sigs.k8s.io/cluster-api-provider-aws@v1.5.5/controlplane/eks/api/v1alpha4/awsmanagedcontrolplane_types.go (about) 1 /* 2 Copyright 2021 The Kubernetes Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package v1alpha4 18 19 import ( 20 metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 21 22 infrav1alpha4 "sigs.k8s.io/cluster-api-provider-aws/api/v1alpha4" 23 clusterv1alpha4 "sigs.k8s.io/cluster-api/api/v1alpha4" 24 ) 25 26 const ( 27 // ManagedControlPlaneFinalizer allows the controller to clean up resources on delete. 28 ManagedControlPlaneFinalizer = "awsmanagedcontrolplane.controlplane.cluster.x-k8s.io" 29 ) 30 31 // AWSManagedControlPlaneSpec defines the desired state of AWSManagedControlPlane 32 type AWSManagedControlPlaneSpec struct { //nolint: maligned 33 // EKSClusterName allows you to specify the name of the EKS cluster in 34 // AWS. If you don't specify a name then a default name will be created 35 // based on the namespace and name of the managed control plane. 36 // +optional 37 EKSClusterName string `json:"eksClusterName,omitempty"` 38 39 // IdentityRef is a reference to a identity to be used when reconciling the managed control plane. 40 // +optional 41 IdentityRef *infrav1alpha4.AWSIdentityReference `json:"identityRef,omitempty"` 42 43 // NetworkSpec encapsulates all things related to AWS network. 44 NetworkSpec infrav1alpha4.NetworkSpec `json:"network,omitempty"` 45 46 // SecondaryCidrBlock is the additional CIDR range to use for pod IPs. 47 // Must be within the 100.64.0.0/10 or 198.19.0.0/16 range. 48 // +optional 49 SecondaryCidrBlock *string `json:"secondaryCidrBlock,omitempty"` 50 51 // The AWS Region the cluster lives in. 52 Region string `json:"region,omitempty"` 53 54 // SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) 55 // +optional 56 SSHKeyName *string `json:"sshKeyName,omitempty"` 57 58 // Version defines the desired Kubernetes version. If no version number 59 // is supplied then the latest version of Kubernetes that EKS supports 60 // will be used. 61 // +kubebuilder:validation:MinLength:=2 62 // +kubebuilder:validation:Pattern:=^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.?$ 63 // +optional 64 Version *string `json:"version,omitempty"` 65 66 // RoleName specifies the name of IAM role that gives EKS 67 // permission to make API calls. If the role is pre-existing 68 // we will treat it as unmanaged and not delete it on 69 // deletion. If the EKSEnableIAM feature flag is true 70 // and no name is supplied then a role is created. 71 // +kubebuilder:validation:MinLength:=2 72 // +optional 73 RoleName *string `json:"roleName,omitempty"` 74 75 // RoleAdditionalPolicies allows you to attach additional polices to 76 // the control plane role. You must enable the EKSAllowAddRoles 77 // feature flag to incorporate these into the created role. 78 // +optional 79 RoleAdditionalPolicies *[]string `json:"roleAdditionalPolicies,omitempty"` 80 81 // Logging specifies which EKS Cluster logs should be enabled. Entries for 82 // each of the enabled logs will be sent to CloudWatch 83 // +optional 84 Logging *ControlPlaneLoggingSpec `json:"logging,omitempty"` 85 86 // EncryptionConfig specifies the encryption configuration for the cluster 87 // +optional 88 EncryptionConfig *EncryptionConfig `json:"encryptionConfig,omitempty"` 89 90 // AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the 91 // ones added by default. 92 // +optional 93 AdditionalTags infrav1alpha4.Tags `json:"additionalTags,omitempty"` 94 95 // IAMAuthenticatorConfig allows the specification of any additional user or role mappings 96 // for use when generating the aws-iam-authenticator configuration. If this is nil the 97 // default configuration is still generated for the cluster. 98 // +optional 99 IAMAuthenticatorConfig *IAMAuthenticatorConfig `json:"iamAuthenticatorConfig,omitempty"` 100 101 // Endpoints specifies access to this cluster's control plane endpoints 102 // +optional 103 EndpointAccess EndpointAccess `json:"endpointAccess,omitempty"` 104 105 // ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. 106 // +optional 107 ControlPlaneEndpoint clusterv1alpha4.APIEndpoint `json:"controlPlaneEndpoint"` 108 109 // ImageLookupFormat is the AMI naming format to look up machine images when 110 // a machine does not specify an AMI. When set, this will be used for all 111 // cluster machines unless a machine specifies a different ImageLookupOrg. 112 // Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base 113 // OS and kubernetes version, respectively. The BaseOS will be the value in 114 // ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as 115 // defined by the packages produced by kubernetes/release without v as a 116 // prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default 117 // image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up 118 // searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a 119 // Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See 120 // also: https://golang.org/pkg/text/template/ 121 // +optional 122 ImageLookupFormat string `json:"imageLookupFormat,omitempty"` 123 124 // ImageLookupOrg is the AWS Organization ID to look up machine images when a 125 // machine does not specify an AMI. When set, this will be used for all 126 // cluster machines unless a machine specifies a different ImageLookupOrg. 127 // +optional 128 ImageLookupOrg string `json:"imageLookupOrg,omitempty"` 129 130 // ImageLookupBaseOS is the name of the base operating system used to look 131 // up machine images when a machine does not specify an AMI. When set, this 132 // will be used for all cluster machines unless a machine specifies a 133 // different ImageLookupBaseOS. 134 ImageLookupBaseOS string `json:"imageLookupBaseOS,omitempty"` 135 136 // Bastion contains options to configure the bastion host. 137 // +optional 138 Bastion infrav1alpha4.Bastion `json:"bastion"` 139 140 // TokenMethod is used to specify the method for obtaining a client token for communicating with EKS 141 // iam-authenticator - obtains a client token using iam-authentictor 142 // aws-cli - obtains a client token using the AWS CLI 143 // Defaults to iam-authenticator 144 // +kubebuilder:default=iam-authenticator 145 // +kubebuilder:validation:Enum=iam-authenticator;aws-cli 146 TokenMethod *EKSTokenMethod `json:"tokenMethod,omitempty"` 147 148 // AssociateOIDCProvider can be enabled to automatically create an identity 149 // provider for the controller for use with IAM roles for service accounts 150 // +kubebuilder:default=false 151 AssociateOIDCProvider bool `json:"associateOIDCProvider,omitempty"` 152 153 // Addons defines the EKS addons to enable with the EKS cluster. 154 // +optional 155 Addons *[]Addon `json:"addons,omitempty"` 156 157 // IdentityProviderconfig is used to specify the oidc provider config 158 // to be attached with this eks cluster 159 // +optional 160 OIDCIdentityProviderConfig *OIDCIdentityProviderConfig `json:"oidcIdentityProviderConfig,omitempty"` 161 162 // DisableVPCCNI indicates that the Amazon VPC CNI should be disabled. With EKS clusters the 163 // Amazon VPC CNI is automatically installed into the cluster. For clusters where you want 164 // to use an alternate CNI this option provides a way to specify that the Amazon VPC CNI 165 // should be deleted. You cannot set this to true if you are using the 166 // Amazon VPC CNI addon. 167 // +kubebuilder:default=false 168 DisableVPCCNI bool `json:"disableVPCCNI,omitempty"` 169 } 170 171 // EndpointAccess specifies how control plane endpoints are accessible. 172 type EndpointAccess struct { 173 // Public controls whether control plane endpoints are publicly accessible 174 // +optional 175 Public *bool `json:"public,omitempty"` 176 // PublicCIDRs specifies which blocks can access the public endpoint 177 // +optional 178 PublicCIDRs []*string `json:"publicCIDRs,omitempty"` 179 // Private points VPC-internal control plane access to the private endpoint 180 // +optional 181 Private *bool `json:"private,omitempty"` 182 } 183 184 // EncryptionConfig specifies the encryption configuration for the EKS clsuter. 185 type EncryptionConfig struct { 186 // Provider specifies the ARN or alias of the CMK (in AWS KMS) 187 Provider *string `json:"provider,omitempty"` 188 // Resources specifies the resources to be encrypted 189 Resources []*string `json:"resources,omitempty"` 190 } 191 192 // OIDCProviderStatus holds the status of the AWS OIDC identity provider. 193 type OIDCProviderStatus struct { 194 // ARN holds the ARN of the provider 195 ARN string `json:"arn,omitempty"` 196 // TrustPolicy contains the boilerplate IAM trust policy to use for IRSA 197 TrustPolicy string `json:"trustPolicy,omitempty"` 198 } 199 200 type IdentityProviderStatus struct { 201 // ARN holds the ARN of associated identity provider 202 ARN string `json:"arn,omitempty"` 203 204 // Status holds current status of associated identity provider 205 Status string `json:"status,omitempty"` 206 } 207 208 // AWSManagedControlPlaneStatus defines the observed state of AWSManagedControlPlane 209 type AWSManagedControlPlaneStatus struct { 210 // Networks holds details about the AWS networking resources used by the control plane 211 // +optional 212 Network infrav1alpha4.NetworkStatus `json:"networkStatus,omitempty"` 213 // FailureDomains specifies a list fo available availability zones that can be used 214 // +optional 215 FailureDomains clusterv1alpha4.FailureDomains `json:"failureDomains,omitempty"` 216 // Bastion holds details of the instance that is used as a bastion jump box 217 // +optional 218 Bastion *infrav1alpha4.Instance `json:"bastion,omitempty"` 219 // OIDCProvider holds the status of the identity provider for this cluster 220 // +optional 221 OIDCProvider OIDCProviderStatus `json:"oidcProvider,omitempty"` 222 // ExternalManagedControlPlane indicates to cluster-api that the control plane 223 // is managed by an external service such as AKS, EKS, GKE, etc. 224 // +kubebuilder:default=true 225 ExternalManagedControlPlane *bool `json:"externalManagedControlPlane,omitempty"` 226 // Initialized denotes whether or not the control plane has the 227 // uploaded kubernetes config-map. 228 // +optional 229 Initialized bool `json:"initialized"` 230 // Ready denotes that the AWSManagedControlPlane API Server is ready to 231 // receive requests and that the VPC infra is ready. 232 // +kubebuilder:default=false 233 Ready bool `json:"ready"` 234 // ErrorMessage indicates that there is a terminal problem reconciling the 235 // state, and will be set to a descriptive error message. 236 // +optional 237 FailureMessage *string `json:"failureMessage,omitempty"` 238 // Conditions specifies the cpnditions for the managed control plane 239 Conditions clusterv1alpha4.Conditions `json:"conditions,omitempty"` 240 // Addons holds the current status of the EKS addons 241 // +optional 242 Addons []AddonState `json:"addons,omitempty"` 243 // IdentityProviderStatus holds the status for 244 // associated identity provider 245 // +optional 246 IdentityProviderStatus IdentityProviderStatus `json:"identityProviderStatus,omitempty"` 247 } 248 249 // +kubebuilder:object:root=true 250 // +kubebuilder:object:root=true 251 // +kubebuilder:resource:path=awsmanagedcontrolplanes,shortName=awsmcp,scope=Namespaced,categories=cluster-api,shortName=awsmcp 252 // +kubebuilder:subresource:status 253 // +kubebuilder:printcolumn:name="Cluster",type="string",JSONPath=".metadata.labels.cluster\\.x-k8s\\.io/cluster-name",description="Cluster to which this AWSManagedControl belongs" 254 // +kubebuilder:printcolumn:name="Ready",type="string",JSONPath=".status.ready",description="Control plane infrastructure is ready for worker nodes" 255 // +kubebuilder:printcolumn:name="VPC",type="string",JSONPath=".spec.network.vpc.id",description="AWS VPC the control plane is using" 256 // +kubebuilder:printcolumn:name="Endpoint",type="string",JSONPath=".spec.controlPlaneEndpoint.host",description="API Endpoint",priority=1 257 // +kubebuilder:printcolumn:name="Bastion IP",type="string",JSONPath=".status.bastion.publicIp",description="Bastion IP address for breakglass access" 258 259 // AWSManagedControlPlane is the Schema for the awsmanagedcontrolplanes API 260 type AWSManagedControlPlane struct { 261 metav1.TypeMeta `json:",inline"` 262 metav1.ObjectMeta `json:"metadata,omitempty"` 263 264 Spec AWSManagedControlPlaneSpec `json:"spec,omitempty"` 265 Status AWSManagedControlPlaneStatus `json:"status,omitempty"` 266 } 267 268 // +kubebuilder:object:root=true 269 270 // AWSManagedControlPlaneList contains a list of AWSManagedControlPlane. 271 type AWSManagedControlPlaneList struct { 272 metav1.TypeMeta `json:",inline"` 273 metav1.ListMeta `json:"metadata,omitempty"` 274 Items []AWSManagedControlPlane `json:"items"` 275 } 276 277 // GetConditions returns the control planes conditions. 278 func (r *AWSManagedControlPlane) GetConditions() clusterv1alpha4.Conditions { 279 return r.Status.Conditions 280 } 281 282 // SetConditions sets the status conditions for the AWSManagedControlPlane. 283 func (r *AWSManagedControlPlane) SetConditions(conditions clusterv1alpha4.Conditions) { 284 r.Status.Conditions = conditions 285 } 286 287 func init() { 288 SchemeBuilder.Register(&AWSManagedControlPlane{}, &AWSManagedControlPlaneList{}) 289 }