apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
  creationTimestamp: "2016-12-10T22:42:27Z"
  name: externalpolicies.example.com
spec:
  api:
    loadBalancer:
      type: Public
      additionalSecurityGroups:
      - sg-exampleid3
      - sg-exampleid4
  kubernetesApiAccess:
  - 0.0.0.0/0
  channel: stable
  cloudProvider: aws
  cloudLabels:
    Owner: John Doe
    foo/bar: fib+baz
  configBase: memfs://clusters.example.com/externalpolicies.example.com
  etcdClusters:
  - etcdMembers:
    - instanceGroup: master-us-test-1a
      name: us-test-1a
    name: main
  - etcdMembers:
    - instanceGroup: master-us-test-1a
      name: us-test-1a
    name: events
  iam: {}
  kubeAPIServer:
    serviceNodePortRange: 28000-32767
    auditWebhookBatchThrottleQps: 3.14
  kubelet:
    anonymousAuth: false
  kubernetesVersion: v1.14.0
  masterInternalName: api.internal.externalpolicies.example.com
  masterPublicName: api.externalpolicies.example.com
  networkCIDR: 172.20.0.0/16
  networking:
    kubenet: {}
  nodePortAccess:
  - 1.2.3.4/32
  - 10.20.30.0/24
  nonMasqueradeCIDR: 100.64.0.0/10
  sshAccess:
  - 0.0.0.0/0
  topology:
    masters: public
    nodes: public
  externalPolicies:
    node:
      - aws:arn:iam:123456789000:policy:test-policy
    master:
      - aws:arn:iam:123456789000:policy:test-policy
    bastion:
      - aws:arn:iam:123456789000:policy:test-policy
  subnets:
  - cidr: 172.20.32.0/19
    name: us-test-1a
    type: Public
    zone: us-test-1a

---

apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: "2016-12-10T22:42:28Z"
  name: nodes
  labels:
    kops.k8s.io/cluster: externalpolicies.example.com
spec:
  additionalSecurityGroups:
  - sg-exampleid3
  - sg-exampleid4
  associatePublicIp: true
  suspendProcesses:
  - AZRebalance
  image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
  machineType: t2.medium
  maxSize: 2
  minSize: 2
  role: Node
  subnets:
  - us-test-1a
  detailedInstanceMonitoring: true

---

apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: "2016-12-10T22:42:28Z"
  name: master-us-test-1a
  labels:
    kops.k8s.io/cluster: externalpolicies.example.com
spec:
  associatePublicIp: true
  image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21
  machineType: m3.medium
  maxSize: 1
  minSize: 1
  role: Master
  subnets:
  - us-test-1a