sigs.k8s.io/cluster-api-provider-aws@v1.5.5/config/crd/bases/controlplane.cluster.x-k8s.io_awsmanagedcontrolplanes.yaml (about) 1 --- 2 apiVersion: apiextensions.k8s.io/v1 3 kind: CustomResourceDefinition 4 metadata: 5 annotations: 6 controller-gen.kubebuilder.io/version: v0.7.1-0.20211110210727-ab52f76cc7d1 7 creationTimestamp: null 8 name: awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io 9 spec: 10 group: controlplane.cluster.x-k8s.io 11 names: 12 categories: 13 - cluster-api 14 kind: AWSManagedControlPlane 15 listKind: AWSManagedControlPlaneList 16 plural: awsmanagedcontrolplanes 17 shortNames: 18 - awsmcp 19 singular: awsmanagedcontrolplane 20 scope: Namespaced 21 versions: 22 - additionalPrinterColumns: 23 - description: Cluster to which this AWSManagedControl belongs 24 jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name 25 name: Cluster 26 type: string 27 - description: Control plane infrastructure is ready for worker nodes 28 jsonPath: .status.ready 29 name: Ready 30 type: string 31 - description: AWS VPC the control plane is using 32 jsonPath: .spec.networkSpec.vpc.id 33 name: VPC 34 type: string 35 - description: API Endpoint 36 jsonPath: .spec.controlPlaneEndpoint.host 37 name: Endpoint 38 priority: 1 39 type: string 40 - description: Bastion IP address for breakglass access 41 jsonPath: .status.bastion.publicIp 42 name: Bastion IP 43 type: string 44 name: v1alpha3 45 schema: 46 openAPIV3Schema: 47 description: AWSManagedControlPlane is the Schema for the awsmanagedcontrolplanes 48 API 49 properties: 50 apiVersion: 51 description: 'APIVersion defines the versioned schema of this representation 52 of an object. Servers should convert recognized schemas to the latest 53 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 54 type: string 55 kind: 56 description: 'Kind is a string value representing the REST resource this 57 object represents. Servers may infer this from the endpoint the client 58 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 59 type: string 60 metadata: 61 type: object 62 spec: 63 description: AWSManagedControlPlaneSpec defines the desired state of AWSManagedControlPlane 64 properties: 65 additionalTags: 66 additionalProperties: 67 type: string 68 description: AdditionalTags is an optional set of tags to add to AWS 69 resources managed by the AWS provider, in addition to the ones added 70 by default. 71 type: object 72 addons: 73 description: Addons defines the EKS addons to enable with the EKS 74 cluster. 75 items: 76 description: Addon represents a EKS addon 77 properties: 78 conflictResolution: 79 default: none 80 description: ConflictResolution is used to declare what should 81 happen if there are parameter conflicts. Defaults to none 82 enum: 83 - overwrite 84 - none 85 type: string 86 name: 87 description: Name is the name of the addon 88 minLength: 2 89 type: string 90 serviceAccountRoleARN: 91 description: ServiceAccountRoleArn is the ARN of an IAM role 92 to bind to the addons service account 93 type: string 94 version: 95 description: Version is the version of the addon to use 96 type: string 97 required: 98 - name 99 - version 100 type: object 101 type: array 102 associateOIDCProvider: 103 default: false 104 description: AssociateOIDCProvider can be enabled to automatically 105 create an identity provider for the controller for use with IAM 106 roles for service accounts 107 type: boolean 108 bastion: 109 description: Bastion contains options to configure the bastion host. 110 properties: 111 allowedCIDRBlocks: 112 description: AllowedCIDRBlocks is a list of CIDR blocks allowed 113 to access the bastion host. They are set as ingress rules for 114 the Bastion host's Security Group (defaults to 0.0.0.0/0). 115 items: 116 type: string 117 type: array 118 ami: 119 description: AMI will use the specified AMI to boot the bastion. 120 If not specified, the AMI will default to one picked out in 121 public space. 122 type: string 123 disableIngressRules: 124 description: DisableIngressRules will ensure there are no Ingress 125 rules in the bastion host's security group. Requires AllowedCIDRBlocks 126 to be empty. 127 type: boolean 128 enabled: 129 description: Enabled allows this provider to create a bastion 130 host instance with a public ip to access the VPC private network. 131 type: boolean 132 instanceType: 133 description: InstanceType will use the specified instance type 134 for the bastion. If not specified, Cluster API Provider AWS 135 will use t3.micro for all regions except us-east-1, where t2.micro 136 will be the default. 137 type: string 138 type: object 139 controlPlaneEndpoint: 140 description: ControlPlaneEndpoint represents the endpoint used to 141 communicate with the control plane. 142 properties: 143 host: 144 description: The hostname on which the API server is serving. 145 type: string 146 port: 147 description: The port on which the API server is serving. 148 format: int32 149 type: integer 150 required: 151 - host 152 - port 153 type: object 154 disableVPCCNI: 155 default: false 156 description: DisableVPCCNI indicates that the Amazon VPC CNI should 157 be disabled. With EKS clusters the Amazon VPC CNI is automatically 158 installed into the cluster. For clusters where you want to use an 159 alternate CNI this option provides a way to specify that the Amazon 160 VPC CNI should be deleted. You cannot set this to true if you are 161 using the Amazon VPC CNI addon. 162 type: boolean 163 eksClusterName: 164 description: EKSClusterName allows you to specify the name of the 165 EKS cluster in AWS. If you don't specify a name then a default name 166 will be created based on the namespace and name of the managed control 167 plane. 168 type: string 169 encryptionConfig: 170 description: EncryptionConfig specifies the encryption configuration 171 for the cluster 172 properties: 173 provider: 174 description: Provider specifies the ARN or alias of the CMK (in 175 AWS KMS) 176 type: string 177 resources: 178 description: Resources specifies the resources to be encrypted 179 items: 180 type: string 181 type: array 182 type: object 183 endpointAccess: 184 description: Endpoints specifies access to this cluster's control 185 plane endpoints 186 properties: 187 private: 188 description: Private points VPC-internal control plane access 189 to the private endpoint 190 type: boolean 191 public: 192 description: Public controls whether control plane endpoints are 193 publicly accessible 194 type: boolean 195 publicCIDRs: 196 description: PublicCIDRs specifies which blocks can access the 197 public endpoint 198 items: 199 type: string 200 type: array 201 type: object 202 iamAuthenticatorConfig: 203 description: IAMAuthenticatorConfig allows the specification of any 204 additional user or role mappings for use when generating the aws-iam-authenticator 205 configuration. If this is nil the default configuration is still 206 generated for the cluster. 207 properties: 208 mapRoles: 209 description: RoleMappings is a list of role mappings 210 items: 211 description: RoleMapping represents a mapping from a IAM role 212 to Kubernetes users and groups 213 properties: 214 groups: 215 description: Groups is a list of kubernetes RBAC groups 216 items: 217 type: string 218 type: array 219 rolearn: 220 description: RoleARN is the AWS ARN for the role to map 221 minLength: 31 222 type: string 223 username: 224 description: UserName is a kubernetes RBAC user subject 225 type: string 226 required: 227 - groups 228 - rolearn 229 - username 230 type: object 231 type: array 232 mapUsers: 233 description: UserMappings is a list of user mappings 234 items: 235 description: UserMapping represents a mapping from an IAM user 236 to Kubernetes users and groups 237 properties: 238 groups: 239 description: Groups is a list of kubernetes RBAC groups 240 items: 241 type: string 242 type: array 243 userarn: 244 description: UserARN is the AWS ARN for the user to map 245 minLength: 31 246 type: string 247 username: 248 description: UserName is a kubernetes RBAC user subject 249 type: string 250 required: 251 - groups 252 - userarn 253 - username 254 type: object 255 type: array 256 type: object 257 identityRef: 258 description: IdentityRef is a reference to a identity to be used when 259 reconciling the managed control plane. 260 properties: 261 kind: 262 description: Kind of the identity. 263 enum: 264 - AWSClusterControllerIdentity 265 - AWSClusterRoleIdentity 266 - AWSClusterStaticIdentity 267 type: string 268 name: 269 description: Name of the identity. 270 minLength: 1 271 type: string 272 required: 273 - kind 274 - name 275 type: object 276 imageLookupBaseOS: 277 description: ImageLookupBaseOS is the name of the base operating system 278 used to look up machine images when a machine does not specify an 279 AMI. When set, this will be used for all cluster machines unless 280 a machine specifies a different ImageLookupBaseOS. 281 type: string 282 imageLookupFormat: 283 description: 'ImageLookupFormat is the AMI naming format to look up 284 machine images when a machine does not specify an AMI. When set, 285 this will be used for all cluster machines unless a machine specifies 286 a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} 287 and {{.K8sVersion}} with the base OS and kubernetes version, respectively. 288 The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the 289 default), and the kubernetes version as defined by the packages 290 produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, 291 or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* 292 will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* 293 for a Machine that is targeting kubernetes v1.18.0 and the ubuntu 294 base OS. See also: https://golang.org/pkg/text/template/' 295 type: string 296 imageLookupOrg: 297 description: ImageLookupOrg is the AWS Organization ID to look up 298 machine images when a machine does not specify an AMI. When set, 299 this will be used for all cluster machines unless a machine specifies 300 a different ImageLookupOrg. 301 type: string 302 logging: 303 description: Logging specifies which EKS Cluster logs should be enabled. 304 Entries for each of the enabled logs will be sent to CloudWatch 305 properties: 306 apiServer: 307 default: false 308 description: APIServer indicates if the Kubernetes API Server 309 log (kube-apiserver) shoulkd be enabled 310 type: boolean 311 audit: 312 default: false 313 description: Audit indicates if the Kubernetes API audit log should 314 be enabled 315 type: boolean 316 authenticator: 317 default: false 318 description: Authenticator indicates if the iam authenticator 319 log should be enabled 320 type: boolean 321 controllerManager: 322 default: false 323 description: ControllerManager indicates if the controller manager 324 (kube-controller-manager) log should be enabled 325 type: boolean 326 scheduler: 327 default: false 328 description: Scheduler indicates if the Kubernetes scheduler (kube-scheduler) 329 log should be enabled 330 type: boolean 331 required: 332 - apiServer 333 - audit 334 - authenticator 335 - controllerManager 336 - scheduler 337 type: object 338 networkSpec: 339 description: NetworkSpec encapsulates all things related to AWS network. 340 properties: 341 cni: 342 description: CNI configuration 343 properties: 344 cniIngressRules: 345 description: CNIIngressRules specify rules to apply to control 346 plane and worker node security groups. The source for the 347 rule will be set to control plane and worker security group 348 IDs. 349 items: 350 description: CNIIngressRule defines an AWS ingress rule 351 for CNI requirements. 352 properties: 353 description: 354 type: string 355 fromPort: 356 format: int64 357 type: integer 358 protocol: 359 description: SecurityGroupProtocol defines the protocol 360 type for a security group rule. 361 type: string 362 toPort: 363 format: int64 364 type: integer 365 required: 366 - description 367 - fromPort 368 - protocol 369 - toPort 370 type: object 371 type: array 372 type: object 373 securityGroupOverrides: 374 additionalProperties: 375 type: string 376 description: SecurityGroupOverrides is an optional set of security 377 groups to use for cluster instances This is optional - if not 378 provided new security groups will be created for the cluster 379 type: object 380 subnets: 381 description: Subnets configuration. 382 items: 383 description: SubnetSpec configures an AWS Subnet. 384 properties: 385 availabilityZone: 386 description: AvailabilityZone defines the availability zone 387 to use for this subnet in the cluster's region. 388 type: string 389 cidrBlock: 390 description: CidrBlock is the CIDR block to be used when 391 the provider creates a managed VPC. 392 type: string 393 id: 394 description: ID defines a unique identifier to reference 395 this resource. 396 type: string 397 isPublic: 398 description: IsPublic defines the subnet as a public subnet. 399 A subnet is public when it is associated with a route 400 table that has a route to an internet gateway. 401 type: boolean 402 natGatewayId: 403 description: NatGatewayID is the NAT gateway id associated 404 with the subnet. Ignored unless the subnet is managed 405 by the provider, in which case this is set on the public 406 subnet where the NAT gateway resides. It is then used 407 to determine routes for private subnets in the same AZ 408 as the public subnet. 409 type: string 410 routeTableId: 411 description: RouteTableID is the routing table id associated 412 with the subnet. 413 type: string 414 tags: 415 additionalProperties: 416 type: string 417 description: Tags is a collection of tags describing the 418 resource. 419 type: object 420 type: object 421 type: array 422 vpc: 423 description: VPC configuration. 424 properties: 425 availabilityZoneSelection: 426 default: Ordered 427 description: 'AvailabilityZoneSelection specifies how AZs 428 should be selected if there are more AZs in a region than 429 specified by AvailabilityZoneUsageLimit. There are 2 selection 430 schemes: Ordered - selects based on alphabetical order Random 431 - selects AZs randomly in a region Defaults to Ordered' 432 enum: 433 - Ordered 434 - Random 435 type: string 436 availabilityZoneUsageLimit: 437 default: 3 438 description: AvailabilityZoneUsageLimit specifies the maximum 439 number of availability zones (AZ) that should be used in 440 a region when automatically creating subnets. If a region 441 has more than this number of AZs then this number of AZs 442 will be picked randomly when creating default subnets. Defaults 443 to 3 444 minimum: 1 445 type: integer 446 cidrBlock: 447 description: CidrBlock is the CIDR block to be used when the 448 provider creates a managed VPC. Defaults to 10.0.0.0/16. 449 type: string 450 id: 451 description: ID is the vpc-id of the VPC this provider should 452 use to create resources. 453 type: string 454 internetGatewayId: 455 description: InternetGatewayID is the id of the internet gateway 456 associated with the VPC. 457 type: string 458 tags: 459 additionalProperties: 460 type: string 461 description: Tags is a collection of tags describing the resource. 462 type: object 463 type: object 464 type: object 465 region: 466 description: The AWS Region the cluster lives in. 467 type: string 468 roleAdditionalPolicies: 469 description: RoleAdditionalPolicies allows you to attach additional 470 polices to the control plane role. You must enable the EKSAllowAddRoles 471 feature flag to incorporate these into the created role. 472 items: 473 type: string 474 type: array 475 roleName: 476 description: RoleName specifies the name of IAM role that gives EKS 477 permission to make API calls. If the role is pre-existing we will 478 treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM 479 feature flag is true and no name is supplied then a role is created. 480 minLength: 2 481 type: string 482 secondaryCidrBlock: 483 description: SecondaryCidrBlock is the additional CIDR range to use 484 for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. 485 type: string 486 sshKeyName: 487 description: SSHKeyName is the name of the ssh key to attach to the 488 bastion host. Valid values are empty string (do not use SSH keys), 489 a valid SSH key name, or omitted (use the default SSH key name) 490 type: string 491 tokenMethod: 492 default: iam-authenticator 493 description: TokenMethod is used to specify the method for obtaining 494 a client token for communicating with EKS iam-authenticator - obtains 495 a client token using iam-authentictor aws-cli - obtains a client 496 token using the AWS CLI Defaults to iam-authenticator 497 enum: 498 - iam-authenticator 499 - aws-cli 500 type: string 501 version: 502 description: Version defines the desired Kubernetes version. If no 503 version number is supplied then the latest version of Kubernetes 504 that EKS supports will be used. 505 minLength: 2 506 pattern: ^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?$ 507 type: string 508 type: object 509 status: 510 description: AWSManagedControlPlaneStatus defines the observed state of 511 AWSManagedControlPlane 512 properties: 513 addons: 514 description: Addons holds the current status of the EKS addons 515 items: 516 description: AddonState represents the state of an addon 517 properties: 518 arn: 519 description: ARN is the AWS ARN of the addon 520 type: string 521 createdAt: 522 description: CreatedAt is the date and time the addon was created 523 at 524 format: date-time 525 type: string 526 issues: 527 description: Issues is a list of issue associated with the addon 528 items: 529 description: AddonIssue represents an issue with an addon 530 properties: 531 code: 532 description: Code is the issue code 533 type: string 534 message: 535 description: Message is the textual description of the 536 issue 537 type: string 538 resourceIds: 539 description: ResourceIDs is a list of resource ids for 540 the issue 541 items: 542 type: string 543 type: array 544 type: object 545 type: array 546 modifiedAt: 547 description: ModifiedAt is the date and time the addon was last 548 modified 549 format: date-time 550 type: string 551 name: 552 description: Name is the name of the addon 553 type: string 554 serviceAccountRoleARN: 555 description: ServiceAccountRoleArn is the ARN of the IAM role 556 used for the service account 557 type: string 558 status: 559 description: Status is the status of the addon 560 type: string 561 version: 562 description: Version is the version of the addon to use 563 type: string 564 required: 565 - arn 566 - name 567 - version 568 type: object 569 type: array 570 bastion: 571 description: Bastion holds details of the instance that is used as 572 a bastion jump box 573 properties: 574 addresses: 575 description: Addresses contains the AWS instance associated addresses. 576 items: 577 description: MachineAddress contains information for the node's 578 address. 579 properties: 580 address: 581 description: The machine address. 582 type: string 583 type: 584 description: Machine address type, one of Hostname, ExternalIP 585 or InternalIP. 586 type: string 587 required: 588 - address 589 - type 590 type: object 591 type: array 592 availabilityZone: 593 description: Availability zone of instance 594 type: string 595 ebsOptimized: 596 description: Indicates whether the instance is optimized for Amazon 597 EBS I/O. 598 type: boolean 599 enaSupport: 600 description: Specifies whether enhanced networking with ENA is 601 enabled. 602 type: boolean 603 iamProfile: 604 description: The name of the IAM instance profile associated with 605 the instance, if applicable. 606 type: string 607 id: 608 type: string 609 imageId: 610 description: The ID of the AMI used to launch the instance. 611 type: string 612 instanceState: 613 description: The current state of the instance. 614 type: string 615 networkInterfaces: 616 description: Specifies ENIs attached to instance 617 items: 618 type: string 619 type: array 620 nonRootVolumes: 621 description: Configuration options for the non root storage volumes. 622 items: 623 description: Volume encapsulates the configuration options for 624 the storage device 625 properties: 626 deviceName: 627 description: Device name 628 type: string 629 encrypted: 630 description: Encrypted is whether the volume should be encrypted 631 or not. 632 type: boolean 633 encryptionKey: 634 description: EncryptionKey is the KMS key to use to encrypt 635 the volume. Can be either a KMS key ID or ARN. If Encrypted 636 is set and this is omitted, the default AWS key will be 637 used. The key must already exist and be accessible by 638 the controller. 639 type: string 640 iops: 641 description: IOPS is the number of IOPS requested for the 642 disk. Not applicable to all types. 643 format: int64 644 type: integer 645 size: 646 description: Size specifies size (in Gi) of the storage 647 device. Must be greater than the image snapshot size or 648 8 (whichever is greater). 649 format: int64 650 minimum: 8 651 type: integer 652 type: 653 description: Type is the type of the volume (e.g. gp2, io1, 654 etc...). 655 type: string 656 required: 657 - size 658 type: object 659 type: array 660 privateIp: 661 description: The private IPv4 address assigned to the instance. 662 type: string 663 publicIp: 664 description: The public IPv4 address assigned to the instance, 665 if applicable. 666 type: string 667 rootVolume: 668 description: Configuration options for the root storage volume. 669 properties: 670 deviceName: 671 description: Device name 672 type: string 673 encrypted: 674 description: Encrypted is whether the volume should be encrypted 675 or not. 676 type: boolean 677 encryptionKey: 678 description: EncryptionKey is the KMS key to use to encrypt 679 the volume. Can be either a KMS key ID or ARN. If Encrypted 680 is set and this is omitted, the default AWS key will be 681 used. The key must already exist and be accessible by the 682 controller. 683 type: string 684 iops: 685 description: IOPS is the number of IOPS requested for the 686 disk. Not applicable to all types. 687 format: int64 688 type: integer 689 size: 690 description: Size specifies size (in Gi) of the storage device. 691 Must be greater than the image snapshot size or 8 (whichever 692 is greater). 693 format: int64 694 minimum: 8 695 type: integer 696 type: 697 description: Type is the type of the volume (e.g. gp2, io1, 698 etc...). 699 type: string 700 required: 701 - size 702 type: object 703 securityGroupIds: 704 description: SecurityGroupIDs are one or more security group IDs 705 this instance belongs to. 706 items: 707 type: string 708 type: array 709 spotMarketOptions: 710 description: SpotMarketOptions option for configuring instances 711 to be run using AWS Spot instances. 712 properties: 713 maxPrice: 714 description: MaxPrice defines the maximum price the user is 715 willing to pay for Spot VM instances 716 type: string 717 type: object 718 sshKeyName: 719 description: The name of the SSH key pair. 720 type: string 721 subnetId: 722 description: The ID of the subnet of the instance. 723 type: string 724 tags: 725 additionalProperties: 726 type: string 727 description: The tags associated with the instance. 728 type: object 729 tenancy: 730 description: Tenancy indicates if instance should run on shared 731 or single-tenant hardware. 732 type: string 733 type: 734 description: The instance type. 735 type: string 736 userData: 737 description: UserData is the raw data script passed to the instance 738 which is run upon bootstrap. This field must not be base64 encoded 739 and should only be used when running a new instance. 740 type: string 741 required: 742 - id 743 type: object 744 conditions: 745 description: Conditions specifies the cpnditions for the managed control 746 plane 747 items: 748 description: Condition defines an observation of a Cluster API resource 749 operational state. 750 properties: 751 lastTransitionTime: 752 description: Last time the condition transitioned from one status 753 to another. This should be when the underlying condition changed. 754 If that is not known, then using the time when the API field 755 changed is acceptable. 756 format: date-time 757 type: string 758 message: 759 description: A human readable message indicating details about 760 the transition. This field may be empty. 761 type: string 762 reason: 763 description: The reason for the condition's last transition 764 in CamelCase. The specific API may choose whether or not this 765 field is considered a guaranteed API. This field may not be 766 empty. 767 type: string 768 severity: 769 description: Severity provides an explicit classification of 770 Reason code, so the users or machines can immediately understand 771 the current situation and act accordingly. The Severity field 772 MUST be set only when Status=False. 773 type: string 774 status: 775 description: Status of the condition, one of True, False, Unknown. 776 type: string 777 type: 778 description: Type of condition in CamelCase or in foo.example.com/CamelCase. 779 Many .condition.type values are consistent across resources 780 like Available, but because arbitrary conditions can be useful 781 (see .node.status.conditions), the ability to deconflict is 782 important. 783 type: string 784 required: 785 - status 786 - type 787 type: object 788 type: array 789 externalManagedControlPlane: 790 default: true 791 description: ExternalManagedControlPlane indicates to cluster-api 792 that the control plane is managed by an external service such as 793 AKS, EKS, GKE, etc. 794 type: boolean 795 failureDomains: 796 additionalProperties: 797 description: FailureDomainSpec is the Schema for Cluster API failure 798 domains. It allows controllers to understand how many failure 799 domains a cluster can optionally span across. 800 properties: 801 attributes: 802 additionalProperties: 803 type: string 804 description: Attributes is a free form map of attributes an 805 infrastructure provider might use or require. 806 type: object 807 controlPlane: 808 description: ControlPlane determines if this failure domain 809 is suitable for use by control plane machines. 810 type: boolean 811 type: object 812 description: FailureDomains specifies a list fo available availability 813 zones that can be used 814 type: object 815 failureMessage: 816 description: ErrorMessage indicates that there is a terminal problem 817 reconciling the state, and will be set to a descriptive error message. 818 type: string 819 initialized: 820 description: Initialized denotes whether or not the control plane 821 has the uploaded kubernetes config-map. 822 type: boolean 823 network: 824 description: Networks holds details about the AWS networking resources 825 used by the control plane 826 properties: 827 apiServerElb: 828 description: APIServerELB is the Kubernetes api server classic 829 load balancer. 830 properties: 831 attributes: 832 description: Attributes defines extra attributes associated 833 with the load balancer. 834 properties: 835 crossZoneLoadBalancing: 836 description: CrossZoneLoadBalancing enables the classic 837 load balancer load balancing. 838 type: boolean 839 idleTimeout: 840 description: IdleTimeout is time that the connection is 841 allowed to be idle (no data has been sent over the connection) 842 before it is closed by the load balancer. 843 format: int64 844 type: integer 845 type: object 846 availabilityZones: 847 description: AvailabilityZones is an array of availability 848 zones in the VPC attached to the load balancer. 849 items: 850 type: string 851 type: array 852 dnsName: 853 description: DNSName is the dns name of the load balancer. 854 type: string 855 healthChecks: 856 description: HealthCheck is the classic elb health check associated 857 with the load balancer. 858 properties: 859 healthyThreshold: 860 format: int64 861 type: integer 862 interval: 863 description: A Duration represents the elapsed time between 864 two instants as an int64 nanosecond count. The representation 865 limits the largest representable duration to approximately 866 290 years. 867 format: int64 868 type: integer 869 target: 870 type: string 871 timeout: 872 description: A Duration represents the elapsed time between 873 two instants as an int64 nanosecond count. The representation 874 limits the largest representable duration to approximately 875 290 years. 876 format: int64 877 type: integer 878 unhealthyThreshold: 879 format: int64 880 type: integer 881 required: 882 - healthyThreshold 883 - interval 884 - target 885 - timeout 886 - unhealthyThreshold 887 type: object 888 listeners: 889 description: Listeners is an array of classic elb listeners 890 associated with the load balancer. There must be at least 891 one. 892 items: 893 description: ClassicELBListener defines an AWS classic load 894 balancer listener. 895 properties: 896 instancePort: 897 format: int64 898 type: integer 899 instanceProtocol: 900 description: ClassicELBProtocol defines listener protocols 901 for a classic load balancer. 902 type: string 903 port: 904 format: int64 905 type: integer 906 protocol: 907 description: ClassicELBProtocol defines listener protocols 908 for a classic load balancer. 909 type: string 910 required: 911 - instancePort 912 - instanceProtocol 913 - port 914 - protocol 915 type: object 916 type: array 917 name: 918 description: The name of the load balancer. It must be unique 919 within the set of load balancers defined in the region. 920 It also serves as identifier. 921 type: string 922 scheme: 923 description: Scheme is the load balancer scheme, either internet-facing 924 or private. 925 type: string 926 securityGroupIds: 927 description: SecurityGroupIDs is an array of security groups 928 assigned to the load balancer. 929 items: 930 type: string 931 type: array 932 subnetIds: 933 description: SubnetIDs is an array of subnets in the VPC attached 934 to the load balancer. 935 items: 936 type: string 937 type: array 938 tags: 939 additionalProperties: 940 type: string 941 description: Tags is a map of tags associated with the load 942 balancer. 943 type: object 944 type: object 945 securityGroups: 946 additionalProperties: 947 description: SecurityGroup defines an AWS security group. 948 properties: 949 id: 950 description: ID is a unique identifier. 951 type: string 952 ingressRule: 953 description: IngressRules is the inbound rules associated 954 with the security group. 955 items: 956 description: IngressRule defines an AWS ingress rule for 957 security groups. 958 properties: 959 cidrBlocks: 960 description: List of CIDR blocks to allow access from. 961 Cannot be specified with SourceSecurityGroupID. 962 items: 963 type: string 964 type: array 965 description: 966 type: string 967 fromPort: 968 format: int64 969 type: integer 970 protocol: 971 description: SecurityGroupProtocol defines the protocol 972 type for a security group rule. 973 type: string 974 sourceSecurityGroupIds: 975 description: The security group id to allow access 976 from. Cannot be specified with CidrBlocks. 977 items: 978 type: string 979 type: array 980 toPort: 981 format: int64 982 type: integer 983 required: 984 - description 985 - fromPort 986 - protocol 987 - toPort 988 type: object 989 type: array 990 name: 991 description: Name is the security group name. 992 type: string 993 tags: 994 additionalProperties: 995 type: string 996 description: Tags is a map of tags associated with the security 997 group. 998 type: object 999 required: 1000 - id 1001 - name 1002 type: object 1003 description: SecurityGroups is a map from the role/kind of the 1004 security group to its unique name, if any. 1005 type: object 1006 type: object 1007 oidcProvider: 1008 description: OIDCProvider holds the status of the identity provider 1009 for this cluster 1010 properties: 1011 arn: 1012 description: ARN holds the ARN of the provider 1013 type: string 1014 trustPolicy: 1015 description: TrustPolicy contains the boilerplate IAM trust policy 1016 to use for IRSA 1017 type: string 1018 type: object 1019 ready: 1020 default: false 1021 description: Ready denotes that the AWSManagedControlPlane API Server 1022 is ready to receive requests and that the VPC infra is ready. 1023 type: boolean 1024 required: 1025 - ready 1026 type: object 1027 type: object 1028 served: true 1029 storage: false 1030 subresources: 1031 status: {} 1032 - additionalPrinterColumns: 1033 - description: Cluster to which this AWSManagedControl belongs 1034 jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name 1035 name: Cluster 1036 type: string 1037 - description: Control plane infrastructure is ready for worker nodes 1038 jsonPath: .status.ready 1039 name: Ready 1040 type: string 1041 - description: AWS VPC the control plane is using 1042 jsonPath: .spec.network.vpc.id 1043 name: VPC 1044 type: string 1045 - description: API Endpoint 1046 jsonPath: .spec.controlPlaneEndpoint.host 1047 name: Endpoint 1048 priority: 1 1049 type: string 1050 - description: Bastion IP address for breakglass access 1051 jsonPath: .status.bastion.publicIp 1052 name: Bastion IP 1053 type: string 1054 name: v1alpha4 1055 schema: 1056 openAPIV3Schema: 1057 description: AWSManagedControlPlane is the Schema for the awsmanagedcontrolplanes 1058 API 1059 properties: 1060 apiVersion: 1061 description: 'APIVersion defines the versioned schema of this representation 1062 of an object. Servers should convert recognized schemas to the latest 1063 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 1064 type: string 1065 kind: 1066 description: 'Kind is a string value representing the REST resource this 1067 object represents. Servers may infer this from the endpoint the client 1068 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 1069 type: string 1070 metadata: 1071 type: object 1072 spec: 1073 description: AWSManagedControlPlaneSpec defines the desired state of AWSManagedControlPlane 1074 properties: 1075 additionalTags: 1076 additionalProperties: 1077 type: string 1078 description: AdditionalTags is an optional set of tags to add to AWS 1079 resources managed by the AWS provider, in addition to the ones added 1080 by default. 1081 type: object 1082 addons: 1083 description: Addons defines the EKS addons to enable with the EKS 1084 cluster. 1085 items: 1086 description: Addon represents a EKS addon 1087 properties: 1088 conflictResolution: 1089 default: none 1090 description: ConflictResolution is used to declare what should 1091 happen if there are parameter conflicts. Defaults to none 1092 enum: 1093 - overwrite 1094 - none 1095 type: string 1096 name: 1097 description: Name is the name of the addon 1098 minLength: 2 1099 type: string 1100 serviceAccountRoleARN: 1101 description: ServiceAccountRoleArn is the ARN of an IAM role 1102 to bind to the addons service account 1103 type: string 1104 version: 1105 description: Version is the version of the addon to use 1106 type: string 1107 required: 1108 - name 1109 - version 1110 type: object 1111 type: array 1112 associateOIDCProvider: 1113 default: false 1114 description: AssociateOIDCProvider can be enabled to automatically 1115 create an identity provider for the controller for use with IAM 1116 roles for service accounts 1117 type: boolean 1118 bastion: 1119 description: Bastion contains options to configure the bastion host. 1120 properties: 1121 allowedCIDRBlocks: 1122 description: AllowedCIDRBlocks is a list of CIDR blocks allowed 1123 to access the bastion host. They are set as ingress rules for 1124 the Bastion host's Security Group (defaults to 0.0.0.0/0). 1125 items: 1126 type: string 1127 type: array 1128 ami: 1129 description: AMI will use the specified AMI to boot the bastion. 1130 If not specified, the AMI will default to one picked out in 1131 public space. 1132 type: string 1133 disableIngressRules: 1134 description: DisableIngressRules will ensure there are no Ingress 1135 rules in the bastion host's security group. Requires AllowedCIDRBlocks 1136 to be empty. 1137 type: boolean 1138 enabled: 1139 description: Enabled allows this provider to create a bastion 1140 host instance with a public ip to access the VPC private network. 1141 type: boolean 1142 instanceType: 1143 description: InstanceType will use the specified instance type 1144 for the bastion. If not specified, Cluster API Provider AWS 1145 will use t3.micro for all regions except us-east-1, where t2.micro 1146 will be the default. 1147 type: string 1148 type: object 1149 controlPlaneEndpoint: 1150 description: ControlPlaneEndpoint represents the endpoint used to 1151 communicate with the control plane. 1152 properties: 1153 host: 1154 description: The hostname on which the API server is serving. 1155 type: string 1156 port: 1157 description: The port on which the API server is serving. 1158 format: int32 1159 type: integer 1160 required: 1161 - host 1162 - port 1163 type: object 1164 disableVPCCNI: 1165 default: false 1166 description: DisableVPCCNI indicates that the Amazon VPC CNI should 1167 be disabled. With EKS clusters the Amazon VPC CNI is automatically 1168 installed into the cluster. For clusters where you want to use an 1169 alternate CNI this option provides a way to specify that the Amazon 1170 VPC CNI should be deleted. You cannot set this to true if you are 1171 using the Amazon VPC CNI addon. 1172 type: boolean 1173 eksClusterName: 1174 description: EKSClusterName allows you to specify the name of the 1175 EKS cluster in AWS. If you don't specify a name then a default name 1176 will be created based on the namespace and name of the managed control 1177 plane. 1178 type: string 1179 encryptionConfig: 1180 description: EncryptionConfig specifies the encryption configuration 1181 for the cluster 1182 properties: 1183 provider: 1184 description: Provider specifies the ARN or alias of the CMK (in 1185 AWS KMS) 1186 type: string 1187 resources: 1188 description: Resources specifies the resources to be encrypted 1189 items: 1190 type: string 1191 type: array 1192 type: object 1193 endpointAccess: 1194 description: Endpoints specifies access to this cluster's control 1195 plane endpoints 1196 properties: 1197 private: 1198 description: Private points VPC-internal control plane access 1199 to the private endpoint 1200 type: boolean 1201 public: 1202 description: Public controls whether control plane endpoints are 1203 publicly accessible 1204 type: boolean 1205 publicCIDRs: 1206 description: PublicCIDRs specifies which blocks can access the 1207 public endpoint 1208 items: 1209 type: string 1210 type: array 1211 type: object 1212 iamAuthenticatorConfig: 1213 description: IAMAuthenticatorConfig allows the specification of any 1214 additional user or role mappings for use when generating the aws-iam-authenticator 1215 configuration. If this is nil the default configuration is still 1216 generated for the cluster. 1217 properties: 1218 mapRoles: 1219 description: RoleMappings is a list of role mappings 1220 items: 1221 description: RoleMapping represents a mapping from a IAM role 1222 to Kubernetes users and groups 1223 properties: 1224 groups: 1225 description: Groups is a list of kubernetes RBAC groups 1226 items: 1227 type: string 1228 type: array 1229 rolearn: 1230 description: RoleARN is the AWS ARN for the role to map 1231 minLength: 31 1232 type: string 1233 username: 1234 description: UserName is a kubernetes RBAC user subject 1235 type: string 1236 required: 1237 - groups 1238 - rolearn 1239 - username 1240 type: object 1241 type: array 1242 mapUsers: 1243 description: UserMappings is a list of user mappings 1244 items: 1245 description: UserMapping represents a mapping from an IAM user 1246 to Kubernetes users and groups 1247 properties: 1248 groups: 1249 description: Groups is a list of kubernetes RBAC groups 1250 items: 1251 type: string 1252 type: array 1253 userarn: 1254 description: UserARN is the AWS ARN for the user to map 1255 minLength: 31 1256 type: string 1257 username: 1258 description: UserName is a kubernetes RBAC user subject 1259 type: string 1260 required: 1261 - groups 1262 - userarn 1263 - username 1264 type: object 1265 type: array 1266 type: object 1267 identityRef: 1268 description: IdentityRef is a reference to a identity to be used when 1269 reconciling the managed control plane. 1270 properties: 1271 kind: 1272 description: Kind of the identity. 1273 enum: 1274 - AWSClusterControllerIdentity 1275 - AWSClusterRoleIdentity 1276 - AWSClusterStaticIdentity 1277 type: string 1278 name: 1279 description: Name of the identity. 1280 minLength: 1 1281 type: string 1282 required: 1283 - kind 1284 - name 1285 type: object 1286 imageLookupBaseOS: 1287 description: ImageLookupBaseOS is the name of the base operating system 1288 used to look up machine images when a machine does not specify an 1289 AMI. When set, this will be used for all cluster machines unless 1290 a machine specifies a different ImageLookupBaseOS. 1291 type: string 1292 imageLookupFormat: 1293 description: 'ImageLookupFormat is the AMI naming format to look up 1294 machine images when a machine does not specify an AMI. When set, 1295 this will be used for all cluster machines unless a machine specifies 1296 a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} 1297 and {{.K8sVersion}} with the base OS and kubernetes version, respectively. 1298 The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the 1299 default), and the kubernetes version as defined by the packages 1300 produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, 1301 or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* 1302 will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* 1303 for a Machine that is targeting kubernetes v1.18.0 and the ubuntu 1304 base OS. See also: https://golang.org/pkg/text/template/' 1305 type: string 1306 imageLookupOrg: 1307 description: ImageLookupOrg is the AWS Organization ID to look up 1308 machine images when a machine does not specify an AMI. When set, 1309 this will be used for all cluster machines unless a machine specifies 1310 a different ImageLookupOrg. 1311 type: string 1312 logging: 1313 description: Logging specifies which EKS Cluster logs should be enabled. 1314 Entries for each of the enabled logs will be sent to CloudWatch 1315 properties: 1316 apiServer: 1317 default: false 1318 description: APIServer indicates if the Kubernetes API Server 1319 log (kube-apiserver) shoulkd be enabled 1320 type: boolean 1321 audit: 1322 default: false 1323 description: Audit indicates if the Kubernetes API audit log should 1324 be enabled 1325 type: boolean 1326 authenticator: 1327 default: false 1328 description: Authenticator indicates if the iam authenticator 1329 log should be enabled 1330 type: boolean 1331 controllerManager: 1332 default: false 1333 description: ControllerManager indicates if the controller manager 1334 (kube-controller-manager) log should be enabled 1335 type: boolean 1336 scheduler: 1337 default: false 1338 description: Scheduler indicates if the Kubernetes scheduler (kube-scheduler) 1339 log should be enabled 1340 type: boolean 1341 required: 1342 - apiServer 1343 - audit 1344 - authenticator 1345 - controllerManager 1346 - scheduler 1347 type: object 1348 network: 1349 description: NetworkSpec encapsulates all things related to AWS network. 1350 properties: 1351 cni: 1352 description: CNI configuration 1353 properties: 1354 cniIngressRules: 1355 description: CNIIngressRules specify rules to apply to control 1356 plane and worker node security groups. The source for the 1357 rule will be set to control plane and worker security group 1358 IDs. 1359 items: 1360 description: CNIIngressRule defines an AWS ingress rule 1361 for CNI requirements. 1362 properties: 1363 description: 1364 type: string 1365 fromPort: 1366 format: int64 1367 type: integer 1368 protocol: 1369 description: SecurityGroupProtocol defines the protocol 1370 type for a security group rule. 1371 type: string 1372 toPort: 1373 format: int64 1374 type: integer 1375 required: 1376 - description 1377 - fromPort 1378 - protocol 1379 - toPort 1380 type: object 1381 type: array 1382 type: object 1383 securityGroupOverrides: 1384 additionalProperties: 1385 type: string 1386 description: SecurityGroupOverrides is an optional set of security 1387 groups to use for cluster instances This is optional - if not 1388 provided new security groups will be created for the cluster 1389 type: object 1390 subnets: 1391 description: Subnets configuration. 1392 items: 1393 description: SubnetSpec configures an AWS Subnet. 1394 properties: 1395 availabilityZone: 1396 description: AvailabilityZone defines the availability zone 1397 to use for this subnet in the cluster's region. 1398 type: string 1399 cidrBlock: 1400 description: CidrBlock is the CIDR block to be used when 1401 the provider creates a managed VPC. 1402 type: string 1403 id: 1404 description: ID defines a unique identifier to reference 1405 this resource. 1406 type: string 1407 isPublic: 1408 description: IsPublic defines the subnet as a public subnet. 1409 A subnet is public when it is associated with a route 1410 table that has a route to an internet gateway. 1411 type: boolean 1412 natGatewayId: 1413 description: NatGatewayID is the NAT gateway id associated 1414 with the subnet. Ignored unless the subnet is managed 1415 by the provider, in which case this is set on the public 1416 subnet where the NAT gateway resides. It is then used 1417 to determine routes for private subnets in the same AZ 1418 as the public subnet. 1419 type: string 1420 routeTableId: 1421 description: RouteTableID is the routing table id associated 1422 with the subnet. 1423 type: string 1424 tags: 1425 additionalProperties: 1426 type: string 1427 description: Tags is a collection of tags describing the 1428 resource. 1429 type: object 1430 type: object 1431 type: array 1432 vpc: 1433 description: VPC configuration. 1434 properties: 1435 availabilityZoneSelection: 1436 default: Ordered 1437 description: 'AvailabilityZoneSelection specifies how AZs 1438 should be selected if there are more AZs in a region than 1439 specified by AvailabilityZoneUsageLimit. There are 2 selection 1440 schemes: Ordered - selects based on alphabetical order Random 1441 - selects AZs randomly in a region Defaults to Ordered' 1442 enum: 1443 - Ordered 1444 - Random 1445 type: string 1446 availabilityZoneUsageLimit: 1447 default: 3 1448 description: AvailabilityZoneUsageLimit specifies the maximum 1449 number of availability zones (AZ) that should be used in 1450 a region when automatically creating subnets. If a region 1451 has more than this number of AZs then this number of AZs 1452 will be picked randomly when creating default subnets. Defaults 1453 to 3 1454 minimum: 1 1455 type: integer 1456 cidrBlock: 1457 description: CidrBlock is the CIDR block to be used when the 1458 provider creates a managed VPC. Defaults to 10.0.0.0/16. 1459 type: string 1460 id: 1461 description: ID is the vpc-id of the VPC this provider should 1462 use to create resources. 1463 type: string 1464 internetGatewayId: 1465 description: InternetGatewayID is the id of the internet gateway 1466 associated with the VPC. 1467 type: string 1468 tags: 1469 additionalProperties: 1470 type: string 1471 description: Tags is a collection of tags describing the resource. 1472 type: object 1473 type: object 1474 type: object 1475 oidcIdentityProviderConfig: 1476 description: IdentityProviderconfig is used to specify the oidc provider 1477 config to be attached with this eks cluster 1478 properties: 1479 clientId: 1480 description: This is also known as audience. The ID for the client 1481 application that makes authentication requests to the OpenID 1482 identity provider. 1483 type: string 1484 groupsClaim: 1485 description: The JWT claim that the provider uses to return your 1486 groups. 1487 type: string 1488 groupsPrefix: 1489 description: 'The prefix that is prepended to group claims to 1490 prevent clashes with existing names (such as system: groups). 1491 For example, the valueoidc: will create group names like oidc:engineering 1492 and oidc:infra.' 1493 type: string 1494 identityProviderConfigName: 1495 description: "The name of the OIDC provider configuration. \n 1496 IdentityProviderConfigName is a required field" 1497 type: string 1498 issuerUrl: 1499 description: The URL of the OpenID identity provider that allows 1500 the API server to discover public signing keys for verifying 1501 tokens. The URL must begin with https:// and should correspond 1502 to the iss claim in the provider's OIDC ID tokens. Per the OIDC 1503 standard, path components are allowed but query parameters are 1504 not. Typically the URL consists of only a hostname, like https://server.example.org 1505 or https://example.com. This URL should point to the level below 1506 .well-known/openid-configuration and must be publicly accessible 1507 over the internet. 1508 type: string 1509 requiredClaims: 1510 additionalProperties: 1511 type: string 1512 description: The key value pairs that describe required claims 1513 in the identity token. If set, each claim is verified to be 1514 present in the token with a matching value. For the maximum 1515 number of claims that you can require, see Amazon EKS service 1516 quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) 1517 in the Amazon EKS User Guide. 1518 type: object 1519 tags: 1520 additionalProperties: 1521 type: string 1522 description: tags to apply to oidc identity provider association 1523 type: object 1524 usernameClaim: 1525 description: The JSON Web Token (JWT) claim to use as the username. 1526 The default is sub, which is expected to be a unique identifier 1527 of the end user. You can choose other claims, such as email 1528 or name, depending on the OpenID identity provider. Claims other 1529 than email are prefixed with the issuer URL to prevent naming 1530 clashes with other plug-ins. 1531 type: string 1532 usernamePrefix: 1533 description: The prefix that is prepended to username claims to 1534 prevent clashes with existing names. If you do not provide this 1535 field, and username is a value other than email, the prefix 1536 defaults to issuerurl#. You can use the value - to disable all 1537 prefixing. 1538 type: string 1539 type: object 1540 region: 1541 description: The AWS Region the cluster lives in. 1542 type: string 1543 roleAdditionalPolicies: 1544 description: RoleAdditionalPolicies allows you to attach additional 1545 polices to the control plane role. You must enable the EKSAllowAddRoles 1546 feature flag to incorporate these into the created role. 1547 items: 1548 type: string 1549 type: array 1550 roleName: 1551 description: RoleName specifies the name of IAM role that gives EKS 1552 permission to make API calls. If the role is pre-existing we will 1553 treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM 1554 feature flag is true and no name is supplied then a role is created. 1555 minLength: 2 1556 type: string 1557 secondaryCidrBlock: 1558 description: SecondaryCidrBlock is the additional CIDR range to use 1559 for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. 1560 type: string 1561 sshKeyName: 1562 description: SSHKeyName is the name of the ssh key to attach to the 1563 bastion host. Valid values are empty string (do not use SSH keys), 1564 a valid SSH key name, or omitted (use the default SSH key name) 1565 type: string 1566 tokenMethod: 1567 default: iam-authenticator 1568 description: TokenMethod is used to specify the method for obtaining 1569 a client token for communicating with EKS iam-authenticator - obtains 1570 a client token using iam-authentictor aws-cli - obtains a client 1571 token using the AWS CLI Defaults to iam-authenticator 1572 enum: 1573 - iam-authenticator 1574 - aws-cli 1575 type: string 1576 version: 1577 description: Version defines the desired Kubernetes version. If no 1578 version number is supplied then the latest version of Kubernetes 1579 that EKS supports will be used. 1580 minLength: 2 1581 pattern: ^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?$ 1582 type: string 1583 type: object 1584 status: 1585 description: AWSManagedControlPlaneStatus defines the observed state of 1586 AWSManagedControlPlane 1587 properties: 1588 addons: 1589 description: Addons holds the current status of the EKS addons 1590 items: 1591 description: AddonState represents the state of an addon 1592 properties: 1593 arn: 1594 description: ARN is the AWS ARN of the addon 1595 type: string 1596 createdAt: 1597 description: CreatedAt is the date and time the addon was created 1598 at 1599 format: date-time 1600 type: string 1601 issues: 1602 description: Issues is a list of issue associated with the addon 1603 items: 1604 description: AddonIssue represents an issue with an addon 1605 properties: 1606 code: 1607 description: Code is the issue code 1608 type: string 1609 message: 1610 description: Message is the textual description of the 1611 issue 1612 type: string 1613 resourceIds: 1614 description: ResourceIDs is a list of resource ids for 1615 the issue 1616 items: 1617 type: string 1618 type: array 1619 type: object 1620 type: array 1621 modifiedAt: 1622 description: ModifiedAt is the date and time the addon was last 1623 modified 1624 format: date-time 1625 type: string 1626 name: 1627 description: Name is the name of the addon 1628 type: string 1629 serviceAccountRoleARN: 1630 description: ServiceAccountRoleArn is the ARN of the IAM role 1631 used for the service account 1632 type: string 1633 status: 1634 description: Status is the status of the addon 1635 type: string 1636 version: 1637 description: Version is the version of the addon to use 1638 type: string 1639 required: 1640 - arn 1641 - name 1642 - version 1643 type: object 1644 type: array 1645 bastion: 1646 description: Bastion holds details of the instance that is used as 1647 a bastion jump box 1648 properties: 1649 addresses: 1650 description: Addresses contains the AWS instance associated addresses. 1651 items: 1652 description: MachineAddress contains information for the node's 1653 address. 1654 properties: 1655 address: 1656 description: The machine address. 1657 type: string 1658 type: 1659 description: Machine address type, one of Hostname, ExternalIP 1660 or InternalIP. 1661 type: string 1662 required: 1663 - address 1664 - type 1665 type: object 1666 type: array 1667 availabilityZone: 1668 description: Availability zone of instance 1669 type: string 1670 ebsOptimized: 1671 description: Indicates whether the instance is optimized for Amazon 1672 EBS I/O. 1673 type: boolean 1674 enaSupport: 1675 description: Specifies whether enhanced networking with ENA is 1676 enabled. 1677 type: boolean 1678 iamProfile: 1679 description: The name of the IAM instance profile associated with 1680 the instance, if applicable. 1681 type: string 1682 id: 1683 type: string 1684 imageId: 1685 description: The ID of the AMI used to launch the instance. 1686 type: string 1687 instanceState: 1688 description: The current state of the instance. 1689 type: string 1690 networkInterfaces: 1691 description: Specifies ENIs attached to instance 1692 items: 1693 type: string 1694 type: array 1695 nonRootVolumes: 1696 description: Configuration options for the non root storage volumes. 1697 items: 1698 description: Volume encapsulates the configuration options for 1699 the storage device 1700 properties: 1701 deviceName: 1702 description: Device name 1703 type: string 1704 encrypted: 1705 description: Encrypted is whether the volume should be encrypted 1706 or not. 1707 type: boolean 1708 encryptionKey: 1709 description: EncryptionKey is the KMS key to use to encrypt 1710 the volume. Can be either a KMS key ID or ARN. If Encrypted 1711 is set and this is omitted, the default AWS key will be 1712 used. The key must already exist and be accessible by 1713 the controller. 1714 type: string 1715 iops: 1716 description: IOPS is the number of IOPS requested for the 1717 disk. Not applicable to all types. 1718 format: int64 1719 type: integer 1720 size: 1721 description: Size specifies size (in Gi) of the storage 1722 device. Must be greater than the image snapshot size or 1723 8 (whichever is greater). 1724 format: int64 1725 minimum: 8 1726 type: integer 1727 throughput: 1728 description: Throughput to provision in MiB/s supported 1729 for the volume type. Not applicable to all types. 1730 format: int64 1731 type: integer 1732 type: 1733 description: Type is the type of the volume (e.g. gp2, io1, 1734 etc...). 1735 type: string 1736 required: 1737 - size 1738 type: object 1739 type: array 1740 privateIp: 1741 description: The private IPv4 address assigned to the instance. 1742 type: string 1743 publicIp: 1744 description: The public IPv4 address assigned to the instance, 1745 if applicable. 1746 type: string 1747 rootVolume: 1748 description: Configuration options for the root storage volume. 1749 properties: 1750 deviceName: 1751 description: Device name 1752 type: string 1753 encrypted: 1754 description: Encrypted is whether the volume should be encrypted 1755 or not. 1756 type: boolean 1757 encryptionKey: 1758 description: EncryptionKey is the KMS key to use to encrypt 1759 the volume. Can be either a KMS key ID or ARN. If Encrypted 1760 is set and this is omitted, the default AWS key will be 1761 used. The key must already exist and be accessible by the 1762 controller. 1763 type: string 1764 iops: 1765 description: IOPS is the number of IOPS requested for the 1766 disk. Not applicable to all types. 1767 format: int64 1768 type: integer 1769 size: 1770 description: Size specifies size (in Gi) of the storage device. 1771 Must be greater than the image snapshot size or 8 (whichever 1772 is greater). 1773 format: int64 1774 minimum: 8 1775 type: integer 1776 throughput: 1777 description: Throughput to provision in MiB/s supported for 1778 the volume type. Not applicable to all types. 1779 format: int64 1780 type: integer 1781 type: 1782 description: Type is the type of the volume (e.g. gp2, io1, 1783 etc...). 1784 type: string 1785 required: 1786 - size 1787 type: object 1788 securityGroupIds: 1789 description: SecurityGroupIDs are one or more security group IDs 1790 this instance belongs to. 1791 items: 1792 type: string 1793 type: array 1794 spotMarketOptions: 1795 description: SpotMarketOptions option for configuring instances 1796 to be run using AWS Spot instances. 1797 properties: 1798 maxPrice: 1799 description: MaxPrice defines the maximum price the user is 1800 willing to pay for Spot VM instances 1801 type: string 1802 type: object 1803 sshKeyName: 1804 description: The name of the SSH key pair. 1805 type: string 1806 subnetId: 1807 description: The ID of the subnet of the instance. 1808 type: string 1809 tags: 1810 additionalProperties: 1811 type: string 1812 description: The tags associated with the instance. 1813 type: object 1814 tenancy: 1815 description: Tenancy indicates if instance should run on shared 1816 or single-tenant hardware. 1817 type: string 1818 type: 1819 description: The instance type. 1820 type: string 1821 userData: 1822 description: UserData is the raw data script passed to the instance 1823 which is run upon bootstrap. This field must not be base64 encoded 1824 and should only be used when running a new instance. 1825 type: string 1826 volumeIDs: 1827 description: IDs of the instance's volumes 1828 items: 1829 type: string 1830 type: array 1831 required: 1832 - id 1833 type: object 1834 conditions: 1835 description: Conditions specifies the cpnditions for the managed control 1836 plane 1837 items: 1838 description: Condition defines an observation of a Cluster API resource 1839 operational state. 1840 properties: 1841 lastTransitionTime: 1842 description: Last time the condition transitioned from one status 1843 to another. This should be when the underlying condition changed. 1844 If that is not known, then using the time when the API field 1845 changed is acceptable. 1846 format: date-time 1847 type: string 1848 message: 1849 description: A human readable message indicating details about 1850 the transition. This field may be empty. 1851 type: string 1852 reason: 1853 description: The reason for the condition's last transition 1854 in CamelCase. The specific API may choose whether or not this 1855 field is considered a guaranteed API. This field may not be 1856 empty. 1857 type: string 1858 severity: 1859 description: Severity provides an explicit classification of 1860 Reason code, so the users or machines can immediately understand 1861 the current situation and act accordingly. The Severity field 1862 MUST be set only when Status=False. 1863 type: string 1864 status: 1865 description: Status of the condition, one of True, False, Unknown. 1866 type: string 1867 type: 1868 description: Type of condition in CamelCase or in foo.example.com/CamelCase. 1869 Many .condition.type values are consistent across resources 1870 like Available, but because arbitrary conditions can be useful 1871 (see .node.status.conditions), the ability to deconflict is 1872 important. 1873 type: string 1874 required: 1875 - status 1876 - type 1877 type: object 1878 type: array 1879 externalManagedControlPlane: 1880 default: true 1881 description: ExternalManagedControlPlane indicates to cluster-api 1882 that the control plane is managed by an external service such as 1883 AKS, EKS, GKE, etc. 1884 type: boolean 1885 failureDomains: 1886 additionalProperties: 1887 description: FailureDomainSpec is the Schema for Cluster API failure 1888 domains. It allows controllers to understand how many failure 1889 domains a cluster can optionally span across. 1890 properties: 1891 attributes: 1892 additionalProperties: 1893 type: string 1894 description: Attributes is a free form map of attributes an 1895 infrastructure provider might use or require. 1896 type: object 1897 controlPlane: 1898 description: ControlPlane determines if this failure domain 1899 is suitable for use by control plane machines. 1900 type: boolean 1901 type: object 1902 description: FailureDomains specifies a list fo available availability 1903 zones that can be used 1904 type: object 1905 failureMessage: 1906 description: ErrorMessage indicates that there is a terminal problem 1907 reconciling the state, and will be set to a descriptive error message. 1908 type: string 1909 identityProviderStatus: 1910 description: IdentityProviderStatus holds the status for associated 1911 identity provider 1912 properties: 1913 arn: 1914 description: ARN holds the ARN of associated identity provider 1915 type: string 1916 status: 1917 description: Status holds current status of associated identity 1918 provider 1919 type: string 1920 type: object 1921 initialized: 1922 description: Initialized denotes whether or not the control plane 1923 has the uploaded kubernetes config-map. 1924 type: boolean 1925 networkStatus: 1926 description: Networks holds details about the AWS networking resources 1927 used by the control plane 1928 properties: 1929 apiServerElb: 1930 description: APIServerELB is the Kubernetes api server classic 1931 load balancer. 1932 properties: 1933 attributes: 1934 description: Attributes defines extra attributes associated 1935 with the load balancer. 1936 properties: 1937 crossZoneLoadBalancing: 1938 description: CrossZoneLoadBalancing enables the classic 1939 load balancer load balancing. 1940 type: boolean 1941 idleTimeout: 1942 description: IdleTimeout is time that the connection is 1943 allowed to be idle (no data has been sent over the connection) 1944 before it is closed by the load balancer. 1945 format: int64 1946 type: integer 1947 type: object 1948 availabilityZones: 1949 description: AvailabilityZones is an array of availability 1950 zones in the VPC attached to the load balancer. 1951 items: 1952 type: string 1953 type: array 1954 dnsName: 1955 description: DNSName is the dns name of the load balancer. 1956 type: string 1957 healthChecks: 1958 description: HealthCheck is the classic elb health check associated 1959 with the load balancer. 1960 properties: 1961 healthyThreshold: 1962 format: int64 1963 type: integer 1964 interval: 1965 description: A Duration represents the elapsed time between 1966 two instants as an int64 nanosecond count. The representation 1967 limits the largest representable duration to approximately 1968 290 years. 1969 format: int64 1970 type: integer 1971 target: 1972 type: string 1973 timeout: 1974 description: A Duration represents the elapsed time between 1975 two instants as an int64 nanosecond count. The representation 1976 limits the largest representable duration to approximately 1977 290 years. 1978 format: int64 1979 type: integer 1980 unhealthyThreshold: 1981 format: int64 1982 type: integer 1983 required: 1984 - healthyThreshold 1985 - interval 1986 - target 1987 - timeout 1988 - unhealthyThreshold 1989 type: object 1990 listeners: 1991 description: Listeners is an array of classic elb listeners 1992 associated with the load balancer. There must be at least 1993 one. 1994 items: 1995 description: ClassicELBListener defines an AWS classic load 1996 balancer listener. 1997 properties: 1998 instancePort: 1999 format: int64 2000 type: integer 2001 instanceProtocol: 2002 description: ClassicELBProtocol defines listener protocols 2003 for a classic load balancer. 2004 type: string 2005 port: 2006 format: int64 2007 type: integer 2008 protocol: 2009 description: ClassicELBProtocol defines listener protocols 2010 for a classic load balancer. 2011 type: string 2012 required: 2013 - instancePort 2014 - instanceProtocol 2015 - port 2016 - protocol 2017 type: object 2018 type: array 2019 name: 2020 description: The name of the load balancer. It must be unique 2021 within the set of load balancers defined in the region. 2022 It also serves as identifier. 2023 type: string 2024 scheme: 2025 description: Scheme is the load balancer scheme, either internet-facing 2026 or private. 2027 type: string 2028 securityGroupIds: 2029 description: SecurityGroupIDs is an array of security groups 2030 assigned to the load balancer. 2031 items: 2032 type: string 2033 type: array 2034 subnetIds: 2035 description: SubnetIDs is an array of subnets in the VPC attached 2036 to the load balancer. 2037 items: 2038 type: string 2039 type: array 2040 tags: 2041 additionalProperties: 2042 type: string 2043 description: Tags is a map of tags associated with the load 2044 balancer. 2045 type: object 2046 type: object 2047 securityGroups: 2048 additionalProperties: 2049 description: SecurityGroup defines an AWS security group. 2050 properties: 2051 id: 2052 description: ID is a unique identifier. 2053 type: string 2054 ingressRule: 2055 description: IngressRules is the inbound rules associated 2056 with the security group. 2057 items: 2058 description: IngressRule defines an AWS ingress rule for 2059 security groups. 2060 properties: 2061 cidrBlocks: 2062 description: List of CIDR blocks to allow access from. 2063 Cannot be specified with SourceSecurityGroupID. 2064 items: 2065 type: string 2066 type: array 2067 description: 2068 type: string 2069 fromPort: 2070 format: int64 2071 type: integer 2072 protocol: 2073 description: SecurityGroupProtocol defines the protocol 2074 type for a security group rule. 2075 type: string 2076 sourceSecurityGroupIds: 2077 description: The security group id to allow access 2078 from. Cannot be specified with CidrBlocks. 2079 items: 2080 type: string 2081 type: array 2082 toPort: 2083 format: int64 2084 type: integer 2085 required: 2086 - description 2087 - fromPort 2088 - protocol 2089 - toPort 2090 type: object 2091 type: array 2092 name: 2093 description: Name is the security group name. 2094 type: string 2095 tags: 2096 additionalProperties: 2097 type: string 2098 description: Tags is a map of tags associated with the security 2099 group. 2100 type: object 2101 required: 2102 - id 2103 - name 2104 type: object 2105 description: SecurityGroups is a map from the role/kind of the 2106 security group to its unique name, if any. 2107 type: object 2108 type: object 2109 oidcProvider: 2110 description: OIDCProvider holds the status of the identity provider 2111 for this cluster 2112 properties: 2113 arn: 2114 description: ARN holds the ARN of the provider 2115 type: string 2116 trustPolicy: 2117 description: TrustPolicy contains the boilerplate IAM trust policy 2118 to use for IRSA 2119 type: string 2120 type: object 2121 ready: 2122 default: false 2123 description: Ready denotes that the AWSManagedControlPlane API Server 2124 is ready to receive requests and that the VPC infra is ready. 2125 type: boolean 2126 required: 2127 - ready 2128 type: object 2129 type: object 2130 served: true 2131 storage: false 2132 subresources: 2133 status: {} 2134 - additionalPrinterColumns: 2135 - description: Cluster to which this AWSManagedControl belongs 2136 jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name 2137 name: Cluster 2138 type: string 2139 - description: Control plane infrastructure is ready for worker nodes 2140 jsonPath: .status.ready 2141 name: Ready 2142 type: string 2143 - description: AWS VPC the control plane is using 2144 jsonPath: .spec.network.vpc.id 2145 name: VPC 2146 type: string 2147 - description: API Endpoint 2148 jsonPath: .spec.controlPlaneEndpoint.host 2149 name: Endpoint 2150 priority: 1 2151 type: string 2152 - description: Bastion IP address for breakglass access 2153 jsonPath: .status.bastion.publicIp 2154 name: Bastion IP 2155 type: string 2156 name: v1beta1 2157 schema: 2158 openAPIV3Schema: 2159 description: AWSManagedControlPlane is the schema for the Amazon EKS Managed 2160 Control Plane API. 2161 properties: 2162 apiVersion: 2163 description: 'APIVersion defines the versioned schema of this representation 2164 of an object. Servers should convert recognized schemas to the latest 2165 internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' 2166 type: string 2167 kind: 2168 description: 'Kind is a string value representing the REST resource this 2169 object represents. Servers may infer this from the endpoint the client 2170 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' 2171 type: string 2172 metadata: 2173 type: object 2174 spec: 2175 description: AWSManagedControlPlaneSpec defines the desired state of an 2176 Amazon EKS Cluster. 2177 properties: 2178 additionalTags: 2179 additionalProperties: 2180 type: string 2181 description: AdditionalTags is an optional set of tags to add to AWS 2182 resources managed by the AWS provider, in addition to the ones added 2183 by default. 2184 type: object 2185 addons: 2186 description: Addons defines the EKS addons to enable with the EKS 2187 cluster. 2188 items: 2189 description: Addon represents a EKS addon. 2190 properties: 2191 conflictResolution: 2192 default: none 2193 description: ConflictResolution is used to declare what should 2194 happen if there are parameter conflicts. Defaults to none 2195 enum: 2196 - overwrite 2197 - none 2198 type: string 2199 name: 2200 description: Name is the name of the addon 2201 minLength: 2 2202 type: string 2203 serviceAccountRoleARN: 2204 description: ServiceAccountRoleArn is the ARN of an IAM role 2205 to bind to the addons service account 2206 type: string 2207 version: 2208 description: Version is the version of the addon to use 2209 type: string 2210 required: 2211 - name 2212 - version 2213 type: object 2214 type: array 2215 associateOIDCProvider: 2216 default: false 2217 description: AssociateOIDCProvider can be enabled to automatically 2218 create an identity provider for the controller for use with IAM 2219 roles for service accounts 2220 type: boolean 2221 bastion: 2222 description: Bastion contains options to configure the bastion host. 2223 properties: 2224 allowedCIDRBlocks: 2225 description: AllowedCIDRBlocks is a list of CIDR blocks allowed 2226 to access the bastion host. They are set as ingress rules for 2227 the Bastion host's Security Group (defaults to 0.0.0.0/0). 2228 items: 2229 type: string 2230 type: array 2231 ami: 2232 description: AMI will use the specified AMI to boot the bastion. 2233 If not specified, the AMI will default to one picked out in 2234 public space. 2235 type: string 2236 disableIngressRules: 2237 description: DisableIngressRules will ensure there are no Ingress 2238 rules in the bastion host's security group. Requires AllowedCIDRBlocks 2239 to be empty. 2240 type: boolean 2241 enabled: 2242 description: Enabled allows this provider to create a bastion 2243 host instance with a public ip to access the VPC private network. 2244 type: boolean 2245 instanceType: 2246 description: InstanceType will use the specified instance type 2247 for the bastion. If not specified, Cluster API Provider AWS 2248 will use t3.micro for all regions except us-east-1, where t2.micro 2249 will be the default. 2250 type: string 2251 type: object 2252 controlPlaneEndpoint: 2253 description: ControlPlaneEndpoint represents the endpoint used to 2254 communicate with the control plane. 2255 properties: 2256 host: 2257 description: The hostname on which the API server is serving. 2258 type: string 2259 port: 2260 description: The port on which the API server is serving. 2261 format: int32 2262 type: integer 2263 required: 2264 - host 2265 - port 2266 type: object 2267 disableVPCCNI: 2268 default: false 2269 description: DisableVPCCNI indicates that the Amazon VPC CNI should 2270 be disabled. With EKS clusters the Amazon VPC CNI is automatically 2271 installed into the cluster. For clusters where you want to use an 2272 alternate CNI this option provides a way to specify that the Amazon 2273 VPC CNI should be deleted. You cannot set this to true if you are 2274 using the Amazon VPC CNI addon. 2275 type: boolean 2276 eksClusterName: 2277 description: EKSClusterName allows you to specify the name of the 2278 EKS cluster in AWS. If you don't specify a name then a default name 2279 will be created based on the namespace and name of the managed control 2280 plane. 2281 type: string 2282 encryptionConfig: 2283 description: EncryptionConfig specifies the encryption configuration 2284 for the cluster 2285 properties: 2286 provider: 2287 description: Provider specifies the ARN or alias of the CMK (in 2288 AWS KMS) 2289 type: string 2290 resources: 2291 description: Resources specifies the resources to be encrypted 2292 items: 2293 type: string 2294 type: array 2295 type: object 2296 endpointAccess: 2297 description: Endpoints specifies access to this cluster's control 2298 plane endpoints 2299 properties: 2300 private: 2301 description: Private points VPC-internal control plane access 2302 to the private endpoint 2303 type: boolean 2304 public: 2305 description: Public controls whether control plane endpoints are 2306 publicly accessible 2307 type: boolean 2308 publicCIDRs: 2309 description: PublicCIDRs specifies which blocks can access the 2310 public endpoint 2311 items: 2312 type: string 2313 type: array 2314 type: object 2315 iamAuthenticatorConfig: 2316 description: IAMAuthenticatorConfig allows the specification of any 2317 additional user or role mappings for use when generating the aws-iam-authenticator 2318 configuration. If this is nil the default configuration is still 2319 generated for the cluster. 2320 properties: 2321 mapRoles: 2322 description: RoleMappings is a list of role mappings 2323 items: 2324 description: RoleMapping represents a mapping from a IAM role 2325 to Kubernetes users and groups. 2326 properties: 2327 groups: 2328 description: Groups is a list of kubernetes RBAC groups 2329 items: 2330 type: string 2331 type: array 2332 rolearn: 2333 description: RoleARN is the AWS ARN for the role to map 2334 minLength: 31 2335 type: string 2336 username: 2337 description: UserName is a kubernetes RBAC user subject 2338 type: string 2339 required: 2340 - groups 2341 - rolearn 2342 - username 2343 type: object 2344 type: array 2345 mapUsers: 2346 description: UserMappings is a list of user mappings 2347 items: 2348 description: UserMapping represents a mapping from an IAM user 2349 to Kubernetes users and groups. 2350 properties: 2351 groups: 2352 description: Groups is a list of kubernetes RBAC groups 2353 items: 2354 type: string 2355 type: array 2356 userarn: 2357 description: UserARN is the AWS ARN for the user to map 2358 minLength: 31 2359 type: string 2360 username: 2361 description: UserName is a kubernetes RBAC user subject 2362 type: string 2363 required: 2364 - groups 2365 - userarn 2366 - username 2367 type: object 2368 type: array 2369 type: object 2370 identityRef: 2371 description: IdentityRef is a reference to a identity to be used when 2372 reconciling the managed control plane. 2373 properties: 2374 kind: 2375 description: Kind of the identity. 2376 enum: 2377 - AWSClusterControllerIdentity 2378 - AWSClusterRoleIdentity 2379 - AWSClusterStaticIdentity 2380 type: string 2381 name: 2382 description: Name of the identity. 2383 minLength: 1 2384 type: string 2385 required: 2386 - kind 2387 - name 2388 type: object 2389 imageLookupBaseOS: 2390 description: ImageLookupBaseOS is the name of the base operating system 2391 used to look up machine images when a machine does not specify an 2392 AMI. When set, this will be used for all cluster machines unless 2393 a machine specifies a different ImageLookupBaseOS. 2394 type: string 2395 imageLookupFormat: 2396 description: 'ImageLookupFormat is the AMI naming format to look up 2397 machine images when a machine does not specify an AMI. When set, 2398 this will be used for all cluster machines unless a machine specifies 2399 a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} 2400 and {{.K8sVersion}} with the base OS and kubernetes version, respectively. 2401 The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the 2402 default), and the kubernetes version as defined by the packages 2403 produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, 2404 or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* 2405 will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* 2406 for a Machine that is targeting kubernetes v1.18.0 and the ubuntu 2407 base OS. See also: https://golang.org/pkg/text/template/' 2408 type: string 2409 imageLookupOrg: 2410 description: ImageLookupOrg is the AWS Organization ID to look up 2411 machine images when a machine does not specify an AMI. When set, 2412 this will be used for all cluster machines unless a machine specifies 2413 a different ImageLookupOrg. 2414 type: string 2415 kubeProxy: 2416 description: KubeProxy defines managed attributes of the kube-proxy 2417 daemonset 2418 properties: 2419 disable: 2420 default: false 2421 description: Disable set to true indicates that kube-proxy should 2422 be disabled. With EKS clusters kube-proxy is automatically installed 2423 into the cluster. For clusters where you want to use kube-proxy 2424 functionality that is provided with an alternate CNI, this option 2425 provides a way to specify that the kube-proxy daemonset should 2426 be deleted. You cannot set this to true if you are using the 2427 Amazon kube-proxy addon. 2428 type: boolean 2429 type: object 2430 logging: 2431 description: Logging specifies which EKS Cluster logs should be enabled. 2432 Entries for each of the enabled logs will be sent to CloudWatch 2433 properties: 2434 apiServer: 2435 default: false 2436 description: APIServer indicates if the Kubernetes API Server 2437 log (kube-apiserver) shoulkd be enabled 2438 type: boolean 2439 audit: 2440 default: false 2441 description: Audit indicates if the Kubernetes API audit log should 2442 be enabled 2443 type: boolean 2444 authenticator: 2445 default: false 2446 description: Authenticator indicates if the iam authenticator 2447 log should be enabled 2448 type: boolean 2449 controllerManager: 2450 default: false 2451 description: ControllerManager indicates if the controller manager 2452 (kube-controller-manager) log should be enabled 2453 type: boolean 2454 scheduler: 2455 default: false 2456 description: Scheduler indicates if the Kubernetes scheduler (kube-scheduler) 2457 log should be enabled 2458 type: boolean 2459 required: 2460 - apiServer 2461 - audit 2462 - authenticator 2463 - controllerManager 2464 - scheduler 2465 type: object 2466 network: 2467 description: NetworkSpec encapsulates all things related to AWS network. 2468 properties: 2469 cni: 2470 description: CNI configuration 2471 properties: 2472 cniIngressRules: 2473 description: CNIIngressRules specify rules to apply to control 2474 plane and worker node security groups. The source for the 2475 rule will be set to control plane and worker security group 2476 IDs. 2477 items: 2478 description: CNIIngressRule defines an AWS ingress rule 2479 for CNI requirements. 2480 properties: 2481 description: 2482 type: string 2483 fromPort: 2484 format: int64 2485 type: integer 2486 protocol: 2487 description: SecurityGroupProtocol defines the protocol 2488 type for a security group rule. 2489 type: string 2490 toPort: 2491 format: int64 2492 type: integer 2493 required: 2494 - description 2495 - fromPort 2496 - protocol 2497 - toPort 2498 type: object 2499 type: array 2500 type: object 2501 securityGroupOverrides: 2502 additionalProperties: 2503 type: string 2504 description: SecurityGroupOverrides is an optional set of security 2505 groups to use for cluster instances This is optional - if not 2506 provided new security groups will be created for the cluster 2507 type: object 2508 subnets: 2509 description: Subnets configuration. 2510 items: 2511 description: SubnetSpec configures an AWS Subnet. 2512 properties: 2513 availabilityZone: 2514 description: AvailabilityZone defines the availability zone 2515 to use for this subnet in the cluster's region. 2516 type: string 2517 cidrBlock: 2518 description: CidrBlock is the CIDR block to be used when 2519 the provider creates a managed VPC. 2520 type: string 2521 id: 2522 description: ID defines a unique identifier to reference 2523 this resource. 2524 type: string 2525 isPublic: 2526 description: IsPublic defines the subnet as a public subnet. 2527 A subnet is public when it is associated with a route 2528 table that has a route to an internet gateway. 2529 type: boolean 2530 natGatewayId: 2531 description: NatGatewayID is the NAT gateway id associated 2532 with the subnet. Ignored unless the subnet is managed 2533 by the provider, in which case this is set on the public 2534 subnet where the NAT gateway resides. It is then used 2535 to determine routes for private subnets in the same AZ 2536 as the public subnet. 2537 type: string 2538 routeTableId: 2539 description: RouteTableID is the routing table id associated 2540 with the subnet. 2541 type: string 2542 tags: 2543 additionalProperties: 2544 type: string 2545 description: Tags is a collection of tags describing the 2546 resource. 2547 type: object 2548 type: object 2549 type: array 2550 vpc: 2551 description: VPC configuration. 2552 properties: 2553 availabilityZoneSelection: 2554 default: Ordered 2555 description: 'AvailabilityZoneSelection specifies how AZs 2556 should be selected if there are more AZs in a region than 2557 specified by AvailabilityZoneUsageLimit. There are 2 selection 2558 schemes: Ordered - selects based on alphabetical order Random 2559 - selects AZs randomly in a region Defaults to Ordered' 2560 enum: 2561 - Ordered 2562 - Random 2563 type: string 2564 availabilityZoneUsageLimit: 2565 default: 3 2566 description: AvailabilityZoneUsageLimit specifies the maximum 2567 number of availability zones (AZ) that should be used in 2568 a region when automatically creating subnets. If a region 2569 has more than this number of AZs then this number of AZs 2570 will be picked randomly when creating default subnets. Defaults 2571 to 3 2572 minimum: 1 2573 type: integer 2574 cidrBlock: 2575 description: CidrBlock is the CIDR block to be used when the 2576 provider creates a managed VPC. Defaults to 10.0.0.0/16. 2577 type: string 2578 id: 2579 description: ID is the vpc-id of the VPC this provider should 2580 use to create resources. 2581 type: string 2582 internetGatewayId: 2583 description: InternetGatewayID is the id of the internet gateway 2584 associated with the VPC. 2585 type: string 2586 tags: 2587 additionalProperties: 2588 type: string 2589 description: Tags is a collection of tags describing the resource. 2590 type: object 2591 type: object 2592 type: object 2593 oidcIdentityProviderConfig: 2594 description: IdentityProviderconfig is used to specify the oidc provider 2595 config to be attached with this eks cluster 2596 properties: 2597 clientId: 2598 description: This is also known as audience. The ID for the client 2599 application that makes authentication requests to the OpenID 2600 identity provider. 2601 type: string 2602 groupsClaim: 2603 description: The JWT claim that the provider uses to return your 2604 groups. 2605 type: string 2606 groupsPrefix: 2607 description: 'The prefix that is prepended to group claims to 2608 prevent clashes with existing names (such as system: groups). 2609 For example, the valueoidc: will create group names like oidc:engineering 2610 and oidc:infra.' 2611 type: string 2612 identityProviderConfigName: 2613 description: "The name of the OIDC provider configuration. \n 2614 IdentityProviderConfigName is a required field" 2615 type: string 2616 issuerUrl: 2617 description: The URL of the OpenID identity provider that allows 2618 the API server to discover public signing keys for verifying 2619 tokens. The URL must begin with https:// and should correspond 2620 to the iss claim in the provider's OIDC ID tokens. Per the OIDC 2621 standard, path components are allowed but query parameters are 2622 not. Typically the URL consists of only a hostname, like https://server.example.org 2623 or https://example.com. This URL should point to the level below 2624 .well-known/openid-configuration and must be publicly accessible 2625 over the internet. 2626 type: string 2627 requiredClaims: 2628 additionalProperties: 2629 type: string 2630 description: The key value pairs that describe required claims 2631 in the identity token. If set, each claim is verified to be 2632 present in the token with a matching value. For the maximum 2633 number of claims that you can require, see Amazon EKS service 2634 quotas (https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html) 2635 in the Amazon EKS User Guide. 2636 type: object 2637 tags: 2638 additionalProperties: 2639 type: string 2640 description: tags to apply to oidc identity provider association 2641 type: object 2642 usernameClaim: 2643 description: The JSON Web Token (JWT) claim to use as the username. 2644 The default is sub, which is expected to be a unique identifier 2645 of the end user. You can choose other claims, such as email 2646 or name, depending on the OpenID identity provider. Claims other 2647 than email are prefixed with the issuer URL to prevent naming 2648 clashes with other plug-ins. 2649 type: string 2650 usernamePrefix: 2651 description: The prefix that is prepended to username claims to 2652 prevent clashes with existing names. If you do not provide this 2653 field, and username is a value other than email, the prefix 2654 defaults to issuerurl#. You can use the value - to disable all 2655 prefixing. 2656 type: string 2657 type: object 2658 region: 2659 description: The AWS Region the cluster lives in. 2660 type: string 2661 roleAdditionalPolicies: 2662 description: RoleAdditionalPolicies allows you to attach additional 2663 polices to the control plane role. You must enable the EKSAllowAddRoles 2664 feature flag to incorporate these into the created role. 2665 items: 2666 type: string 2667 type: array 2668 roleName: 2669 description: RoleName specifies the name of IAM role that gives EKS 2670 permission to make API calls. If the role is pre-existing we will 2671 treat it as unmanaged and not delete it on deletion. If the EKSEnableIAM 2672 feature flag is true and no name is supplied then a role is created. 2673 minLength: 2 2674 type: string 2675 secondaryCidrBlock: 2676 description: SecondaryCidrBlock is the additional CIDR range to use 2677 for pod IPs. Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. 2678 type: string 2679 sshKeyName: 2680 description: SSHKeyName is the name of the ssh key to attach to the 2681 bastion host. Valid values are empty string (do not use SSH keys), 2682 a valid SSH key name, or omitted (use the default SSH key name) 2683 type: string 2684 tokenMethod: 2685 default: iam-authenticator 2686 description: TokenMethod is used to specify the method for obtaining 2687 a client token for communicating with EKS iam-authenticator - obtains 2688 a client token using iam-authentictor aws-cli - obtains a client 2689 token using the AWS CLI Defaults to iam-authenticator 2690 enum: 2691 - iam-authenticator 2692 - aws-cli 2693 type: string 2694 version: 2695 description: Version defines the desired Kubernetes version. If no 2696 version number is supplied then the latest version of Kubernetes 2697 that EKS supports will be used. 2698 minLength: 2 2699 pattern: ^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?$ 2700 type: string 2701 type: object 2702 status: 2703 description: AWSManagedControlPlaneStatus defines the observed state of 2704 an Amazon EKS Cluster. 2705 properties: 2706 addons: 2707 description: Addons holds the current status of the EKS addons 2708 items: 2709 description: AddonState represents the state of an addon. 2710 properties: 2711 arn: 2712 description: ARN is the AWS ARN of the addon 2713 type: string 2714 createdAt: 2715 description: CreatedAt is the date and time the addon was created 2716 at 2717 format: date-time 2718 type: string 2719 issues: 2720 description: Issues is a list of issue associated with the addon 2721 items: 2722 description: AddonIssue represents an issue with an addon. 2723 properties: 2724 code: 2725 description: Code is the issue code 2726 type: string 2727 message: 2728 description: Message is the textual description of the 2729 issue 2730 type: string 2731 resourceIds: 2732 description: ResourceIDs is a list of resource ids for 2733 the issue 2734 items: 2735 type: string 2736 type: array 2737 type: object 2738 type: array 2739 modifiedAt: 2740 description: ModifiedAt is the date and time the addon was last 2741 modified 2742 format: date-time 2743 type: string 2744 name: 2745 description: Name is the name of the addon 2746 type: string 2747 serviceAccountRoleARN: 2748 description: ServiceAccountRoleArn is the ARN of the IAM role 2749 used for the service account 2750 type: string 2751 status: 2752 description: Status is the status of the addon 2753 type: string 2754 version: 2755 description: Version is the version of the addon to use 2756 type: string 2757 required: 2758 - arn 2759 - name 2760 - version 2761 type: object 2762 type: array 2763 bastion: 2764 description: Bastion holds details of the instance that is used as 2765 a bastion jump box 2766 properties: 2767 addresses: 2768 description: Addresses contains the AWS instance associated addresses. 2769 items: 2770 description: MachineAddress contains information for the node's 2771 address. 2772 properties: 2773 address: 2774 description: The machine address. 2775 type: string 2776 type: 2777 description: Machine address type, one of Hostname, ExternalIP 2778 or InternalIP. 2779 type: string 2780 required: 2781 - address 2782 - type 2783 type: object 2784 type: array 2785 availabilityZone: 2786 description: Availability zone of instance 2787 type: string 2788 ebsOptimized: 2789 description: Indicates whether the instance is optimized for Amazon 2790 EBS I/O. 2791 type: boolean 2792 enaSupport: 2793 description: Specifies whether enhanced networking with ENA is 2794 enabled. 2795 type: boolean 2796 iamProfile: 2797 description: The name of the IAM instance profile associated with 2798 the instance, if applicable. 2799 type: string 2800 id: 2801 type: string 2802 imageId: 2803 description: The ID of the AMI used to launch the instance. 2804 type: string 2805 instanceState: 2806 description: The current state of the instance. 2807 type: string 2808 networkInterfaces: 2809 description: Specifies ENIs attached to instance 2810 items: 2811 type: string 2812 type: array 2813 nonRootVolumes: 2814 description: Configuration options for the non root storage volumes. 2815 items: 2816 description: Volume encapsulates the configuration options for 2817 the storage device. 2818 properties: 2819 deviceName: 2820 description: Device name 2821 type: string 2822 encrypted: 2823 description: Encrypted is whether the volume should be encrypted 2824 or not. 2825 type: boolean 2826 encryptionKey: 2827 description: EncryptionKey is the KMS key to use to encrypt 2828 the volume. Can be either a KMS key ID or ARN. If Encrypted 2829 is set and this is omitted, the default AWS key will be 2830 used. The key must already exist and be accessible by 2831 the controller. 2832 type: string 2833 iops: 2834 description: IOPS is the number of IOPS requested for the 2835 disk. Not applicable to all types. 2836 format: int64 2837 type: integer 2838 size: 2839 description: Size specifies size (in Gi) of the storage 2840 device. Must be greater than the image snapshot size or 2841 8 (whichever is greater). 2842 format: int64 2843 minimum: 8 2844 type: integer 2845 throughput: 2846 description: Throughput to provision in MiB/s supported 2847 for the volume type. Not applicable to all types. 2848 format: int64 2849 type: integer 2850 type: 2851 description: Type is the type of the volume (e.g. gp2, io1, 2852 etc...). 2853 type: string 2854 required: 2855 - size 2856 type: object 2857 type: array 2858 privateIp: 2859 description: The private IPv4 address assigned to the instance. 2860 type: string 2861 publicIp: 2862 description: The public IPv4 address assigned to the instance, 2863 if applicable. 2864 type: string 2865 rootVolume: 2866 description: Configuration options for the root storage volume. 2867 properties: 2868 deviceName: 2869 description: Device name 2870 type: string 2871 encrypted: 2872 description: Encrypted is whether the volume should be encrypted 2873 or not. 2874 type: boolean 2875 encryptionKey: 2876 description: EncryptionKey is the KMS key to use to encrypt 2877 the volume. Can be either a KMS key ID or ARN. If Encrypted 2878 is set and this is omitted, the default AWS key will be 2879 used. The key must already exist and be accessible by the 2880 controller. 2881 type: string 2882 iops: 2883 description: IOPS is the number of IOPS requested for the 2884 disk. Not applicable to all types. 2885 format: int64 2886 type: integer 2887 size: 2888 description: Size specifies size (in Gi) of the storage device. 2889 Must be greater than the image snapshot size or 8 (whichever 2890 is greater). 2891 format: int64 2892 minimum: 8 2893 type: integer 2894 throughput: 2895 description: Throughput to provision in MiB/s supported for 2896 the volume type. Not applicable to all types. 2897 format: int64 2898 type: integer 2899 type: 2900 description: Type is the type of the volume (e.g. gp2, io1, 2901 etc...). 2902 type: string 2903 required: 2904 - size 2905 type: object 2906 securityGroupIds: 2907 description: SecurityGroupIDs are one or more security group IDs 2908 this instance belongs to. 2909 items: 2910 type: string 2911 type: array 2912 spotMarketOptions: 2913 description: SpotMarketOptions option for configuring instances 2914 to be run using AWS Spot instances. 2915 properties: 2916 maxPrice: 2917 description: MaxPrice defines the maximum price the user is 2918 willing to pay for Spot VM instances 2919 type: string 2920 type: object 2921 sshKeyName: 2922 description: The name of the SSH key pair. 2923 type: string 2924 subnetId: 2925 description: The ID of the subnet of the instance. 2926 type: string 2927 tags: 2928 additionalProperties: 2929 type: string 2930 description: The tags associated with the instance. 2931 type: object 2932 tenancy: 2933 description: Tenancy indicates if instance should run on shared 2934 or single-tenant hardware. 2935 type: string 2936 type: 2937 description: The instance type. 2938 type: string 2939 userData: 2940 description: UserData is the raw data script passed to the instance 2941 which is run upon bootstrap. This field must not be base64 encoded 2942 and should only be used when running a new instance. 2943 type: string 2944 volumeIDs: 2945 description: IDs of the instance's volumes 2946 items: 2947 type: string 2948 type: array 2949 required: 2950 - id 2951 type: object 2952 conditions: 2953 description: Conditions specifies the cpnditions for the managed control 2954 plane 2955 items: 2956 description: Condition defines an observation of a Cluster API resource 2957 operational state. 2958 properties: 2959 lastTransitionTime: 2960 description: Last time the condition transitioned from one status 2961 to another. This should be when the underlying condition changed. 2962 If that is not known, then using the time when the API field 2963 changed is acceptable. 2964 format: date-time 2965 type: string 2966 message: 2967 description: A human readable message indicating details about 2968 the transition. This field may be empty. 2969 type: string 2970 reason: 2971 description: The reason for the condition's last transition 2972 in CamelCase. The specific API may choose whether or not this 2973 field is considered a guaranteed API. This field may not be 2974 empty. 2975 type: string 2976 severity: 2977 description: Severity provides an explicit classification of 2978 Reason code, so the users or machines can immediately understand 2979 the current situation and act accordingly. The Severity field 2980 MUST be set only when Status=False. 2981 type: string 2982 status: 2983 description: Status of the condition, one of True, False, Unknown. 2984 type: string 2985 type: 2986 description: Type of condition in CamelCase or in foo.example.com/CamelCase. 2987 Many .condition.type values are consistent across resources 2988 like Available, but because arbitrary conditions can be useful 2989 (see .node.status.conditions), the ability to deconflict is 2990 important. 2991 type: string 2992 required: 2993 - lastTransitionTime 2994 - status 2995 - type 2996 type: object 2997 type: array 2998 externalManagedControlPlane: 2999 default: true 3000 description: ExternalManagedControlPlane indicates to cluster-api 3001 that the control plane is managed by an external service such as 3002 AKS, EKS, GKE, etc. 3003 type: boolean 3004 failureDomains: 3005 additionalProperties: 3006 description: FailureDomainSpec is the Schema for Cluster API failure 3007 domains. It allows controllers to understand how many failure 3008 domains a cluster can optionally span across. 3009 properties: 3010 attributes: 3011 additionalProperties: 3012 type: string 3013 description: Attributes is a free form map of attributes an 3014 infrastructure provider might use or require. 3015 type: object 3016 controlPlane: 3017 description: ControlPlane determines if this failure domain 3018 is suitable for use by control plane machines. 3019 type: boolean 3020 type: object 3021 description: FailureDomains specifies a list fo available availability 3022 zones that can be used 3023 type: object 3024 failureMessage: 3025 description: ErrorMessage indicates that there is a terminal problem 3026 reconciling the state, and will be set to a descriptive error message. 3027 type: string 3028 identityProviderStatus: 3029 description: IdentityProviderStatus holds the status for associated 3030 identity provider 3031 properties: 3032 arn: 3033 description: ARN holds the ARN of associated identity provider 3034 type: string 3035 status: 3036 description: Status holds current status of associated identity 3037 provider 3038 type: string 3039 type: object 3040 initialized: 3041 description: Initialized denotes whether or not the control plane 3042 has the uploaded kubernetes config-map. 3043 type: boolean 3044 networkStatus: 3045 description: Networks holds details about the AWS networking resources 3046 used by the control plane 3047 properties: 3048 apiServerElb: 3049 description: APIServerELB is the Kubernetes api server classic 3050 load balancer. 3051 properties: 3052 attributes: 3053 description: Attributes defines extra attributes associated 3054 with the load balancer. 3055 properties: 3056 crossZoneLoadBalancing: 3057 description: CrossZoneLoadBalancing enables the classic 3058 load balancer load balancing. 3059 type: boolean 3060 idleTimeout: 3061 description: IdleTimeout is time that the connection is 3062 allowed to be idle (no data has been sent over the connection) 3063 before it is closed by the load balancer. 3064 format: int64 3065 type: integer 3066 type: object 3067 availabilityZones: 3068 description: AvailabilityZones is an array of availability 3069 zones in the VPC attached to the load balancer. 3070 items: 3071 type: string 3072 type: array 3073 dnsName: 3074 description: DNSName is the dns name of the load balancer. 3075 type: string 3076 healthChecks: 3077 description: HealthCheck is the classic elb health check associated 3078 with the load balancer. 3079 properties: 3080 healthyThreshold: 3081 format: int64 3082 type: integer 3083 interval: 3084 description: A Duration represents the elapsed time between 3085 two instants as an int64 nanosecond count. The representation 3086 limits the largest representable duration to approximately 3087 290 years. 3088 format: int64 3089 type: integer 3090 target: 3091 type: string 3092 timeout: 3093 description: A Duration represents the elapsed time between 3094 two instants as an int64 nanosecond count. The representation 3095 limits the largest representable duration to approximately 3096 290 years. 3097 format: int64 3098 type: integer 3099 unhealthyThreshold: 3100 format: int64 3101 type: integer 3102 required: 3103 - healthyThreshold 3104 - interval 3105 - target 3106 - timeout 3107 - unhealthyThreshold 3108 type: object 3109 listeners: 3110 description: Listeners is an array of classic elb listeners 3111 associated with the load balancer. There must be at least 3112 one. 3113 items: 3114 description: ClassicELBListener defines an AWS classic load 3115 balancer listener. 3116 properties: 3117 instancePort: 3118 format: int64 3119 type: integer 3120 instanceProtocol: 3121 description: ClassicELBProtocol defines listener protocols 3122 for a classic load balancer. 3123 type: string 3124 port: 3125 format: int64 3126 type: integer 3127 protocol: 3128 description: ClassicELBProtocol defines listener protocols 3129 for a classic load balancer. 3130 type: string 3131 required: 3132 - instancePort 3133 - instanceProtocol 3134 - port 3135 - protocol 3136 type: object 3137 type: array 3138 name: 3139 description: The name of the load balancer. It must be unique 3140 within the set of load balancers defined in the region. 3141 It also serves as identifier. 3142 type: string 3143 scheme: 3144 description: Scheme is the load balancer scheme, either internet-facing 3145 or private. 3146 type: string 3147 securityGroupIds: 3148 description: SecurityGroupIDs is an array of security groups 3149 assigned to the load balancer. 3150 items: 3151 type: string 3152 type: array 3153 subnetIds: 3154 description: SubnetIDs is an array of subnets in the VPC attached 3155 to the load balancer. 3156 items: 3157 type: string 3158 type: array 3159 tags: 3160 additionalProperties: 3161 type: string 3162 description: Tags is a map of tags associated with the load 3163 balancer. 3164 type: object 3165 type: object 3166 securityGroups: 3167 additionalProperties: 3168 description: SecurityGroup defines an AWS security group. 3169 properties: 3170 id: 3171 description: ID is a unique identifier. 3172 type: string 3173 ingressRule: 3174 description: IngressRules is the inbound rules associated 3175 with the security group. 3176 items: 3177 description: IngressRule defines an AWS ingress rule for 3178 security groups. 3179 properties: 3180 cidrBlocks: 3181 description: List of CIDR blocks to allow access from. 3182 Cannot be specified with SourceSecurityGroupID. 3183 items: 3184 type: string 3185 type: array 3186 description: 3187 type: string 3188 fromPort: 3189 format: int64 3190 type: integer 3191 protocol: 3192 description: SecurityGroupProtocol defines the protocol 3193 type for a security group rule. 3194 type: string 3195 sourceSecurityGroupIds: 3196 description: The security group id to allow access 3197 from. Cannot be specified with CidrBlocks. 3198 items: 3199 type: string 3200 type: array 3201 toPort: 3202 format: int64 3203 type: integer 3204 required: 3205 - description 3206 - fromPort 3207 - protocol 3208 - toPort 3209 type: object 3210 type: array 3211 name: 3212 description: Name is the security group name. 3213 type: string 3214 tags: 3215 additionalProperties: 3216 type: string 3217 description: Tags is a map of tags associated with the security 3218 group. 3219 type: object 3220 required: 3221 - id 3222 - name 3223 type: object 3224 description: SecurityGroups is a map from the role/kind of the 3225 security group to its unique name, if any. 3226 type: object 3227 type: object 3228 oidcProvider: 3229 description: OIDCProvider holds the status of the identity provider 3230 for this cluster 3231 properties: 3232 arn: 3233 description: ARN holds the ARN of the provider 3234 type: string 3235 trustPolicy: 3236 description: TrustPolicy contains the boilerplate IAM trust policy 3237 to use for IRSA 3238 type: string 3239 type: object 3240 ready: 3241 default: false 3242 description: Ready denotes that the AWSManagedControlPlane API Server 3243 is ready to receive requests and that the VPC infra is ready. 3244 type: boolean 3245 required: 3246 - ready 3247 type: object 3248 type: object 3249 served: true 3250 storage: true 3251 subresources: 3252 status: {} 3253 status: 3254 acceptedNames: 3255 kind: "" 3256 plural: "" 3257 conditions: [] 3258 storedVersions: []