempty"`
}

ClusterAPIControllers controls the configuration of the AWS IAM role for the Kubernetes Cluster API Provider AWS controller.

func (*ClusterAPIControllers) DeepCopy

func (in *ClusterAPIControllers) DeepCopy() *ClusterAPIControllers

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterAPIControllers.

func (*ClusterAPIControllers) DeepCopyInto

func (in *ClusterAPIControllers) DeepCopyInto(out *ClusterAPIControllers)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type ControlPlane

type ControlPlane struct {
	AWSIAMRoleSpec `json:",inline"`

	// DisableClusterAPIControllerPolicyAttachment, if set to true, will not attach the AWS IAM policy for Cluster
	// API Provider AWS to the control plane role. Defaults to false.
	DisableClusterAPIControllerPolicyAttachment bool `json:"disableClusterAPIControllerPolicyAttachment,omitempty"`

	// DisableCloudProviderPolicy if set to true, will not generate and attach the AWS IAM policy for the AWS Cloud Provider.
	DisableCloudProviderPolicy bool `json:"disableCloudProviderPolicy"`

	// EnableCSIPolicy if set to true, will generate and attach the AWS IAM policy for the EBS CSI Driver.
	EnableCSIPolicy bool `json:"enableCSIPolicy"`
}

ControlPlane controls the configuration of the AWS IAM role for the control plane of provisioned Kubernetes clusters.

func (*ControlPlane) DeepCopy

func (in *ControlPlane) DeepCopy() *ControlPlane

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ControlPlane.

func (*ControlPlane) DeepCopyInto

func (in *ControlPlane) DeepCopyInto(out *ControlPlane)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type EKSConfig

type EKSConfig struct {
	// Enable controls whether EKS-related permissions are granted
	Enable bool `json:"enable,omitempty"`
	// AllowIAMRoleCreation controls whether the EKS controllers have permissions for creating IAM
	// roles per cluster
	AllowIAMRoleCreation bool `json:"iamRoleCreation,omitempty"`
	// DefaultControlPlaneRole controls the configuration of the AWS IAM role for
	// the EKS control plane. This is the default role that will be used if
	// no role is included in the spec and automatic creation of the role
	// isn't enabled
	DefaultControlPlaneRole AWSIAMRoleSpec `json:"defaultControlPlaneRole,omitempty"`
	// ManagedMachinePool controls the configuration of the AWS IAM role for
	// used by EKS managed machine pools.
	ManagedMachinePool *AWSIAMRoleSpec `json:"managedMachinePool,omitempty"`
}

EKSConfig represents the EKS related configuration config

func (*EKSConfig) DeepCopy

func (in *EKSConfig) DeepCopy() *EKSConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new EKSConfig.

func (*EKSConfig) DeepCopyInto

func (in *EKSConfig) DeepCopyInto(out *EKSConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type Nodes

type Nodes struct {
	AWSIAMRoleSpec `json:",inline"`

	// DisableCloudProviderPolicy if set to true, will not generate and attach the policy for the AWS Cloud Provider.
	// Defaults to false.
	DisableCloudProviderPolicy bool `json:"disableCloudProviderPolicy"`

	// EC2ContainerRegistryReadOnly controls whether the node has read-only access to the
	// EC2 container registry
	EC2ContainerRegistryReadOnly bool `json:"ec2ContainerRegistryReadOnly"`
}

Nodes controls the configuration of the AWS IAM role for worker nodes in a cluster created by Kubernetes Cluster API Provider AWS.

func (*Nodes) DeepCopy

func (in *Nodes) DeepCopy() *Nodes

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Nodes.

func (*Nodes) DeepCopyInto

func (in *Nodes) DeepCopyInto(out *Nodes)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Directories

Path Synopsis
scheme