github.com/openshift/installer@v1.4.17/upi/aws/cloudformation/04_cluster_bootstrap.yaml (about) 1 AWSTemplateFormatVersion: 2010-09-09 2 Description: Template for OpenShift Cluster Bootstrap (EC2 Instance, Security Groups and IAM) 3 4 Parameters: 5 InfrastructureName: 6 AllowedPattern: ^([a-zA-Z][a-zA-Z0-9\-]{0,26})$ 7 MaxLength: 27 8 MinLength: 1 9 ConstraintDescription: Infrastructure name must be alphanumeric, start with a letter, and have a maximum of 27 characters. 10 Description: A short, unique cluster ID used to tag cloud resources and identify items owned or used by the cluster. 11 Type: String 12 RhcosAmi: 13 Description: Current Red Hat Enterprise Linux CoreOS AMI to use for bootstrap. 14 Type: AWS::EC2::Image::Id 15 AllowedBootstrapSshCidr: 16 AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|1[0-9]|2[0-9]|3[0-2]))$ 17 ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/0-32. 18 Default: 0.0.0.0/0 19 Description: CIDR block to allow SSH access to the bootstrap node. 20 Type: String 21 PublicSubnet: 22 Description: The public subnet to launch the bootstrap node into. 23 Type: AWS::EC2::Subnet::Id 24 MasterSecurityGroupId: 25 Description: The master security group ID for registering temporary rules. 26 Type: AWS::EC2::SecurityGroup::Id 27 VpcId: 28 Description: The VPC-scoped resources will belong to this VPC. 29 Type: AWS::EC2::VPC::Id 30 BootstrapIgnitionLocation: 31 Default: s3://my-s3-bucket/bootstrap.ign 32 Description: Ignition config file location. 33 Type: String 34 AutoRegisterELB: 35 Default: "yes" 36 AllowedValues: 37 - "yes" 38 - "no" 39 Description: Do you want to invoke NLB registration, which requires a Lambda ARN parameter? 40 Type: String 41 RegisterNlbIpTargetsLambdaArn: 42 Description: ARN for NLB IP target registration lambda. 43 Type: String 44 ExternalApiTargetGroupArn: 45 Description: ARN for external API load balancer target group. 46 Type: String 47 InternalApiTargetGroupArn: 48 Description: ARN for internal API load balancer target group. 49 Type: String 50 InternalServiceTargetGroupArn: 51 Description: ARN for internal service load balancer target group. 52 Type: String 53 BootstrapInstanceType: 54 Description: Instance type for the bootstrap EC2 instance 55 Default: "i3.large" 56 Type: String 57 58 Metadata: 59 AWS::CloudFormation::Interface: 60 ParameterGroups: 61 - Label: 62 default: "Cluster Information" 63 Parameters: 64 - InfrastructureName 65 - Label: 66 default: "Host Information" 67 Parameters: 68 - RhcosAmi 69 - BootstrapIgnitionLocation 70 - MasterSecurityGroupId 71 - Label: 72 default: "Network Configuration" 73 Parameters: 74 - VpcId 75 - AllowedBootstrapSshCidr 76 - PublicSubnet 77 - Label: 78 default: "Load Balancer Automation" 79 Parameters: 80 - AutoRegisterELB 81 - RegisterNlbIpTargetsLambdaArn 82 - ExternalApiTargetGroupArn 83 - InternalApiTargetGroupArn 84 - InternalServiceTargetGroupArn 85 ParameterLabels: 86 InfrastructureName: 87 default: "Infrastructure Name" 88 VpcId: 89 default: "VPC ID" 90 AllowedBootstrapSshCidr: 91 default: "Allowed SSH Source" 92 PublicSubnet: 93 default: "Public Subnet" 94 RhcosAmi: 95 default: "Red Hat Enterprise Linux CoreOS AMI ID" 96 BootstrapIgnitionLocation: 97 default: "Bootstrap Ignition Source" 98 MasterSecurityGroupId: 99 default: "Master Security Group ID" 100 AutoRegisterELB: 101 default: "Use Provided ELB Automation" 102 103 Conditions: 104 DoRegistration: !Equals ["yes", !Ref AutoRegisterELB] 105 106 Resources: 107 BootstrapIamRole: 108 Type: AWS::IAM::Role 109 Properties: 110 AssumeRolePolicyDocument: 111 Version: "2012-10-17" 112 Statement: 113 - Effect: "Allow" 114 Principal: 115 Service: 116 - "ec2.amazonaws.com" 117 Action: 118 - "sts:AssumeRole" 119 Path: "/" 120 Policies: 121 - PolicyName: !Join ["-", [!Ref InfrastructureName, "bootstrap", "policy"]] 122 PolicyDocument: 123 Version: "2012-10-17" 124 Statement: 125 - Effect: "Allow" 126 Action: "ec2:Describe*" 127 Resource: "*" 128 - Effect: "Allow" 129 Action: "ec2:AttachVolume" 130 Resource: "*" 131 - Effect: "Allow" 132 Action: "ec2:DetachVolume" 133 Resource: "*" 134 - Effect: "Allow" 135 Action: "s3:GetObject" 136 Resource: "*" 137 138 BootstrapInstanceProfile: 139 Type: "AWS::IAM::InstanceProfile" 140 Properties: 141 Path: "/" 142 Roles: 143 - Ref: "BootstrapIamRole" 144 145 BootstrapSecurityGroup: 146 Type: AWS::EC2::SecurityGroup 147 Properties: 148 GroupDescription: Cluster Bootstrap Security Group 149 SecurityGroupIngress: 150 - IpProtocol: tcp 151 FromPort: 22 152 ToPort: 22 153 CidrIp: !Ref AllowedBootstrapSshCidr 154 - IpProtocol: tcp 155 ToPort: 19531 156 FromPort: 19531 157 CidrIp: 0.0.0.0/0 158 VpcId: !Ref VpcId 159 160 BootstrapInstance: 161 Type: AWS::EC2::Instance 162 Properties: 163 ImageId: !Ref RhcosAmi 164 IamInstanceProfile: !Ref BootstrapInstanceProfile 165 InstanceType: !Ref BootstrapInstanceType 166 NetworkInterfaces: 167 - AssociatePublicIpAddress: "true" 168 DeviceIndex: "0" 169 GroupSet: 170 - !Ref "BootstrapSecurityGroup" 171 - !Ref "MasterSecurityGroupId" 172 SubnetId: !Ref "PublicSubnet" 173 UserData: 174 Fn::Base64: !Sub 175 - '{"ignition":{"config":{"replace":{"source":"${S3Loc}"}},"version":"3.1.0"}}' 176 - { 177 S3Loc: !Ref BootstrapIgnitionLocation 178 } 179 180 RegisterBootstrapApiTarget: 181 Condition: DoRegistration 182 Type: Custom::NLBRegister 183 Properties: 184 ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn 185 TargetArn: !Ref ExternalApiTargetGroupArn 186 TargetIp: !GetAtt BootstrapInstance.PrivateIp 187 188 RegisterBootstrapInternalApiTarget: 189 Condition: DoRegistration 190 Type: Custom::NLBRegister 191 Properties: 192 ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn 193 TargetArn: !Ref InternalApiTargetGroupArn 194 TargetIp: !GetAtt BootstrapInstance.PrivateIp 195 196 RegisterBootstrapInternalServiceTarget: 197 Condition: DoRegistration 198 Type: Custom::NLBRegister 199 Properties: 200 ServiceToken: !Ref RegisterNlbIpTargetsLambdaArn 201 TargetArn: !Ref InternalServiceTargetGroupArn 202 TargetIp: !GetAtt BootstrapInstance.PrivateIp 203 204 Outputs: 205 BootstrapInstanceId: 206 Description: Bootstrap Instance ID. 207 Value: !Ref BootstrapInstance 208 209 BootstrapPublicIp: 210 Description: The bootstrap node public IP address. 211 Value: !GetAtt BootstrapInstance.PublicIp 212 213 BootstrapPrivateIp: 214 Description: The bootstrap node private IP address. 215 Value: !GetAtt BootstrapInstance.PrivateIp