{ "Resources": { "AWSAutoScalingAutoScalingGroupmasterustest1amastersadditionaluserdataexamplecom": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { "AutoScalingGroupName": "master-us-test-1a.masters.additionaluserdata.example.com", "LaunchConfigurationName": { "Ref": "AWSAutoScalingLaunchConfigurationmasterustest1amastersadditionaluserdataexamplecom" }, "MaxSize": 1, "MinSize": 1, "VPCZoneIdentifier": [ { "Ref": "AWSEC2Subnetustest1aadditionaluserdataexamplecom" } ], "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com", "PropagateAtLaunch": true }, { "Key": "Name", "Value": "master-us-test-1a.masters.additionaluserdata.example.com", "PropagateAtLaunch": true }, { "Key": "k8s.io/role/master", "Value": "1", "PropagateAtLaunch": true } ], "MetricsCollection": [ { "Granularity": "1Minute", "Metrics": [ "GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances" ] } ] } }, "AWSAutoScalingAutoScalingGroupnodesadditionaluserdataexamplecom": { "Type": "AWS::AutoScaling::AutoScalingGroup", "Properties": { "AutoScalingGroupName": "nodes.additionaluserdata.example.com", "LaunchConfigurationName": { "Ref": "AWSAutoScalingLaunchConfigurationnodesadditionaluserdataexamplecom" }, "MaxSize": 2, "MinSize": 2, "VPCZoneIdentifier": [ { "Ref": "AWSEC2Subnetustest1aadditionaluserdataexamplecom" } ], "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com", "PropagateAtLaunch": true }, { "Key": "Name", "Value": "nodes.additionaluserdata.example.com", "PropagateAtLaunch": true }, { "Key": "k8s.io/role/node", "Value": "1", "PropagateAtLaunch": true } ], "MetricsCollection": [ { "Granularity": "1Minute", "Metrics": [ "GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances" ] } ] } }, "AWSAutoScalingLaunchConfigurationmasterustest1amastersadditionaluserdataexamplecom": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "AssociatePublicIpAddress": true, "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "VolumeType": "gp2", "VolumeSize": 64, "DeleteOnTermination": true } }, { "DeviceName": "/dev/sdc", "VirtualName": "ephemeral0" } ], "IamInstanceProfile": { "Ref": "AWSIAMInstanceProfilemastersadditionaluserdataexamplecom" }, "ImageId": "ami-12345678", "InstanceType": "m3.medium", "KeyName": "kubernetes.additionaluserdata.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "SecurityGroups": [ { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" } ], "UserData": "extracted", "InstanceMonitoring": false } }, "AWSAutoScalingLaunchConfigurationnodesadditionaluserdataexamplecom": { "Type": "AWS::AutoScaling::LaunchConfiguration", "Properties": { "AssociatePublicIpAddress": true, "BlockDeviceMappings": [ { "DeviceName": "/dev/xvda", "Ebs": { "VolumeType": "gp2", "VolumeSize": 128, "DeleteOnTermination": true } } ], "IamInstanceProfile": { "Ref": "AWSIAMInstanceProfilenodesadditionaluserdataexamplecom" }, "ImageId": "ami-12345678", "InstanceType": "t2.medium", "KeyName": "kubernetes.additionaluserdata.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57", "SecurityGroups": [ { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" } ], "UserData": "extracted", "InstanceMonitoring": false } }, "AWSEC2DHCPOptionsadditionaluserdataexamplecom": { "Type": "AWS::EC2::DHCPOptions", "Properties": { "DomainName": "us-test-1.compute.internal", "DomainNameServers": [ "AmazonProvidedDNS" ], "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com" }, { "Key": "Name", "Value": "additionaluserdata.example.com" }, { "Key": "kubernetes.io/cluster/additionaluserdata.example.com", "Value": "owned" } ] } }, "AWSEC2InternetGatewayadditionaluserdataexamplecom": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com" }, { "Key": "Name", "Value": "additionaluserdata.example.com" }, { "Key": "kubernetes.io/cluster/additionaluserdata.example.com", "Value": "owned" } ] } }, "AWSEC2Route00000": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "AWSEC2RouteTableadditionaluserdataexamplecom" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "AWSEC2InternetGatewayadditionaluserdataexamplecom" } } }, "AWSEC2RouteTableadditionaluserdataexamplecom": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "AWSEC2VPCadditionaluserdataexamplecom" }, "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com" }, { "Key": "Name", "Value": "additionaluserdata.example.com" }, { "Key": "kubernetes.io/cluster/additionaluserdata.example.com", "Value": "owned" }, { "Key": "kubernetes.io/kops/role", "Value": "public" } ] } }, "AWSEC2SecurityGroupEgressmasteregress": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1", "CidrIp": "0.0.0.0/0" } }, "AWSEC2SecurityGroupEgressnodeegress": { "Type": "AWS::EC2::SecurityGroupEgress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1", "CidrIp": "0.0.0.0/0" } }, "AWSEC2SecurityGroupIngressallmastertomaster": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1" } }, "AWSEC2SecurityGroupIngressallmastertonode": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1" } }, "AWSEC2SecurityGroupIngressallnodetonode": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" }, "FromPort": 0, "ToPort": 0, "IpProtocol": "-1" } }, "AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" }, "FromPort": 443, "ToPort": 443, "IpProtocol": "tcp", "CidrIp": "0.0.0.0/0" } }, "AWSEC2SecurityGroupIngressnodetomastertcp12379": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" }, "FromPort": 1, "ToPort": 2379, "IpProtocol": "tcp" } }, "AWSEC2SecurityGroupIngressnodetomastertcp23824000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" }, "FromPort": 2382, "ToPort": 4000, "IpProtocol": "tcp" } }, "AWSEC2SecurityGroupIngressnodetomastertcp400365535": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" }, "FromPort": 4003, "ToPort": 65535, "IpProtocol": "tcp" } }, "AWSEC2SecurityGroupIngressnodetomasterudp165535": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" }, "SourceSecurityGroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" }, "FromPort": 1, "ToPort": 65535, "IpProtocol": "udp" } }, "AWSEC2SecurityGroupIngresssshexternaltomaster00000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom" }, "FromPort": 22, "ToPort": 22, "IpProtocol": "tcp", "CidrIp": "0.0.0.0/0" } }, "AWSEC2SecurityGroupIngresssshexternaltonode00000": { "Type": "AWS::EC2::SecurityGroupIngress", "Properties": { "GroupId": { "Ref": "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom" }, "FromPort": 22, "ToPort": 22, "IpProtocol": "tcp", "CidrIp": "0.0.0.0/0" } }, "AWSEC2SecurityGroupmastersadditionaluserdataexamplecom": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "AWSEC2VPCadditionaluserdataexamplecom" }, "GroupDescription": "Security group for masters", "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com" }, { "Key": "Name", "Value": "masters.additionaluserdata.example.com" }, { "Key": "kubernetes.io/cluster/additionaluserdata.example.com", "Value": "owned" } ] } }, "AWSEC2SecurityGroupnodesadditionaluserdataexamplecom": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref": "AWSEC2VPCadditionaluserdataexamplecom" }, "GroupDescription": "Security group for nodes", "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com" }, { "Key": "Name", "Value": "nodes.additionaluserdata.example.com" }, { "Key": "kubernetes.io/cluster/additionaluserdata.example.com", "Value": "owned" } ] } }, "AWSEC2SubnetRouteTableAssociationustest1aadditionaluserdataexamplecom": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "SubnetId": { "Ref": "AWSEC2Subnetustest1aadditionaluserdataexamplecom" }, "RouteTableId": { "Ref": "AWSEC2RouteTableadditionaluserdataexamplecom" } } }, "AWSEC2Subnetustest1aadditionaluserdataexamplecom": { "Type": "AWS::EC2::Subnet", "Properties": { "VpcId": { "Ref": "AWSEC2VPCadditionaluserdataexamplecom" }, "CidrBlock": "172.20.32.0/19", "AvailabilityZone": "us-test-1a", "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com" }, { "Key": "Name", "Value": "us-test-1a.additionaluserdata.example.com" }, { "Key": "SubnetType", "Value": "Public" }, { "Key": "kubernetes.io/cluster/additionaluserdata.example.com", "Value": "owned" }, { "Key": "kubernetes.io/role/elb", "Value": "1" } ] } }, "AWSEC2VPCDHCPOptionsAssociationadditionaluserdataexamplecom": { "Type": "AWS::EC2::VPCDHCPOptionsAssociation", "Properties": { "VpcId": { "Ref": "AWSEC2VPCadditionaluserdataexamplecom" }, "DhcpOptionsId": { "Ref": "AWSEC2DHCPOptionsadditionaluserdataexamplecom" } } }, "AWSEC2VPCGatewayAttachmentadditionaluserdataexamplecom": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "AWSEC2VPCadditionaluserdataexamplecom" }, "InternetGatewayId": { "Ref": "AWSEC2InternetGatewayadditionaluserdataexamplecom" } } }, "AWSEC2VPCadditionaluserdataexamplecom": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "172.20.0.0/16", "EnableDnsHostnames": true, "EnableDnsSupport": true, "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com" }, { "Key": "Name", "Value": "additionaluserdata.example.com" }, { "Key": "kubernetes.io/cluster/additionaluserdata.example.com", "Value": "owned" } ] } }, "AWSEC2Volumeustest1aetcdeventsadditionaluserdataexamplecom": { "Type": "AWS::EC2::Volume", "Properties": { "AvailabilityZone": "us-test-1a", "Size": 20, "VolumeType": "gp2", "Encrypted": false, "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com" }, { "Key": "Name", "Value": "us-test-1a.etcd-events.additionaluserdata.example.com" }, { "Key": "k8s.io/etcd/events", "Value": "us-test-1a/us-test-1a" }, { "Key": "k8s.io/role/master", "Value": "1" }, { "Key": "kubernetes.io/cluster/additionaluserdata.example.com", "Value": "owned" } ] } }, "AWSEC2Volumeustest1aetcdmainadditionaluserdataexamplecom": { "Type": "AWS::EC2::Volume", "Properties": { "AvailabilityZone": "us-test-1a", "Size": 20, "VolumeType": "gp2", "Encrypted": false, "Tags": [ { "Key": "KubernetesCluster", "Value": "additionaluserdata.example.com" }, { "Key": "Name", "Value": "us-test-1a.etcd-main.additionaluserdata.example.com" }, { "Key": "k8s.io/etcd/main", "Value": "us-test-1a/us-test-1a" }, { "Key": "k8s.io/role/master", "Value": "1" }, { "Key": "kubernetes.io/cluster/additionaluserdata.example.com", "Value": "owned" } ] } }, "AWSIAMInstanceProfilemastersadditionaluserdataexamplecom": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Roles": [ { "Ref": "AWSIAMRolemastersadditionaluserdataexamplecom" } ] } }, "AWSIAMInstanceProfilenodesadditionaluserdataexamplecom": { "Type": "AWS::IAM::InstanceProfile", "Properties": { "Roles": [ { "Ref": "AWSIAMRolenodesadditionaluserdataexamplecom" } ] } }, "AWSIAMPolicyadditionalmastersadditionaluserdataexamplecom": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "additional.masters.additionaluserdata.example.com", "Roles": [ { "Ref": "AWSIAMRolemastersadditionaluserdataexamplecom" } ], "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::somebucket/someobject" ] } ], "Version": "2012-10-17" } } }, "AWSIAMPolicymastersadditionaluserdataexamplecom": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "masters.additionaluserdata.example.com", "Roles": [ { "Ref": "AWSIAMRolemastersadditionaluserdataexamplecom" } ], "PolicyDocument": { "Statement": [ { "Action": [ "ec2:*" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "autoscaling:DescribeAutoScalingGroups", "autoscaling:DescribeAutoScalingInstances", "autoscaling:DescribeLaunchConfigurations", "autoscaling:DescribeTags", "autoscaling:SetDesiredCapacity", "autoscaling:TerminateInstanceInAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "ec2:DescribeLaunchTemplateVersions" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "elasticloadbalancing:*" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "iam:ListServerCertificates", "iam:GetServerCertificate" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "route53:ChangeResourceRecordSets", "route53:ListResourceRecordSets", "route53:GetHostedZone" ], "Effect": "Allow", "Resource": [ "arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO" ] }, { "Action": [ "route53:GetChange" ], "Effect": "Allow", "Resource": [ "arn:aws:route53:::change/*" ] }, { "Action": [ "route53:ListHostedZones" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "route53:ListHostedZones" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:BatchGetImage" ], "Effect": "Allow", "Resource": [ "*" ] } ], "Version": "2012-10-17" } } }, "AWSIAMPolicynodesadditionaluserdataexamplecom": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyName": "nodes.additionaluserdata.example.com", "Roles": [ { "Ref": "AWSIAMRolenodesadditionaluserdataexamplecom" } ], "PolicyDocument": { "Statement": [ { "Action": [ "ec2:DescribeInstances", "ec2:DescribeRegions" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "route53:ChangeResourceRecordSets", "route53:ListResourceRecordSets", "route53:GetHostedZone" ], "Effect": "Allow", "Resource": [ "arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO" ] }, { "Action": [ "route53:GetChange" ], "Effect": "Allow", "Resource": [ "arn:aws:route53:::change/*" ] }, { "Action": [ "route53:ListHostedZones" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "route53:ListHostedZones" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", "ecr:GetDownloadUrlForLayer", "ecr:GetRepositoryPolicy", "ecr:DescribeRepositories", "ecr:ListImages", "ecr:BatchGetImage" ], "Effect": "Allow", "Resource": [ "*" ] } ], "Version": "2012-10-17" } } }, "AWSIAMRolemastersadditionaluserdataexamplecom": { "Type": "AWS::IAM::Role", "Properties": { "RoleName": "masters.additionaluserdata.example.com", "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" } } ], "Version": "2012-10-17" } } }, "AWSIAMRolenodesadditionaluserdataexamplecom": { "Type": "AWS::IAM::Role", "Properties": { "RoleName": "nodes.additionaluserdata.example.com", "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" } } ], "Version": "2012-10-17" } } } } }