mirror of https://github.com/kubernetes/kops.git
Update cloudmock and integration test inputs to use aws-test partition
This commit is contained in:
Peter Rifel
parent
c09e3984fc
commit
5d82ce0b5f
|
|
@ -113,7 +113,7 @@ func (m *MockELBV2) CreateLoadBalancer(request *elbv2.CreateLoadBalancerInput) (
|
||||||
lb.VpcId = aws.String("vpc-1")
|
lb.VpcId = aws.String("vpc-1")
|
||||||
|
|
||||||
m.lbCount++
|
m.lbCount++
|
||||||
arn := fmt.Sprintf("arn:aws:elasticloadbalancing:us-test-1:000000000000:loadbalancer/net/%v/%v", aws.StringValue(request.Name), m.lbCount)
|
arn := fmt.Sprintf("arn:aws-test:elasticloadbalancing:us-test-1:000000000000:loadbalancer/net/%v/%v", aws.StringValue(request.Name), m.lbCount)
|
||||||
|
|
||||||
lb.LoadBalancerArn = aws.String(arn)
|
lb.LoadBalancerArn = aws.String(arn)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -103,7 +103,7 @@ func (m *MockELBV2) CreateTargetGroup(request *elbv2.CreateTargetGroupInput) (*e
|
||||||
}
|
}
|
||||||
|
|
||||||
m.tgCount++
|
m.tgCount++
|
||||||
arn := fmt.Sprintf("arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/%v/%v", aws.StringValue(request.Name), m.tgCount)
|
arn := fmt.Sprintf("arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/%v/%v", aws.StringValue(request.Name), m.tgCount)
|
||||||
tg.TargetGroupArn = aws.String(arn)
|
tg.TargetGroupArn = aws.String(arn)
|
||||||
|
|
||||||
if m.TargetGroups == nil {
|
if m.TargetGroups == nil {
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,7 @@ func (m *MockEventBridge) PutRule(input *eventbridge.PutRuleInput) (*eventbridge
|
||||||
defer m.mutex.Unlock()
|
defer m.mutex.Unlock()
|
||||||
|
|
||||||
name := *input.Name
|
name := *input.Name
|
||||||
arn := "arn:aws:events:us-east-1:012345678901:rule/" + name
|
arn := "arn:aws-test:events:us-east-1:012345678901:rule/" + name
|
||||||
|
|
||||||
rule := &eventbridge.Rule{
|
rule := &eventbridge.Rule{
|
||||||
Arn: &arn,
|
Arn: &arn,
|
||||||
|
|
|
||||||
|
|
@ -84,7 +84,7 @@ func (m *MockIAM) CreateOpenIDConnectProvider(request *iam.CreateOpenIDConnectPr
|
||||||
|
|
||||||
klog.Infof("CreateOpenIDConnectProvider: %v", request)
|
klog.Infof("CreateOpenIDConnectProvider: %v", request)
|
||||||
|
|
||||||
arn := fmt.Sprintf("arn:aws:iam::0000000000:oidc-provider/%s", *request.Url)
|
arn := fmt.Sprintf("arn:aws-test:iam::0000000000:oidc-provider/%s", *request.Url)
|
||||||
|
|
||||||
p := &iam.GetOpenIDConnectProviderOutput{
|
p := &iam.GetOpenIDConnectProviderOutput{
|
||||||
ClientIDList: request.ClientIDList,
|
ClientIDList: request.ClientIDList,
|
||||||
|
|
|
||||||
|
|
@ -56,7 +56,7 @@ func (m *MockSQS) CreateQueue(input *sqs.CreateQueueInput) (*sqs.CreateQueueOutp
|
||||||
tags: input.Tags,
|
tags: input.Tags,
|
||||||
}
|
}
|
||||||
|
|
||||||
arn := fmt.Sprintf("arn:aws:sqs:us-test-1:000000000000:queue/%v", aws.StringValue(input.QueueName))
|
arn := fmt.Sprintf("arn:aws-test:sqs:us-test-1:000000000000:queue/%v", aws.StringValue(input.QueueName))
|
||||||
queue.attributes["QueueArn"] = &arn
|
queue.attributes["QueueArn"] = &arn
|
||||||
|
|
||||||
m.Queues[name] = queue
|
m.Queues[name] = queue
|
||||||
|
|
|
||||||
|
|
@ -274,7 +274,7 @@
|
||||||
"Throughput": 125,
|
"Throughput": 125,
|
||||||
"DeleteOnTermination": true,
|
"DeleteOnTermination": true,
|
||||||
"Encrypted": true,
|
"Encrypted": true,
|
||||||
"KmsKeyId": "arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
"KmsKeyId": "arn:aws-test:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
@ -447,7 +447,7 @@
|
||||||
"VolumeSize": 20,
|
"VolumeSize": 20,
|
||||||
"DeleteOnTermination": true,
|
"DeleteOnTermination": true,
|
||||||
"Encrypted": true,
|
"Encrypted": true,
|
||||||
"KmsKeyId": "arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
"KmsKeyId": "arn:aws-test:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
|
@ -1386,7 +1386,7 @@
|
||||||
"Properties": {
|
"Properties": {
|
||||||
"Certificates": [
|
"Certificates": [
|
||||||
{
|
{
|
||||||
"CertificateArn": "arn:aws:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678"
|
"CertificateArn": "arn:aws-test:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"DefaultActions": [
|
"DefaultActions": [
|
||||||
|
|
@ -1888,7 +1888,7 @@
|
||||||
],
|
],
|
||||||
"Version": "2012-10-17"
|
"Version": "2012-10-17"
|
||||||
},
|
},
|
||||||
"PermissionsBoundary": "arn:aws:iam::000000000000:policy/boundaries",
|
"PermissionsBoundary": "arn:aws-test:iam::000000000000:policy/boundaries",
|
||||||
"Tags": [
|
"Tags": [
|
||||||
{
|
{
|
||||||
"Key": "KubernetesCluster",
|
"Key": "KubernetesCluster",
|
||||||
|
|
@ -1929,7 +1929,7 @@
|
||||||
],
|
],
|
||||||
"Version": "2012-10-17"
|
"Version": "2012-10-17"
|
||||||
},
|
},
|
||||||
"PermissionsBoundary": "arn:aws:iam::000000000000:policy/boundaries",
|
"PermissionsBoundary": "arn:aws-test:iam::000000000000:policy/boundaries",
|
||||||
"Tags": [
|
"Tags": [
|
||||||
{
|
{
|
||||||
"Key": "KubernetesCluster",
|
"Key": "KubernetesCluster",
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,3 @@
|
||||||
spec.api.loadBalancer.sslCertificate=arn:aws:acm:us-east-1:123456789012:certificate/123456789012-1234-1234-1234-12345678
|
spec.api.loadBalancer.sslCertificate=arn:aws-test:acm:us-east-1:123456789012:certificate/123456789012-1234-1234-1234-12345678
|
||||||
---
|
---
|
||||||
spec.api.loadBalancer.additionalSecurityGroups=sg-123456
|
spec.api.loadBalancer.additionalSecurityGroups=sg-123456
|
||||||
|
|
|
||||||
|
|
@ -16,7 +16,7 @@ spec:
|
||||||
- sg-exampleid6
|
- sg-exampleid6
|
||||||
class: Network
|
class: Network
|
||||||
crossZoneLoadBalancing: true
|
crossZoneLoadBalancing: true
|
||||||
sslCertificate: arn:aws:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678
|
sslCertificate: arn:aws-test:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678
|
||||||
sslPolicy: ELBSecurityPolicy-2016-08
|
sslPolicy: ELBSecurityPolicy-2016-08
|
||||||
subnets:
|
subnets:
|
||||||
- allocationId: eipalloc-012345a678b9cdefa
|
- allocationId: eipalloc-012345a678b9cdefa
|
||||||
|
|
@ -62,7 +62,7 @@ spec:
|
||||||
provider: dns-controller
|
provider: dns-controller
|
||||||
iam:
|
iam:
|
||||||
legacy: false
|
legacy: false
|
||||||
permissionsBoundary: arn:aws:iam::000000000000:policy/boundaries
|
permissionsBoundary: arn:aws-test:iam::000000000000:policy/boundaries
|
||||||
keyStore: memfs://clusters.example.com/complex.example.com/pki
|
keyStore: memfs://clusters.example.com/complex.example.com/pki
|
||||||
kubeAPIServer:
|
kubeAPIServer:
|
||||||
allowPrivileged: true
|
allowPrivileged: true
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ spec:
|
||||||
- sg-exampleid6
|
- sg-exampleid6
|
||||||
crossZoneLoadBalancing: true
|
crossZoneLoadBalancing: true
|
||||||
class: Network
|
class: Network
|
||||||
sslCertificate: arn:aws:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678
|
sslCertificate: arn:aws-test:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678
|
||||||
sslPolicy: ELBSecurityPolicy-2016-08
|
sslPolicy: ELBSecurityPolicy-2016-08
|
||||||
subnets:
|
subnets:
|
||||||
- name: us-test-1a
|
- name: us-test-1a
|
||||||
|
|
@ -37,7 +37,7 @@ spec:
|
||||||
name: a
|
name: a
|
||||||
name: events
|
name: events
|
||||||
iam:
|
iam:
|
||||||
permissionsBoundary: arn:aws:iam::000000000000:policy/boundaries
|
permissionsBoundary: arn:aws-test:iam::000000000000:policy/boundaries
|
||||||
kubeAPIServer:
|
kubeAPIServer:
|
||||||
serviceNodePortRange: 28000-32767
|
serviceNodePortRange: 28000-32767
|
||||||
auditWebhookBatchThrottleQps: 3.14
|
auditWebhookBatchThrottleQps: 3.14
|
||||||
|
|
@ -125,7 +125,7 @@ spec:
|
||||||
size: 20
|
size: 20
|
||||||
type: gp2
|
type: gp2
|
||||||
encrypted: true
|
encrypted: true
|
||||||
key: arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab
|
key: arn:aws-test:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab
|
||||||
additionalUserData:
|
additionalUserData:
|
||||||
- name: myscript.sh
|
- name: myscript.sh
|
||||||
type: text/x-shellscript
|
type: text/x-shellscript
|
||||||
|
|
@ -152,7 +152,7 @@ spec:
|
||||||
minSize: 1
|
minSize: 1
|
||||||
role: Master
|
role: Master
|
||||||
rootVolumeEncryption: true
|
rootVolumeEncryption: true
|
||||||
rootVolumeEncryptionKey: arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab
|
rootVolumeEncryptionKey: arn:aws-test:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab
|
||||||
subnets:
|
subnets:
|
||||||
- us-test-1a
|
- us-test-1a
|
||||||
instanceMetadata:
|
instanceMetadata:
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ spec:
|
||||||
- sg-exampleid6
|
- sg-exampleid6
|
||||||
crossZoneLoadBalancing: true
|
crossZoneLoadBalancing: true
|
||||||
class: Network
|
class: Network
|
||||||
sslCertificate: arn:aws:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678
|
sslCertificate: arn:aws-test:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678
|
||||||
sslPolicy: ELBSecurityPolicy-2016-08
|
sslPolicy: ELBSecurityPolicy-2016-08
|
||||||
subnets:
|
subnets:
|
||||||
- name: us-test-1a
|
- name: us-test-1a
|
||||||
|
|
@ -37,7 +37,7 @@ spec:
|
||||||
name: a
|
name: a
|
||||||
name: events
|
name: events
|
||||||
iam:
|
iam:
|
||||||
permissionsBoundary: arn:aws:iam::000000000000:policy/boundaries
|
permissionsBoundary: arn:aws-test:iam::000000000000:policy/boundaries
|
||||||
kubeAPIServer:
|
kubeAPIServer:
|
||||||
serviceNodePortRange: 28000-32767
|
serviceNodePortRange: 28000-32767
|
||||||
auditWebhookBatchThrottleQps: 3.14
|
auditWebhookBatchThrottleQps: 3.14
|
||||||
|
|
@ -125,7 +125,7 @@ spec:
|
||||||
size: 20
|
size: 20
|
||||||
type: gp2
|
type: gp2
|
||||||
encrypted: true
|
encrypted: true
|
||||||
key: arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab
|
key: arn:aws-test:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab
|
||||||
additionalUserData:
|
additionalUserData:
|
||||||
- name: myscript.sh
|
- name: myscript.sh
|
||||||
type: text/x-shellscript
|
type: text/x-shellscript
|
||||||
|
|
@ -152,7 +152,7 @@ spec:
|
||||||
minSize: 1
|
minSize: 1
|
||||||
role: Master
|
role: Master
|
||||||
rootVolumeEncryption: true
|
rootVolumeEncryption: true
|
||||||
rootVolumeEncryptionKey: arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab
|
rootVolumeEncryptionKey: arn:aws-test:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab
|
||||||
subnets:
|
subnets:
|
||||||
- us-test-1a
|
- us-test-1a
|
||||||
instanceMetadata:
|
instanceMetadata:
|
||||||
|
|
|
||||||
|
|
@ -302,7 +302,7 @@ resource "aws_iam_instance_profile" "nodes-complex-example-com" {
|
||||||
resource "aws_iam_role" "masters-complex-example-com" {
|
resource "aws_iam_role" "masters-complex-example-com" {
|
||||||
assume_role_policy = file("${path.module}/data/aws_iam_role_masters.complex.example.com_policy")
|
assume_role_policy = file("${path.module}/data/aws_iam_role_masters.complex.example.com_policy")
|
||||||
name = "masters.complex.example.com"
|
name = "masters.complex.example.com"
|
||||||
permissions_boundary = "arn:aws:iam::000000000000:policy/boundaries"
|
permissions_boundary = "arn:aws-test:iam::000000000000:policy/boundaries"
|
||||||
tags = {
|
tags = {
|
||||||
"KubernetesCluster" = "complex.example.com"
|
"KubernetesCluster" = "complex.example.com"
|
||||||
"Name" = "masters.complex.example.com"
|
"Name" = "masters.complex.example.com"
|
||||||
|
|
@ -315,7 +315,7 @@ resource "aws_iam_role" "masters-complex-example-com" {
|
||||||
resource "aws_iam_role" "nodes-complex-example-com" {
|
resource "aws_iam_role" "nodes-complex-example-com" {
|
||||||
assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.complex.example.com_policy")
|
assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.complex.example.com_policy")
|
||||||
name = "nodes.complex.example.com"
|
name = "nodes.complex.example.com"
|
||||||
permissions_boundary = "arn:aws:iam::000000000000:policy/boundaries"
|
permissions_boundary = "arn:aws-test:iam::000000000000:policy/boundaries"
|
||||||
tags = {
|
tags = {
|
||||||
"KubernetesCluster" = "complex.example.com"
|
"KubernetesCluster" = "complex.example.com"
|
||||||
"Name" = "nodes.complex.example.com"
|
"Name" = "nodes.complex.example.com"
|
||||||
|
|
@ -355,7 +355,7 @@ resource "aws_launch_template" "master-us-test-1a-masters-complex-example-com" {
|
||||||
delete_on_termination = true
|
delete_on_termination = true
|
||||||
encrypted = true
|
encrypted = true
|
||||||
iops = 3000
|
iops = 3000
|
||||||
kms_key_id = "arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
kms_key_id = "arn:aws-test:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
||||||
throughput = 125
|
throughput = 125
|
||||||
volume_size = 64
|
volume_size = 64
|
||||||
volume_type = "gp3"
|
volume_type = "gp3"
|
||||||
|
|
@ -457,7 +457,7 @@ resource "aws_launch_template" "nodes-complex-example-com" {
|
||||||
ebs {
|
ebs {
|
||||||
delete_on_termination = true
|
delete_on_termination = true
|
||||||
encrypted = true
|
encrypted = true
|
||||||
kms_key_id = "arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
kms_key_id = "arn:aws-test:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
||||||
volume_size = 20
|
volume_size = 20
|
||||||
volume_type = "gp2"
|
volume_type = "gp2"
|
||||||
}
|
}
|
||||||
|
|
@ -555,7 +555,7 @@ resource "aws_lb" "api-complex-example-com" {
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_lb_listener" "api-complex-example-com-443" {
|
resource "aws_lb_listener" "api-complex-example-com-443" {
|
||||||
certificate_arn = "arn:aws:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678"
|
certificate_arn = "arn:aws-test:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678"
|
||||||
default_action {
|
default_action {
|
||||||
target_group_arn = aws_lb_target_group.tls-complex-example-com-5nursn.id
|
target_group_arn = aws_lb_target_group.tls-complex-example-com-5nursn.id
|
||||||
type = "forward"
|
type = "forward"
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,7 @@ spec:
|
||||||
serviceAccountExternalPermissions:
|
serviceAccountExternalPermissions:
|
||||||
- aws:
|
- aws:
|
||||||
policyARNs:
|
policyARNs:
|
||||||
- arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
|
- arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials
|
||||||
name: myserviceaccount
|
name: myserviceaccount
|
||||||
namespace: default
|
namespace: default
|
||||||
- aws:
|
- aws:
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ spec:
|
||||||
namespace: default
|
namespace: default
|
||||||
aws:
|
aws:
|
||||||
policyARNs:
|
policyARNs:
|
||||||
- arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
|
- arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials
|
||||||
- name: myotherserviceaccount
|
- name: myotherserviceaccount
|
||||||
namespace: myapp
|
namespace: myapp
|
||||||
aws:
|
aws:
|
||||||
|
|
|
||||||
|
|
@ -349,8 +349,8 @@ resource "aws_iam_role_policy" "nodes-123-example-com" {
|
||||||
role = aws_iam_role.nodes-123-example-com.name
|
role = aws_iam_role.nodes-123-example-com.name
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "external-myserviceaccount-default-sa-123-example-com-3186075376" {
|
resource "aws_iam_role_policy_attachment" "external-myserviceaccount-default-sa-123-example-com-3197825879" {
|
||||||
policy_arn = "arn:aws:iam::123456789012:policy/UsersManageOwnCredentials"
|
policy_arn = "arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials"
|
||||||
role = aws_iam_role.myserviceaccount-default-sa-123-example-com.name
|
role = aws_iam_role.myserviceaccount-default-sa-123-example-com.name
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -69,7 +69,7 @@ metadata:
|
||||||
name: master-us-test-1a
|
name: master-us-test-1a
|
||||||
spec:
|
spec:
|
||||||
iam:
|
iam:
|
||||||
profile: arn:aws:iam::4222917490108:instance-profile/kops-custom-master-role
|
profile: arn:aws-test:iam::4222917490108:instance-profile/kops-custom-master-role
|
||||||
image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2019-08-16
|
image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2019-08-16
|
||||||
machineType: m3.medium
|
machineType: m3.medium
|
||||||
maxSize: 1
|
maxSize: 1
|
||||||
|
|
@ -89,7 +89,7 @@ metadata:
|
||||||
name: master-us-test-1b
|
name: master-us-test-1b
|
||||||
spec:
|
spec:
|
||||||
iam:
|
iam:
|
||||||
profile: arn:aws:iam::4222917490108:instance-profile/kops-custom-master-role
|
profile: arn:aws-test:iam::4222917490108:instance-profile/kops-custom-master-role
|
||||||
image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2019-08-16
|
image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2019-08-16
|
||||||
machineType: m3.medium
|
machineType: m3.medium
|
||||||
maxSize: 1
|
maxSize: 1
|
||||||
|
|
@ -109,7 +109,7 @@ metadata:
|
||||||
name: master-us-test-1c
|
name: master-us-test-1c
|
||||||
spec:
|
spec:
|
||||||
iam:
|
iam:
|
||||||
profile: arn:aws:iam::4222917490108:instance-profile/kops-custom-master-role
|
profile: arn:aws-test:iam::4222917490108:instance-profile/kops-custom-master-role
|
||||||
image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2019-08-16
|
image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2019-08-16
|
||||||
machineType: m3.medium
|
machineType: m3.medium
|
||||||
maxSize: 1
|
maxSize: 1
|
||||||
|
|
@ -129,7 +129,7 @@ metadata:
|
||||||
name: nodes
|
name: nodes
|
||||||
spec:
|
spec:
|
||||||
iam:
|
iam:
|
||||||
profile: arn:aws:iam::422917490108:instance-profile/kops-custom-node-role
|
profile: arn:aws-test:iam::422917490108:instance-profile/kops-custom-node-role
|
||||||
image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2019-08-16
|
image: kope.io/k8s-1.14-debian-stretch-amd64-hvm-ebs-2019-08-16
|
||||||
machineType: t2.medium
|
machineType: t2.medium
|
||||||
maxSize: 2
|
maxSize: 2
|
||||||
|
|
|
||||||
|
|
@ -51,7 +51,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
associatePublicIp: true
|
associatePublicIp: true
|
||||||
iam:
|
iam:
|
||||||
profile: arn:aws:iam::422917490108:instance-profile/kops-custom-node-role
|
profile: arn:aws-test:iam::422917490108:instance-profile/kops-custom-node-role
|
||||||
image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
|
image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
|
||||||
machineType: t2.medium
|
machineType: t2.medium
|
||||||
maxSize: 2
|
maxSize: 2
|
||||||
|
|
@ -72,7 +72,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
associatePublicIp: true
|
associatePublicIp: true
|
||||||
iam:
|
iam:
|
||||||
profile: arn:aws:iam::422917490108:instance-profile/kops-custom-master-role
|
profile: arn:aws-test:iam::422917490108:instance-profile/kops-custom-master-role
|
||||||
image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
|
image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
|
||||||
machineType: m3.medium
|
machineType: m3.medium
|
||||||
maxSize: 1
|
maxSize: 1
|
||||||
|
|
|
||||||
|
|
@ -95,9 +95,9 @@
|
||||||
"my-external-elb-3"
|
"my-external-elb-3"
|
||||||
],
|
],
|
||||||
"TargetGroupARNs": [
|
"TargetGroupARNs": [
|
||||||
"arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1",
|
"arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1",
|
||||||
"arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-2/2",
|
"arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-2/2",
|
||||||
"arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-3/3"
|
"arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-3/3"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
@ -179,7 +179,7 @@
|
||||||
"my-external-elb-1"
|
"my-external-elb-1"
|
||||||
],
|
],
|
||||||
"TargetGroupARNs": [
|
"TargetGroupARNs": [
|
||||||
"arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1"
|
"arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -58,7 +58,7 @@ spec:
|
||||||
subnets:
|
subnets:
|
||||||
- us-test-1a
|
- us-test-1a
|
||||||
externalLoadBalancers:
|
externalLoadBalancers:
|
||||||
- targetGroupArn: arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1
|
- targetGroupArn: arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1
|
||||||
- loadBalancerName: my-external-elb-1
|
- loadBalancerName: my-external-elb-1
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
@ -80,9 +80,9 @@ spec:
|
||||||
subnets:
|
subnets:
|
||||||
- us-test-1a
|
- us-test-1a
|
||||||
externalLoadBalancers:
|
externalLoadBalancers:
|
||||||
- targetGroupArn: arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-2/2
|
- targetGroupArn: arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-2/2
|
||||||
- targetGroupArn: arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1
|
- targetGroupArn: arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1
|
||||||
- targetGroupArn: arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-3/3
|
- targetGroupArn: arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-3/3
|
||||||
- loadBalancerName: my-external-elb-2
|
- loadBalancerName: my-external-elb-2
|
||||||
- loadBalancerName: my-external-elb-1
|
- loadBalancerName: my-external-elb-1
|
||||||
- loadBalancerName: my-external-elb-3
|
- loadBalancerName: my-external-elb-3
|
||||||
|
|
|
||||||
|
|
@ -147,7 +147,7 @@ resource "aws_autoscaling_group" "master-us-test-1a-masters-externallb-example-c
|
||||||
propagate_at_launch = true
|
propagate_at_launch = true
|
||||||
value = "owned"
|
value = "owned"
|
||||||
}
|
}
|
||||||
target_group_arns = ["arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1", "arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-2/2", "arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-3/3"]
|
target_group_arns = ["arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1", "arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-2/2", "arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-3/3"]
|
||||||
vpc_zone_identifier = [aws_subnet.us-test-1a-externallb-example-com.id]
|
vpc_zone_identifier = [aws_subnet.us-test-1a-externallb-example-com.id]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -198,7 +198,7 @@ resource "aws_autoscaling_group" "nodes-externallb-example-com" {
|
||||||
propagate_at_launch = true
|
propagate_at_launch = true
|
||||||
value = "owned"
|
value = "owned"
|
||||||
}
|
}
|
||||||
target_group_arns = ["arn:aws:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1"]
|
target_group_arns = ["arn:aws-test:elasticloadbalancing:us-test-1:000000000000:targetgroup/my-external-tg-1/1"]
|
||||||
vpc_zone_identifier = [aws_subnet.us-test-1a-externallb-example-com.id]
|
vpc_zone_identifier = [aws_subnet.us-test-1a-externallb-example-com.id]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -51,11 +51,11 @@ spec:
|
||||||
provider: dns-controller
|
provider: dns-controller
|
||||||
externalPolicies:
|
externalPolicies:
|
||||||
bastion:
|
bastion:
|
||||||
- arn:aws:iam::123456789000:policy/test-policy
|
- arn:aws-test:iam::123456789000:policy/test-policy
|
||||||
master:
|
master:
|
||||||
- arn:aws:iam::123456789000:policy/test-policy
|
- arn:aws-test:iam::123456789000:policy/test-policy
|
||||||
node:
|
node:
|
||||||
- arn:aws:iam::123456789000:policy/test-policy
|
- arn:aws-test:iam::123456789000:policy/test-policy
|
||||||
iam:
|
iam:
|
||||||
legacy: false
|
legacy: false
|
||||||
keyStore: memfs://clusters.example.com/externalpolicies.example.com/pki
|
keyStore: memfs://clusters.example.com/externalpolicies.example.com/pki
|
||||||
|
|
|
||||||
|
|
@ -50,11 +50,11 @@ spec:
|
||||||
nodes: public
|
nodes: public
|
||||||
externalPolicies:
|
externalPolicies:
|
||||||
node:
|
node:
|
||||||
- arn:aws:iam::123456789000:policy/test-policy
|
- arn:aws-test:iam::123456789000:policy/test-policy
|
||||||
master:
|
master:
|
||||||
- arn:aws:iam::123456789000:policy/test-policy
|
- arn:aws-test:iam::123456789000:policy/test-policy
|
||||||
bastion:
|
bastion:
|
||||||
- arn:aws:iam::123456789000:policy/test-policy
|
- arn:aws-test:iam::123456789000:policy/test-policy
|
||||||
subnets:
|
subnets:
|
||||||
- cidr: 172.20.32.0/19
|
- cidr: 172.20.32.0/19
|
||||||
name: us-test-1a
|
name: us-test-1a
|
||||||
|
|
|
||||||
|
|
@ -344,13 +344,13 @@ resource "aws_iam_role_policy" "nodes-externalpolicies-example-com" {
|
||||||
role = aws_iam_role.nodes-externalpolicies-example-com.name
|
role = aws_iam_role.nodes-externalpolicies-example-com.name
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "master-policyoverride-1242070525" {
|
resource "aws_iam_role_policy_attachment" "master-policyoverride-1544513530" {
|
||||||
policy_arn = "arn:aws:iam::123456789000:policy/test-policy"
|
policy_arn = "arn:aws-test:iam::123456789000:policy/test-policy"
|
||||||
role = aws_iam_role.masters-externalpolicies-example-com.name
|
role = aws_iam_role.masters-externalpolicies-example-com.name
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "node-policyoverride-1242070525" {
|
resource "aws_iam_role_policy_attachment" "node-policyoverride-1544513530" {
|
||||||
policy_arn = "arn:aws:iam::123456789000:policy/test-policy"
|
policy_arn = "arn:aws-test:iam::123456789000:policy/test-policy"
|
||||||
role = aws_iam_role.nodes-externalpolicies-example-com.name
|
role = aws_iam_role.nodes-externalpolicies-example-com.name
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -46,12 +46,12 @@ spec:
|
||||||
serviceAccountExternalPermissions:
|
serviceAccountExternalPermissions:
|
||||||
- aws:
|
- aws:
|
||||||
policyARNs:
|
policyARNs:
|
||||||
- arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
|
- arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials
|
||||||
name: myserviceaccount
|
name: myserviceaccount
|
||||||
namespace: default
|
namespace: default
|
||||||
- aws:
|
- aws:
|
||||||
policyARNs:
|
policyARNs:
|
||||||
- arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
|
- arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials
|
||||||
name: myserviceaccount
|
name: myserviceaccount
|
||||||
namespace: test-*
|
namespace: test-*
|
||||||
- aws:
|
- aws:
|
||||||
|
|
|
||||||
|
|
@ -24,12 +24,12 @@ spec:
|
||||||
namespace: default
|
namespace: default
|
||||||
aws:
|
aws:
|
||||||
policyARNs:
|
policyARNs:
|
||||||
- arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
|
- arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials
|
||||||
- name: myserviceaccount
|
- name: myserviceaccount
|
||||||
namespace: test-*
|
namespace: test-*
|
||||||
aws:
|
aws:
|
||||||
policyARNs:
|
policyARNs:
|
||||||
- arn:aws:iam::123456789012:policy/UsersManageOwnCredentials
|
- arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials
|
||||||
- name: myotherserviceaccount
|
- name: myotherserviceaccount
|
||||||
namespace: myapp
|
namespace: myapp
|
||||||
aws:
|
aws:
|
||||||
|
|
|
||||||
|
|
@ -369,13 +369,13 @@ resource "aws_iam_role_policy" "nodes-minimal-example-com" {
|
||||||
role = aws_iam_role.nodes-minimal-example-com.name
|
role = aws_iam_role.nodes-minimal-example-com.name
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "external-myserviceaccount-default-sa-minimal-example-com-3186075376" {
|
resource "aws_iam_role_policy_attachment" "external-myserviceaccount-default-sa-minimal-example-com-3197825879" {
|
||||||
policy_arn = "arn:aws:iam::123456789012:policy/UsersManageOwnCredentials"
|
policy_arn = "arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials"
|
||||||
role = aws_iam_role.myserviceaccount-default-sa-minimal-example-com.name
|
role = aws_iam_role.myserviceaccount-default-sa-minimal-example-com.name
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_iam_role_policy_attachment" "external-myserviceaccount-test-wildcard-sa-minimal-example-com-3186075376" {
|
resource "aws_iam_role_policy_attachment" "external-myserviceaccount-test-wildcard-sa-minimal-example-com-3197825879" {
|
||||||
policy_arn = "arn:aws:iam::123456789012:policy/UsersManageOwnCredentials"
|
policy_arn = "arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials"
|
||||||
role = aws_iam_role.myserviceaccount-test-wildcard-sa-minimal-example-com.name
|
role = aws_iam_role.myserviceaccount-test-wildcard-sa-minimal-example-com.name
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue