sigs.k8s.io/cluster-api-provider-aws@v1.5.5/controlplane/eks/api/v1alpha3/awsmanagedcontrolplane_types.go (about) 1 /* 2 Copyright 2020 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package v1alpha3 18 19 import ( 20 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 22 infrav1alpha3 "sigs.k8s.io/cluster-api-provider-aws/api/v1alpha3" 23 clusterv1alpha3 "sigs.k8s.io/cluster-api/api/v1alpha3" 24 ) 25 26 const ( 27 // ManagedControlPlaneFinalizer allows the controller to clean up resources on delete. 28 ManagedControlPlaneFinalizer = "awsmanagedcontrolplane.controlplane.cluster.x-k8s.io" 29 ) 30 31 // AWSManagedControlPlaneSpec defines the desired state of AWSManagedControlPlane 32 type AWSManagedControlPlaneSpec struct { //nolint: maligned 33 // EKSClusterName allows you to specify the name of the EKS cluster in 34 // AWS. If you don't specify a name then a default name will be created 35 // based on the namespace and name of the managed control plane. 36 // +optional 37 EKSClusterName string `json:"eksClusterName,omitempty"` 38 39 // IdentityRef is a reference to a identity to be used when reconciling the managed control plane. 40 // +optional 41 IdentityRef *infrav1alpha3.AWSIdentityReference `json:"identityRef,omitempty"` 42 43 // NetworkSpec encapsulates all things related to AWS network. 44 NetworkSpec infrav1alpha3.NetworkSpec `json:"networkSpec,omitempty"` 45 46 // SecondaryCidrBlock is the additional CIDR range to use for pod IPs. 47 // Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. 48 // +optional 49 SecondaryCidrBlock *string `json:"secondaryCidrBlock,omitempty"` 50 51 // The AWS Region the cluster lives in. 52 Region string `json:"region,omitempty"` 53 54 // SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) 55 // +optional 56 SSHKeyName *string `json:"sshKeyName,omitempty"` 57 58 // Version defines the desired Kubernetes version. If no version number 59 // is supplied then the latest version of Kubernetes that EKS supports 60 // will be used. 61 // +kubebuilder:validation:MinLength:=2 62 // +kubebuilder:validation:Pattern:=^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?$ 63 // +optional 64 Version *string `json:"version,omitempty"` 65 66 // RoleName specifies the name of IAM role that gives EKS 67 // permission to make API calls. If the role is pre-existing 68 // we will treat it as unmanaged and not delete it on 69 // deletion. If the EKSEnableIAM feature flag is true 70 // and no name is supplied then a role is created. 71 // +kubebuilder:validation:MinLength:=2 72 // +optional 73 RoleName *string `json:"roleName,omitempty"` 74 75 // RoleAdditionalPolicies allows you to attach additional polices to 76 // the control plane role. You must enable the EKSAllowAddRoles 77 // feature flag to incorporate these into the created role. 78 // +optional 79 RoleAdditionalPolicies *[]string `json:"roleAdditionalPolicies,omitempty"` 80 81 // Logging specifies which EKS Cluster logs should be enabled. Entries for 82 // each of the enabled logs will be sent to CloudWatch 83 // +optional 84 Logging *ControlPlaneLoggingSpec `json:"logging,omitempty"` 85 86 // EncryptionConfig specifies the encryption configuration for the cluster 87 // +optional 88 EncryptionConfig *EncryptionConfig `json:"encryptionConfig,omitempty"` 89 90 // AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the 91 // ones added by default. 92 // +optional 93 AdditionalTags infrav1alpha3.Tags `json:"additionalTags,omitempty"` 94 95 // IAMAuthenticatorConfig allows the specification of any additional user or role mappings 96 // for use when generating the aws-iam-authenticator configuration. If this is nil the 97 // default configuration is still generated for the cluster. 98 // +optional 99 IAMAuthenticatorConfig *IAMAuthenticatorConfig `json:"iamAuthenticatorConfig,omitempty"` 100 101 // Endpoints specifies access to this cluster's control plane endpoints 102 // +optional 103 EndpointAccess EndpointAccess `json:"endpointAccess,omitempty"` 104 105 // ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. 106 // +optional 107 ControlPlaneEndpoint clusterv1alpha3.APIEndpoint `json:"controlPlaneEndpoint"` 108 109 // ImageLookupFormat is the AMI naming format to look up machine images when 110 // a machine does not specify an AMI. When set, this will be used for all 111 // cluster machines unless a machine specifies a different ImageLookupOrg. 112 // Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base 113 // OS and kubernetes version, respectively. The BaseOS will be the value in 114 // ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as 115 // defined by the packages produced by kubernetes/release without v as a 116 // prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default 117 // image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up 118 // searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a 119 // Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See 120 // also: https://golang.org/pkg/text/template/ 121 // +optional 122 ImageLookupFormat string `json:"imageLookupFormat,omitempty"` 123 124 // ImageLookupOrg is the AWS Organization ID to look up machine images when a 125 // machine does not specify an AMI. When set, this will be used for all 126 // cluster machines unless a machine specifies a different ImageLookupOrg. 127 // +optional 128 ImageLookupOrg string `json:"imageLookupOrg,omitempty"` 129 130 // ImageLookupBaseOS is the name of the base operating system used to look 131 // up machine images when a machine does not specify an AMI. When set, this 132 // will be used for all cluster machines unless a machine specifies a 133 // different ImageLookupBaseOS. 134 ImageLookupBaseOS string `json:"imageLookupBaseOS,omitempty"` 135 136 // Bastion contains options to configure the bastion host. 137 // +optional 138 Bastion infrav1alpha3.Bastion `json:"bastion"` 139 140 // TokenMethod is used to specify the method for obtaining a client token for communicating with EKS 141 // iam-authenticator - obtains a client token using iam-authentictor 142 // aws-cli - obtains a client token using the AWS CLI 143 // Defaults to iam-authenticator 144 // +kubebuilder:default=iam-authenticator 145 // +kubebuilder:validation:Enum=iam-authenticator;aws-cli 146 TokenMethod *EKSTokenMethod `json:"tokenMethod,omitempty"` 147 148 // AssociateOIDCProvider can be enabled to automatically create an identity 149 // provider for the controller for use with IAM roles for service accounts 150 // +kubebuilder:default=false 151 AssociateOIDCProvider bool `json:"associateOIDCProvider,omitempty"` 152 153 // Addons defines the EKS addons to enable with the EKS cluster. 154 // +optional 155 Addons *[]Addon `json:"addons,omitempty"` 156 157 // DisableVPCCNI indicates that the Amazon VPC CNI should be disabled. With EKS clusters the 158 // Amazon VPC CNI is automatically installed into the cluster. For clusters where you want 159 // to use an alternate CNI this option provides a way to specify that the Amazon VPC CNI 160 // should be deleted. You cannot set this to true if you are using the 161 // Amazon VPC CNI addon. 162 // +kubebuilder:default=false 163 DisableVPCCNI bool `json:"disableVPCCNI,omitempty"` 164 } 165 166 // EndpointAccess specifies how control plane endpoints are accessible. 167 type EndpointAccess struct { 168 // Public controls whether control plane endpoints are publicly accessible 169 // +optional 170 Public *bool `json:"public,omitempty"` 171 // PublicCIDRs specifies which blocks can access the public endpoint 172 // +optional 173 PublicCIDRs []*string `json:"publicCIDRs,omitempty"` 174 // Private points VPC-internal control plane access to the private endpoint 175 // +optional 176 Private *bool `json:"private,omitempty"` 177 } 178 179 // EncryptionConfig specifies the encryption configuration for the EKS clsuter. 180 type EncryptionConfig struct { 181 // Provider specifies the ARN or alias of the CMK (in AWS KMS) 182 Provider *string `json:"provider,omitempty"` 183 // Resources specifies the resources to be encrypted 184 Resources []*string `json:"resources,omitempty"` 185 } 186 187 // OIDCProviderStatus holds the status of the AWS OIDC identity provider. 188 type OIDCProviderStatus struct { 189 // ARN holds the ARN of the provider 190 ARN string `json:"arn,omitempty"` 191 // TrustPolicy contains the boilerplate IAM trust policy to use for IRSA 192 TrustPolicy string `json:"trustPolicy,omitempty"` 193 } 194 195 // AWSManagedControlPlaneStatus defines the observed state of AWSManagedControlPlane 196 type AWSManagedControlPlaneStatus struct { 197 // Networks holds details about the AWS networking resources used by the control plane 198 // +optional 199 Network infrav1alpha3.Network `json:"network,omitempty"` 200 // FailureDomains specifies a list fo available availability zones that can be used 201 // +optional 202 FailureDomains clusterv1alpha3.FailureDomains `json:"failureDomains,omitempty"` 203 // Bastion holds details of the instance that is used as a bastion jump box 204 // +optional 205 Bastion *infrav1alpha3.Instance `json:"bastion,omitempty"` 206 // OIDCProvider holds the status of the identity provider for this cluster 207 // +optional 208 OIDCProvider OIDCProviderStatus `json:"oidcProvider,omitempty"` 209 // ExternalManagedControlPlane indicates to cluster-api that the control plane 210 // is managed by an external service such as AKS, EKS, GKE, etc. 211 // +kubebuilder:default=true 212 ExternalManagedControlPlane *bool `json:"externalManagedControlPlane,omitempty"` 213 // Initialized denotes whether or not the control plane has the 214 // uploaded kubernetes config-map. 215 // +optional 216 Initialized bool `json:"initialized"` 217 // Ready denotes that the AWSManagedControlPlane API Server is ready to 218 // receive requests and that the VPC infra is ready. 219 // +kubebuilder:default=false 220 Ready bool `json:"ready"` 221 // ErrorMessage indicates that there is a terminal problem reconciling the 222 // state, and will be set to a descriptive error message. 223 // +optional 224 FailureMessage *string `json:"failureMessage,omitempty"` 225 // Conditions specifies the cpnditions for the managed control plane 226 Conditions clusterv1alpha3.Conditions `json:"conditions,omitempty"` 227 // Addons holds the current status of the EKS addons 228 // +optional 229 Addons []AddonState `json:"addons,omitempty"` 230 } 231 232 // +kubebuilder:object:root=true 233 // +kubebuilder:object:root=true 234 // +kubebuilder:resource:path=awsmanagedcontrolplanes,shortName=awsmcp,scope=Namespaced,categories=cluster-api,shortName=awsmcp 235 // +kubebuilder:subresource:status 236 // +kubebuilder:printcolumn:name="Cluster",type="string",JSONPath=".metadata.labels.cluster\\.x-k8s\\.io/cluster-name",description="Cluster to which this AWSManagedControl belongs" 237 // +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.ready",description="Control plane infrastructure is ready for worker nodes" 238 // +kubebuilder:printcolumn:name="VPC",type="string",JSONPath=".spec.networkSpec.vpc.id",description="AWS VPC the control plane is using" 239 // +kubebuilder:printcolumn:name="Endpoint",type="string",JSONPath=".spec.controlPlaneEndpoint.host",description="API Endpoint",priority=1 240 // +kubebuilder:printcolumn:name="Bastion IP",type="string",JSONPath=".status.bastion.publicIp",description="Bastion IP address for breakglass access" 241 242 // AWSManagedControlPlane is the Schema for the awsmanagedcontrolplanes API 243 type AWSManagedControlPlane struct { 244 metav1.TypeMeta `json:",inline"` 245 metav1.ObjectMeta `json:"metadata,omitempty"` 246 247 Spec AWSManagedControlPlaneSpec `json:"spec,omitempty"` 248 Status AWSManagedControlPlaneStatus `json:"status,omitempty"` 249 } 250 251 // +kubebuilder:object:root=true 252 253 // AWSManagedControlPlaneList contains a list of AWSManagedControlPlane. 254 type AWSManagedControlPlaneList struct { 255 metav1.TypeMeta `json:",inline"` 256 metav1.ListMeta `json:"metadata,omitempty"` 257 Items []AWSManagedControlPlane `json:"items"` 258 } 259 260 // GetConditions returns the control planes conditions. 261 func (r *AWSManagedControlPlane) GetConditions() clusterv1alpha3.Conditions { 262 return r.Status.Conditions 263 } 264 265 // SetConditions sets the status conditions for the AWSManagedControlPlane. 266 func (r *AWSManagedControlPlane) SetConditions(conditions clusterv1alpha3.Conditions) { 267 r.Status.Conditions = conditions 268 } 269 270 func init() { 271 SchemeBuilder.Register(&AWSManagedControlPlane{}, &AWSManagedControlPlaneList{}) 272 }