kops/tests/integration/update_cluster/irsa/in-v1alpha2.yaml

apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
  creationTimestamp: "2016-12-10T22:42:27Z"
  name: minimal.example.com
spec:
  kubernetesApiAccess:
  - 0.0.0.0/0
  certManager:
    enabled: true
  channel: stable
  cloudProvider: aws
  configBase: memfs://clusters.example.com/minimal.example.com
  etcdClusters:
  - etcdMembers:
    - instanceGroup: master-us-test-1a
      name: us-test-1a
    name: main
  - etcdMembers:
    - instanceGroup: master-us-test-1a
      name: us-test-1a
    name: events
  iam:
    serviceAccountExternalPermissions:
      - name: myserviceaccount
        namespace: default
        aws:
          policyARNs:
          - arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials
      - name: myserviceaccount
        namespace: test-*
        aws:
          policyARNs:
          - arn:aws-test:iam::123456789012:policy/UsersManageOwnCredentials
      - name: myotherserviceaccount
        namespace: myapp
        aws:
          inlinePolicy: |
            [
              {
                "Effect": "Allow",
                "Action": ["dynamodb:*"],
                "Resource": ["*"]
              },
              {
                "Effect": "Allow",
                "Action": ["es:*"],
                "Resource": ["*"]
              }
            ]            
  kubelet:
    anonymousAuth: false
  kubernetesVersion: v1.32.0
  masterPublicName: api.minimal.example.com
  networkCIDR: 172.20.0.0/16
  networking:
    cni: {}
  nonMasqueradeCIDR: 100.64.0.0/10
  podIdentityWebhook:
    enabled: true
  serviceAccountIssuerDiscovery:
    enableAWSOIDCProvider: true
    discoveryStore: memfs://discovery.example.com/minimal.example.com
    additionalAudiences:
      - sts.amazonaws.com
  sshAccess:
    - 0.0.0.0/0
  subnets:
  - cidr: 172.20.32.0/19
    name: us-test-1a
    type: Public
    zone: us-test-1a

---

apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: "2016-12-10T22:42:28Z"
  name: nodes
  labels:
    kops.k8s.io/cluster: minimal.example.com
spec:
  associatePublicIp: true
  image: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220404
  machineType: t2.medium
  maxSize: 2
  minSize: 2
  role: Node
  subnets:
  - us-test-1a

---

apiVersion: kops.k8s.io/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: "2016-12-10T22:42:28Z"
  name: master-us-test-1a
  labels:
    kops.k8s.io/cluster: minimal.example.com
spec:
  associatePublicIp: true
  image: ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-20220404
  machineType: m3.medium
  maxSize: 1
  minSize: 1
  role: Master
  subnets:
  - us-test-1a