kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kops/tests/integration/update_cluster/mixed_instances/cloudformation.json

2070 lines
65 KiB
JSON
Raw Blame History

{
"Resources": {
"AWSAutoScalingAutoScalingGroupmasterustest1amastersmixedinstancesexamplecom": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AutoScalingGroupName": "master-us-test-1a.masters.mixedinstances.example.com",
"LaunchTemplate": {
"LaunchTemplateId": {
"Ref": "AWSEC2LaunchTemplatemasterustest1amastersmixedinstancesexamplecom"
},
"Version": {
"Fn::GetAtt": [
"AWSEC2LaunchTemplatemasterustest1amastersmixedinstancesexamplecom",
"LatestVersionNumber"
]
}
},
"MaxSize": "1",
"MinSize": "1",
"VPCZoneIdentifier": [
{
"Ref": "AWSEC2Subnetustest1amixedinstancesexamplecom"
}
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com",
"PropagateAtLaunch": true
},
{
"Key": "Name",
"Value": "master-us-test-1a.masters.mixedinstances.example.com",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/role/master",
"Value": "1",
"PropagateAtLaunch": true
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1a",
"PropagateAtLaunch": true
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned",
"PropagateAtLaunch": true
}
],
"MetricsCollection": [
{
"Granularity": "1Minute",
"Metrics": [
"GroupDesiredCapacity",
"GroupInServiceInstances",
"GroupMaxSize",
"GroupMinSize",
"GroupPendingInstances",
"GroupStandbyInstances",
"GroupTerminatingInstances",
"GroupTotalInstances"
]
}
]
}
},
"AWSAutoScalingAutoScalingGroupmasterustest1bmastersmixedinstancesexamplecom": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AutoScalingGroupName": "master-us-test-1b.masters.mixedinstances.example.com",
"LaunchTemplate": {
"LaunchTemplateId": {
"Ref": "AWSEC2LaunchTemplatemasterustest1bmastersmixedinstancesexamplecom"
},
"Version": {
"Fn::GetAtt": [
"AWSEC2LaunchTemplatemasterustest1bmastersmixedinstancesexamplecom",
"LatestVersionNumber"
]
}
},
"MaxSize": "1",
"MinSize": "1",
"VPCZoneIdentifier": [
{
"Ref": "AWSEC2Subnetustest1bmixedinstancesexamplecom"
}
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com",
"PropagateAtLaunch": true
},
{
"Key": "Name",
"Value": "master-us-test-1b.masters.mixedinstances.example.com",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/role/master",
"Value": "1",
"PropagateAtLaunch": true
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1b",
"PropagateAtLaunch": true
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned",
"PropagateAtLaunch": true
}
],
"MetricsCollection": [
{
"Granularity": "1Minute",
"Metrics": [
"GroupDesiredCapacity",
"GroupInServiceInstances",
"GroupMaxSize",
"GroupMinSize",
"GroupPendingInstances",
"GroupStandbyInstances",
"GroupTerminatingInstances",
"GroupTotalInstances"
]
}
]
}
},
"AWSAutoScalingAutoScalingGroupmasterustest1cmastersmixedinstancesexamplecom": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AutoScalingGroupName": "master-us-test-1c.masters.mixedinstances.example.com",
"LaunchTemplate": {
"LaunchTemplateId": {
"Ref": "AWSEC2LaunchTemplatemasterustest1cmastersmixedinstancesexamplecom"
},
"Version": {
"Fn::GetAtt": [
"AWSEC2LaunchTemplatemasterustest1cmastersmixedinstancesexamplecom",
"LatestVersionNumber"
]
}
},
"MaxSize": "1",
"MinSize": "1",
"VPCZoneIdentifier": [
{
"Ref": "AWSEC2Subnetustest1cmixedinstancesexamplecom"
}
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com",
"PropagateAtLaunch": true
},
{
"Key": "Name",
"Value": "master-us-test-1c.masters.mixedinstances.example.com",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/role/master",
"Value": "1",
"PropagateAtLaunch": true
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1c",
"PropagateAtLaunch": true
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned",
"PropagateAtLaunch": true
}
],
"MetricsCollection": [
{
"Granularity": "1Minute",
"Metrics": [
"GroupDesiredCapacity",
"GroupInServiceInstances",
"GroupMaxSize",
"GroupMinSize",
"GroupPendingInstances",
"GroupStandbyInstances",
"GroupTerminatingInstances",
"GroupTotalInstances"
]
}
]
}
},
"AWSAutoScalingAutoScalingGroupnodesmixedinstancesexamplecom": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AutoScalingGroupName": "nodes.mixedinstances.example.com",
"MaxSize": "2",
"MinSize": "2",
"VPCZoneIdentifier": [
{
"Ref": "AWSEC2Subnetustest1bmixedinstancesexamplecom"
}
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com",
"PropagateAtLaunch": true
},
{
"Key": "Name",
"Value": "nodes.mixedinstances.example.com",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/role/node",
"Value": "1",
"PropagateAtLaunch": true
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "nodes",
"PropagateAtLaunch": true
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned",
"PropagateAtLaunch": true
}
],
"MetricsCollection": [
{
"Granularity": "1Minute",
"Metrics": [
"GroupDesiredCapacity",
"GroupInServiceInstances",
"GroupMaxSize",
"GroupMinSize",
"GroupPendingInstances",
"GroupStandbyInstances",
"GroupTerminatingInstances",
"GroupTotalInstances"
]
}
],
"MixedInstancesPolicy": {
"LaunchTemplate": {
"LaunchTemplateSpecification": {
"LaunchTemplateId": {
"Ref": "AWSEC2LaunchTemplatenodesmixedinstancesexamplecom"
},
"Version": {
"Fn::GetAtt": [
"AWSEC2LaunchTemplatenodesmixedinstancesexamplecom",
"LatestVersionNumber"
]
}
},
"Overrides": [
{
"InstanceType": "m5.large"
},
{
"InstanceType": "m5.xlarge"
},
{
"InstanceType": "t2.medium"
}
]
},
"InstancesDistribution": {
"OnDemandPercentageAboveBaseCapacity": 5,
"SpotInstancePools": 3
}
}
}
},
"AWSEC2DHCPOptionsmixedinstancesexamplecom": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "us-test-1.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "mixedinstances.example.com"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2InternetGatewaymixedinstancesexamplecom": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "mixedinstances.example.com"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2LaunchTemplatemasterustest1amastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::LaunchTemplate",
"Properties": {
"LaunchTemplateName": "master-us-test-1a.masters.mixedinstances.example.com",
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp3",
"VolumeSize": 64,
"Iops": 3000,
"Throughput": 125,
"DeleteOnTermination": true,
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdc",
"VirtualName": "ephemeral0"
}
],
"IamInstanceProfile": {
"Name": {
"Ref": "AWSIAMInstanceProfilemastersmixedinstancesexamplecom"
}
},
"ImageId": "ami-12345678",
"InstanceType": "m3.medium",
"KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional"
},
"Monitoring": {
"Enabled": false
},
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Ipv6AddressCount": 0,
"Groups": [
{
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
}
]
}
],
"TagSpecifications": [
{
"ResourceType": "instance",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "master-us-test-1a.masters.mixedinstances.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": ""
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1a"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
},
{
"ResourceType": "volume",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "master-us-test-1a.masters.mixedinstances.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": ""
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1a"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
],
"UserData": "extracted"
}
}
},
"AWSEC2LaunchTemplatemasterustest1bmastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::LaunchTemplate",
"Properties": {
"LaunchTemplateName": "master-us-test-1b.masters.mixedinstances.example.com",
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp3",
"VolumeSize": 64,
"Iops": 3000,
"Throughput": 125,
"DeleteOnTermination": true,
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdc",
"VirtualName": "ephemeral0"
}
],
"IamInstanceProfile": {
"Name": {
"Ref": "AWSIAMInstanceProfilemastersmixedinstancesexamplecom"
}
},
"ImageId": "ami-12345678",
"InstanceType": "m3.medium",
"KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional"
},
"Monitoring": {
"Enabled": false
},
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Ipv6AddressCount": 0,
"Groups": [
{
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
}
]
}
],
"TagSpecifications": [
{
"ResourceType": "instance",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "master-us-test-1b.masters.mixedinstances.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": ""
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1b"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
},
{
"ResourceType": "volume",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "master-us-test-1b.masters.mixedinstances.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": ""
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1b"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
],
"UserData": "extracted"
}
}
},
"AWSEC2LaunchTemplatemasterustest1cmastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::LaunchTemplate",
"Properties": {
"LaunchTemplateName": "master-us-test-1c.masters.mixedinstances.example.com",
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp3",
"VolumeSize": 64,
"Iops": 3000,
"Throughput": 125,
"DeleteOnTermination": true,
"Encrypted": true
}
},
{
"DeviceName": "/dev/sdc",
"VirtualName": "ephemeral0"
}
],
"IamInstanceProfile": {
"Name": {
"Ref": "AWSIAMInstanceProfilemastersmixedinstancesexamplecom"
}
},
"ImageId": "ami-12345678",
"InstanceType": "m3.medium",
"KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional"
},
"Monitoring": {
"Enabled": false
},
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Ipv6AddressCount": 0,
"Groups": [
{
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
}
]
}
],
"TagSpecifications": [
{
"ResourceType": "instance",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "master-us-test-1c.masters.mixedinstances.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": ""
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1c"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
},
{
"ResourceType": "volume",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "master-us-test-1c.masters.mixedinstances.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
"Value": ""
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1c"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
],
"UserData": "extracted"
}
}
},
"AWSEC2LaunchTemplatenodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::LaunchTemplate",
"Properties": {
"LaunchTemplateName": "nodes.mixedinstances.example.com",
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp3",
"VolumeSize": 128,
"Iops": 3000,
"Throughput": 125,
"DeleteOnTermination": true,
"Encrypted": true
}
}
],
"IamInstanceProfile": {
"Name": {
"Ref": "AWSIAMInstanceProfilenodesmixedinstancesexamplecom"
}
},
"ImageId": "ami-12345678",
"InstanceType": "t2.medium",
"KeyName": "kubernetes.mixedinstances.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional"
},
"Monitoring": {
"Enabled": false
},
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Ipv6AddressCount": 0,
"Groups": [
{
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
}
]
}
],
"TagSpecifications": [
{
"ResourceType": "instance",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "nodes.mixedinstances.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": ""
},
{
"Key": "k8s.io/role/node",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "nodes"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
},
{
"ResourceType": "volume",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "nodes.mixedinstances.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": ""
},
{
"Key": "k8s.io/role/node",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "nodes"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
],
"UserData": "extracted"
}
}
},
"AWSEC2Route0": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "AWSEC2RouteTablemixedinstancesexamplecom"
},
"DestinationIpv6CidrBlock": "::/0",
"GatewayId": {
"Ref": "AWSEC2InternetGatewaymixedinstancesexamplecom"
}
}
},
"AWSEC2Route00000": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "AWSEC2RouteTablemixedinstancesexamplecom"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "AWSEC2InternetGatewaymixedinstancesexamplecom"
}
}
},
"AWSEC2RouteTablemixedinstancesexamplecom": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmixedinstancesexamplecom"
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "mixedinstances.example.com"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
},
{
"Key": "kubernetes.io/kops/role",
"Value": "public"
}
]
}
},
"AWSEC2SecurityGroupEgressfrommastersmixedinstancesexamplecomegressall0to00": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIpv6": "::/0"
}
},
"AWSEC2SecurityGroupEgressfrommastersmixedinstancesexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressfromnodesmixedinstancesexamplecomegressall0to00": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIpv6": "::/0"
}
},
"AWSEC2SecurityGroupEgressfromnodesmixedinstancesexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp22to22nodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrom00000ingresstcp443to443mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"FromPort": 443,
"ToPort": 443,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressfrommastersmixedinstancesexamplecomingressall0to0mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfrommastersmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingressall0to0nodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingresstcp1to2379mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingresstcp2382to4000mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingresstcp4003to65535mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressfromnodesmixedinstancesexamplecomingressudp1to65535mastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmixedinstancesexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesmixedinstancesexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupmastersmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupName": "masters.mixedinstances.example.com",
"VpcId": {
"Ref": "AWSEC2VPCmixedinstancesexamplecom"
},
"GroupDescription": "Security group for masters",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "masters.mixedinstances.example.com"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2SecurityGroupnodesmixedinstancesexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupName": "nodes.mixedinstances.example.com",
"VpcId": {
"Ref": "AWSEC2VPCmixedinstancesexamplecom"
},
"GroupDescription": "Security group for nodes",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "nodes.mixedinstances.example.com"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2SubnetRouteTableAssociationustest1amixedinstancesexamplecom": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "AWSEC2Subnetustest1amixedinstancesexamplecom"
},
"RouteTableId": {
"Ref": "AWSEC2RouteTablemixedinstancesexamplecom"
}
}
},
"AWSEC2SubnetRouteTableAssociationustest1bmixedinstancesexamplecom": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "AWSEC2Subnetustest1bmixedinstancesexamplecom"
},
"RouteTableId": {
"Ref": "AWSEC2RouteTablemixedinstancesexamplecom"
}
}
},
"AWSEC2SubnetRouteTableAssociationustest1cmixedinstancesexamplecom": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "AWSEC2Subnetustest1cmixedinstancesexamplecom"
},
"RouteTableId": {
"Ref": "AWSEC2RouteTablemixedinstancesexamplecom"
}
}
},
"AWSEC2Subnetustest1amixedinstancesexamplecom": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmixedinstancesexamplecom"
},
"CidrBlock": "10.0.1.0/24",
"AvailabilityZone": "us-test-1a",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "us-test-1a.mixedinstances.example.com"
},
{
"Key": "SubnetType",
"Value": "Public"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
},
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
}
]
}
},
"AWSEC2Subnetustest1bmixedinstancesexamplecom": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmixedinstancesexamplecom"
},
"CidrBlock": "10.0.2.0/24",
"AvailabilityZone": "us-test-1b",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "us-test-1b.mixedinstances.example.com"
},
{
"Key": "SubnetType",
"Value": "Public"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
},
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
}
]
}
},
"AWSEC2Subnetustest1cmixedinstancesexamplecom": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmixedinstancesexamplecom"
},
"CidrBlock": "10.0.3.0/24",
"AvailabilityZone": "us-test-1c",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "us-test-1c.mixedinstances.example.com"
},
{
"Key": "SubnetType",
"Value": "Public"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
},
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
},
{
"Key": "kubernetes.io/role/internal-elb",
"Value": "1"
}
]
}
},
"AWSEC2VPCCidrBlockAmazonIPv6": {
"Type": "AWS::EC2::VPCCidrBlock",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmixedinstancesexamplecom"
},
"AmazonProvidedIpv6CidrBlock": true
}
},
"AWSEC2VPCDHCPOptionsAssociationmixedinstancesexamplecom": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmixedinstancesexamplecom"
},
"DhcpOptionsId": {
"Ref": "AWSEC2DHCPOptionsmixedinstancesexamplecom"
}
}
},
"AWSEC2VPCGatewayAttachmentmixedinstancesexamplecom": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmixedinstancesexamplecom"
},
"InternetGatewayId": {
"Ref": "AWSEC2InternetGatewaymixedinstancesexamplecom"
}
}
},
"AWSEC2VPCmixedinstancesexamplecom": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "10.0.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "mixedinstances.example.com"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2Volumeustest1aetcdeventsmixedinstancesexamplecom": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-test-1a",
"Size": 20,
"VolumeType": "gp3",
"Iops": 3000,
"Throughput": 125,
"Encrypted": false,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "us-test-1a.etcd-events.mixedinstances.example.com"
},
{
"Key": "k8s.io/etcd/events",
"Value": "us-test-1a/us-test-1a,us-test-1b,us-test-1c"
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2Volumeustest1aetcdmainmixedinstancesexamplecom": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-test-1a",
"Size": 20,
"VolumeType": "gp3",
"Iops": 3000,
"Throughput": 125,
"Encrypted": false,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "us-test-1a.etcd-main.mixedinstances.example.com"
},
{
"Key": "k8s.io/etcd/main",
"Value": "us-test-1a/us-test-1a,us-test-1b,us-test-1c"
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2Volumeustest1betcdeventsmixedinstancesexamplecom": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-test-1b",
"Size": 20,
"VolumeType": "gp3",
"Iops": 3000,
"Throughput": 125,
"Encrypted": false,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "us-test-1b.etcd-events.mixedinstances.example.com"
},
{
"Key": "k8s.io/etcd/events",
"Value": "us-test-1b/us-test-1a,us-test-1b,us-test-1c"
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2Volumeustest1betcdmainmixedinstancesexamplecom": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-test-1b",
"Size": 20,
"VolumeType": "gp3",
"Iops": 3000,
"Throughput": 125,
"Encrypted": false,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "us-test-1b.etcd-main.mixedinstances.example.com"
},
{
"Key": "k8s.io/etcd/main",
"Value": "us-test-1b/us-test-1a,us-test-1b,us-test-1c"
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2Volumeustest1cetcdeventsmixedinstancesexamplecom": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-test-1c",
"Size": 20,
"VolumeType": "gp3",
"Iops": 3000,
"Throughput": 125,
"Encrypted": false,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "us-test-1c.etcd-events.mixedinstances.example.com"
},
{
"Key": "k8s.io/etcd/events",
"Value": "us-test-1c/us-test-1a,us-test-1b,us-test-1c"
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2Volumeustest1cetcdmainmixedinstancesexamplecom": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-test-1c",
"Size": 20,
"VolumeType": "gp3",
"Iops": 3000,
"Throughput": 125,
"Encrypted": false,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "us-test-1c.etcd-main.mixedinstances.example.com"
},
{
"Key": "k8s.io/etcd/main",
"Value": "us-test-1c/us-test-1a,us-test-1b,us-test-1c"
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSIAMInstanceProfilemastersmixedinstancesexamplecom": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"InstanceProfileName": "masters.mixedinstances.example.com",
"Roles": [
{
"Ref": "AWSIAMRolemastersmixedinstancesexamplecom"
}
]
}
},
"AWSIAMInstanceProfilenodesmixedinstancesexamplecom": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"InstanceProfileName": "nodes.mixedinstances.example.com",
"Roles": [
{
"Ref": "AWSIAMRolenodesmixedinstancesexamplecom"
}
]
}
},
"AWSIAMPolicymastersmixedinstancesexamplecom": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "masters.mixedinstances.example.com",
"Roles": [
{
"Ref": "AWSIAMRolemastersmixedinstancesexamplecom"
}
],
"PolicyDocument": {
"Statement": [
{
"Action": "ec2:AttachVolume",
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com",
"aws:ResourceTag/k8s.io/role/master": "1"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws-test:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws-test:s3:::placeholder-write-bucket/clusters.example.com/mixedinstances.example.com/backups/etcd/main/*"
},
{
"Action": [
"s3:GetObject",
"s3:DeleteObject",
"s3:DeleteObjectVersion",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws-test:s3:::placeholder-write-bucket/clusters.example.com/mixedinstances.example.com/backups/etcd/events/*"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws-test:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws-test:s3:::placeholder-write-bucket"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"route53:GetHostedZone"
],
"Effect": "Allow",
"Resource": [
"arn:aws-test:route53:::hostedzone/Z1AFAKE1ZON3YO"
]
},
{
"Action": [
"route53:GetChange"
],
"Effect": "Allow",
"Resource": [
"arn:aws-test:route53:::change/*"
]
},
{
"Action": [
"route53:ListHostedZones",
"route53:ListTagsForResource"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"aws:RequestTag/KubernetesCluster": "mixedinstances.example.com",
"ec2:CreateAction": [
"CreateSecurityGroup"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:security-group/*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"Null": {
"aws:RequestTag/KubernetesCluster": "true"
},
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:security-group/*"
]
},
{
"Action": "ec2:CreateTags",
"Condition": {
"StringEquals": {
"aws:RequestTag/KubernetesCluster": "mixedinstances.example.com",
"ec2:CreateAction": [
"CreateVolume",
"CreateSnapshot"
]
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:volume/*",
"arn:aws-test:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"ec2:CreateTags",
"ec2:DeleteTags"
],
"Condition": {
"Null": {
"aws:RequestTag/KubernetesCluster": "true"
},
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": [
"arn:aws-test:ec2:*:*:volume/*",
"arn:aws-test:ec2:*:*:snapshot/*"
]
},
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"ec2:DescribeLaunchTemplateVersions",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:DescribeVpcs",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:RegisterTargets",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kms:DescribeKey",
"kms:GenerateRandom"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume",
"ec2:RevokeSecurityGroupIngress",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:AttachLoadBalancerToSubnets",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:CreateLoadBalancerPolicy",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancerListeners",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": [
"ec2:CreateSecurityGroup",
"ec2:CreateSnapshot",
"ec2:CreateVolume",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateTargetGroup"
],
"Condition": {
"StringEquals": {
"aws:RequestTag/KubernetesCluster": "mixedinstances.example.com"
}
},
"Effect": "Allow",
"Resource": "*"
},
{
"Action": "ec2:CreateSecurityGroup",
"Effect": "Allow",
"Resource": "arn:aws-test:ec2:*:*:vpc/*"
}
],
"Version": "2012-10-17"
}
}
},
"AWSIAMPolicynodesmixedinstancesexamplecom": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "nodes.mixedinstances.example.com",
"Roles": [
{
"Ref": "AWSIAMRolenodesmixedinstancesexamplecom"
}
],
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws-test:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/addons/*",
"arn:aws-test:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/cluster-completed.spec",
"arn:aws-test:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/igconfig/node/*",
"arn:aws-test:s3:::placeholder-read-bucket/clusters.example.com/mixedinstances.example.com/secrets/dockerconfig"
]
},
{
"Action": [
"s3:GetBucketLocation",
"s3:GetEncryptionConfiguration",
"s3:ListBucket",
"s3:ListBucketVersions"
],
"Effect": "Allow",
"Resource": [
"arn:aws-test:s3:::placeholder-read-bucket"
]
},
{
"Action": [
"autoscaling:DescribeAutoScalingInstances",
"ec2:DescribeInstanceTypes",
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"iam:GetServerCertificate",
"iam:ListServerCertificates",
"kms:GenerateRandom"
],
"Effect": "Allow",
"Resource": "*"
}
],
"Version": "2012-10-17"
}
}
},
"AWSIAMRolemastersmixedinstancesexamplecom": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": "masters.mixedinstances.example.com",
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "masters.mixedinstances.example.com"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
},
"AWSIAMRolenodesmixedinstancesexamplecom": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": "nodes.mixedinstances.example.com",
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "mixedinstances.example.com"
},
{
"Key": "Name",
"Value": "nodes.mixedinstances.example.com"
},
{
"Key": "kubernetes.io/cluster/mixedinstances.example.com",
"Value": "owned"
}
]
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink