mirror of https://github.com/kubernetes/kops.git
1988 lines
58 KiB
JSON
1988 lines
58 KiB
JSON
{
|
|
"Resources": {
|
|
"AWSAutoScalingAutoScalingGroupmasterustest1amasterscomplexexamplecom": {
|
|
"Type": "AWS::AutoScaling::AutoScalingGroup",
|
|
"Properties": {
|
|
"AutoScalingGroupName": "master-us-test-1a.masters.complex.example.com",
|
|
"LaunchTemplate": {
|
|
"LaunchTemplateId": {
|
|
"Ref": "AWSEC2LaunchTemplatemasterustest1amasterscomplexexamplecom"
|
|
},
|
|
"Version": {
|
|
"Fn::GetAtt": [
|
|
"AWSEC2LaunchTemplatemasterustest1amasterscomplexexamplecom",
|
|
"LatestVersionNumber"
|
|
]
|
|
}
|
|
},
|
|
"MaxSize": "1",
|
|
"MinSize": "1",
|
|
"VPCZoneIdentifier": [
|
|
{
|
|
"Ref": "AWSEC2Subnetustest1acomplexexamplecom"
|
|
}
|
|
],
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "master-us-test-1a.masters.complex.example.com",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
|
|
"Value": "",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
|
|
"Value": "master",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
|
|
"Value": "",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
|
|
"Value": "",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
|
|
"Value": "",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "k8s.io/role/master",
|
|
"Value": "1",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "kops.k8s.io/instancegroup",
|
|
"Value": "master-us-test-1a",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned",
|
|
"PropagateAtLaunch": true
|
|
}
|
|
],
|
|
"MetricsCollection": [
|
|
{
|
|
"Granularity": "1Minute",
|
|
"Metrics": [
|
|
"GroupDesiredCapacity",
|
|
"GroupInServiceInstances",
|
|
"GroupMaxSize",
|
|
"GroupMinSize",
|
|
"GroupPendingInstances",
|
|
"GroupStandbyInstances",
|
|
"GroupTerminatingInstances",
|
|
"GroupTotalInstances"
|
|
]
|
|
}
|
|
],
|
|
"LoadBalancerNames": [
|
|
"my-external-lb-1"
|
|
],
|
|
"TargetGroupARNs": [
|
|
{
|
|
"Ref": "AWSElasticLoadBalancingV2TargetGrouptcpcomplexexamplecomvpjolq"
|
|
},
|
|
{
|
|
"Ref": "AWSElasticLoadBalancingV2TargetGrouptlscomplexexamplecom5nursn"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSAutoScalingAutoScalingGroupnodescomplexexamplecom": {
|
|
"Type": "AWS::AutoScaling::AutoScalingGroup",
|
|
"Properties": {
|
|
"AutoScalingGroupName": "nodes.complex.example.com",
|
|
"LaunchTemplate": {
|
|
"LaunchTemplateId": {
|
|
"Ref": "AWSEC2LaunchTemplatenodescomplexexamplecom"
|
|
},
|
|
"Version": {
|
|
"Fn::GetAtt": [
|
|
"AWSEC2LaunchTemplatenodescomplexexamplecom",
|
|
"LatestVersionNumber"
|
|
]
|
|
}
|
|
},
|
|
"MaxSize": "2",
|
|
"MinSize": "2",
|
|
"VPCZoneIdentifier": [
|
|
{
|
|
"Ref": "AWSEC2Subnetustest1acomplexexamplecom"
|
|
}
|
|
],
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "nodes.complex.example.com",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
|
|
"Value": "node",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
|
|
"Value": "",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "k8s.io/role/node",
|
|
"Value": "1",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "kops.k8s.io/instancegroup",
|
|
"Value": "nodes",
|
|
"PropagateAtLaunch": true
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned",
|
|
"PropagateAtLaunch": true
|
|
}
|
|
],
|
|
"MetricsCollection": [
|
|
{
|
|
"Granularity": "1Minute",
|
|
"Metrics": [
|
|
"GroupDesiredCapacity",
|
|
"GroupInServiceInstances",
|
|
"GroupMaxSize",
|
|
"GroupMinSize",
|
|
"GroupPendingInstances",
|
|
"GroupStandbyInstances",
|
|
"GroupTerminatingInstances",
|
|
"GroupTotalInstances"
|
|
]
|
|
}
|
|
],
|
|
"LoadBalancerNames": [
|
|
"my-external-lb-1"
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2DHCPOptionscomplexexamplecom": {
|
|
"Type": "AWS::EC2::DHCPOptions",
|
|
"Properties": {
|
|
"DomainName": "us-test-1.compute.internal",
|
|
"DomainNameServers": [
|
|
"AmazonProvidedDNS"
|
|
],
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2InternetGatewaycomplexexamplecom": {
|
|
"Type": "AWS::EC2::InternetGateway",
|
|
"Properties": {
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2LaunchTemplatemasterustest1amasterscomplexexamplecom": {
|
|
"Type": "AWS::EC2::LaunchTemplate",
|
|
"Properties": {
|
|
"LaunchTemplateName": "master-us-test-1a.masters.complex.example.com",
|
|
"LaunchTemplateData": {
|
|
"BlockDeviceMappings": [
|
|
{
|
|
"DeviceName": "/dev/xvda",
|
|
"Ebs": {
|
|
"VolumeType": "gp3",
|
|
"VolumeSize": 64,
|
|
"Iops": 3000,
|
|
"Throughput": 125,
|
|
"DeleteOnTermination": true,
|
|
"Encrypted": true,
|
|
"KmsKeyId": "arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
|
}
|
|
},
|
|
{
|
|
"DeviceName": "/dev/sdc",
|
|
"VirtualName": "ephemeral0"
|
|
}
|
|
],
|
|
"IamInstanceProfile": {
|
|
"Name": {
|
|
"Ref": "AWSIAMInstanceProfilemasterscomplexexamplecom"
|
|
}
|
|
},
|
|
"ImageId": "ami-12345678",
|
|
"InstanceType": "m3.medium",
|
|
"MetadataOptions": {
|
|
"HttpPutResponseHopLimit": 1,
|
|
"HttpTokens": "required"
|
|
},
|
|
"Monitoring": {
|
|
"Enabled": false
|
|
},
|
|
"NetworkInterfaces": [
|
|
{
|
|
"AssociatePublicIpAddress": true,
|
|
"DeleteOnTermination": true,
|
|
"DeviceIndex": 0,
|
|
"Ipv6AddressCount": 0,
|
|
"Groups": [
|
|
{
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"sg-exampleid5",
|
|
"sg-exampleid6"
|
|
]
|
|
}
|
|
],
|
|
"TagSpecifications": [
|
|
{
|
|
"ResourceType": "instance",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "master-us-test-1a.masters.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
|
|
"Value": ""
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
|
|
"Value": "master"
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
|
|
"Value": ""
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
|
|
"Value": ""
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
|
|
"Value": ""
|
|
},
|
|
{
|
|
"Key": "k8s.io/role/master",
|
|
"Value": "1"
|
|
},
|
|
{
|
|
"Key": "kops.k8s.io/instancegroup",
|
|
"Value": "master-us-test-1a"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"ResourceType": "volume",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "master-us-test-1a.masters.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/kops-controller-pki",
|
|
"Value": ""
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
|
|
"Value": "master"
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/control-plane",
|
|
"Value": ""
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
|
|
"Value": ""
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node.kubernetes.io/exclude-from-external-load-balancers",
|
|
"Value": ""
|
|
},
|
|
{
|
|
"Key": "k8s.io/role/master",
|
|
"Value": "1"
|
|
},
|
|
{
|
|
"Key": "kops.k8s.io/instancegroup",
|
|
"Value": "master-us-test-1a"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"UserData": "extracted"
|
|
}
|
|
}
|
|
},
|
|
"AWSEC2LaunchTemplatenodescomplexexamplecom": {
|
|
"Type": "AWS::EC2::LaunchTemplate",
|
|
"Properties": {
|
|
"LaunchTemplateName": "nodes.complex.example.com",
|
|
"LaunchTemplateData": {
|
|
"BlockDeviceMappings": [
|
|
{
|
|
"DeviceName": "/dev/xvda",
|
|
"Ebs": {
|
|
"VolumeType": "gp3",
|
|
"VolumeSize": 128,
|
|
"Iops": 3000,
|
|
"Throughput": 125,
|
|
"DeleteOnTermination": true,
|
|
"Encrypted": true
|
|
}
|
|
},
|
|
{
|
|
"DeviceName": "/dev/xvdd",
|
|
"Ebs": {
|
|
"VolumeType": "gp2",
|
|
"VolumeSize": 20,
|
|
"DeleteOnTermination": true,
|
|
"Encrypted": true,
|
|
"KmsKeyId": "arn:aws:kms:us-test-1:000000000000:key/1234abcd-12ab-34cd-56ef-1234567890ab"
|
|
}
|
|
}
|
|
],
|
|
"CreditSpecification": {
|
|
"CpuCredits": "standard"
|
|
},
|
|
"IamInstanceProfile": {
|
|
"Name": {
|
|
"Ref": "AWSIAMInstanceProfilenodescomplexexamplecom"
|
|
}
|
|
},
|
|
"ImageId": "ami-12345678",
|
|
"InstanceType": "t2.medium",
|
|
"MetadataOptions": {
|
|
"HttpPutResponseHopLimit": 1,
|
|
"HttpTokens": "optional"
|
|
},
|
|
"Monitoring": {
|
|
"Enabled": true
|
|
},
|
|
"NetworkInterfaces": [
|
|
{
|
|
"AssociatePublicIpAddress": true,
|
|
"DeleteOnTermination": true,
|
|
"DeviceIndex": 0,
|
|
"Ipv6AddressCount": 0,
|
|
"Groups": [
|
|
{
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"sg-exampleid3",
|
|
"sg-exampleid4"
|
|
]
|
|
}
|
|
],
|
|
"TagSpecifications": [
|
|
{
|
|
"ResourceType": "instance",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "nodes.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
|
|
"Value": "node"
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
|
|
"Value": ""
|
|
},
|
|
{
|
|
"Key": "k8s.io/role/node",
|
|
"Value": "1"
|
|
},
|
|
{
|
|
"Key": "kops.k8s.io/instancegroup",
|
|
"Value": "nodes"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"ResourceType": "volume",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "nodes.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
|
|
"Value": "node"
|
|
},
|
|
{
|
|
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
|
|
"Value": ""
|
|
},
|
|
{
|
|
"Key": "k8s.io/role/node",
|
|
"Value": "1"
|
|
},
|
|
{
|
|
"Key": "kops.k8s.io/instancegroup",
|
|
"Value": "nodes"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"UserData": "extracted"
|
|
}
|
|
}
|
|
},
|
|
"AWSEC2Route0": {
|
|
"Type": "AWS::EC2::Route",
|
|
"Properties": {
|
|
"RouteTableId": {
|
|
"Ref": "AWSEC2RouteTablecomplexexamplecom"
|
|
},
|
|
"DestinationIpv6CidrBlock": "::/0",
|
|
"GatewayId": {
|
|
"Ref": "AWSEC2InternetGatewaycomplexexamplecom"
|
|
}
|
|
}
|
|
},
|
|
"AWSEC2Route00000": {
|
|
"Type": "AWS::EC2::Route",
|
|
"Properties": {
|
|
"RouteTableId": {
|
|
"Ref": "AWSEC2RouteTablecomplexexamplecom"
|
|
},
|
|
"DestinationCidrBlock": "0.0.0.0/0",
|
|
"GatewayId": {
|
|
"Ref": "AWSEC2InternetGatewaycomplexexamplecom"
|
|
}
|
|
}
|
|
},
|
|
"AWSEC2RouteTablecomplexexamplecom": {
|
|
"Type": "AWS::EC2::RouteTable",
|
|
"Properties": {
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/kops/role",
|
|
"Value": "public"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2RouteTableprivateustest1acomplexexamplecom": {
|
|
"Type": "AWS::EC2::RouteTable",
|
|
"Properties": {
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "private-us-test-1a.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/kops/role",
|
|
"Value": "private-us-test-1a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2Routeprivateustest1a00000": {
|
|
"Type": "AWS::EC2::Route",
|
|
"Properties": {
|
|
"RouteTableId": {
|
|
"Ref": "AWSEC2RouteTableprivateustest1acomplexexamplecom"
|
|
},
|
|
"DestinationCidrBlock": "0.0.0.0/0",
|
|
"TransitGatewayId": "tgw-123456"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupEgressfrommasterscomplexexamplecomegressall0to00": {
|
|
"Type": "AWS::EC2::SecurityGroupEgress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 0,
|
|
"ToPort": 0,
|
|
"IpProtocol": "-1",
|
|
"CidrIpv6": "::/0"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupEgressfrommasterscomplexexamplecomegressall0to000000": {
|
|
"Type": "AWS::EC2::SecurityGroupEgress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 0,
|
|
"ToPort": 0,
|
|
"IpProtocol": "-1",
|
|
"CidrIp": "0.0.0.0/0"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupEgressfromnodescomplexexamplecomegressall0to00": {
|
|
"Type": "AWS::EC2::SecurityGroupEgress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 0,
|
|
"ToPort": 0,
|
|
"IpProtocol": "-1",
|
|
"CidrIpv6": "::/0"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupEgressfromnodescomplexexamplecomegressall0to000000": {
|
|
"Type": "AWS::EC2::SecurityGroupEgress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 0,
|
|
"ToPort": 0,
|
|
"IpProtocol": "-1",
|
|
"CidrIp": "0.0.0.0/0"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressfrom111024ingresstcp443to443masterscomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 443,
|
|
"ToPort": 443,
|
|
"IpProtocol": "tcp",
|
|
"CidrIp": "1.1.1.0/24"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressfrom111132ingresstcp22to22masterscomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 22,
|
|
"ToPort": 22,
|
|
"IpProtocol": "tcp",
|
|
"CidrIp": "1.1.1.1/32"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressfrom111132ingresstcp22to22nodescomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 22,
|
|
"ToPort": 22,
|
|
"IpProtocol": "tcp",
|
|
"CidrIp": "1.1.1.1/32"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressfrommasterscomplexexamplecomingressall0to0masterscomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"SourceSecurityGroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 0,
|
|
"ToPort": 0,
|
|
"IpProtocol": "-1"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressfrommasterscomplexexamplecomingressall0to0nodescomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"SourceSecurityGroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 0,
|
|
"ToPort": 0,
|
|
"IpProtocol": "-1"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressfromnodescomplexexamplecomingressall0to0nodescomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"SourceSecurityGroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 0,
|
|
"ToPort": 0,
|
|
"IpProtocol": "-1"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressfromnodescomplexexamplecomingresstcp1to2379masterscomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"SourceSecurityGroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 1,
|
|
"ToPort": 2379,
|
|
"IpProtocol": "tcp"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressfromnodescomplexexamplecomingresstcp2382to4000masterscomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"SourceSecurityGroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 2382,
|
|
"ToPort": 4000,
|
|
"IpProtocol": "tcp"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressfromnodescomplexexamplecomingresstcp4003to65535masterscomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"SourceSecurityGroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 4003,
|
|
"ToPort": 65535,
|
|
"IpProtocol": "tcp"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressfromnodescomplexexamplecomingressudp1to65535masterscomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"SourceSecurityGroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 1,
|
|
"ToPort": 65535,
|
|
"IpProtocol": "udp"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngresshttpselbtomaster": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 443,
|
|
"ToPort": 443,
|
|
"IpProtocol": "tcp",
|
|
"CidrIp": "172.20.0.0/16"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngresshttpslbtomaster1010016": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 443,
|
|
"ToPort": 443,
|
|
"IpProtocol": "tcp",
|
|
"CidrIp": "10.1.0.0/16"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngresshttpslbtomaster1020016": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 443,
|
|
"ToPort": 443,
|
|
"IpProtocol": "tcp",
|
|
"CidrIp": "10.2.0.0/16"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressicmppmtuapielb111024": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 3,
|
|
"ToPort": 4,
|
|
"IpProtocol": "icmp",
|
|
"CidrIp": "1.1.1.0/24"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressnodeporttcpexternaltonode102030024": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 28000,
|
|
"ToPort": 32767,
|
|
"IpProtocol": "tcp",
|
|
"CidrIp": "10.20.30.0/24"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressnodeporttcpexternaltonode123432": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 28000,
|
|
"ToPort": 32767,
|
|
"IpProtocol": "tcp",
|
|
"CidrIp": "1.2.3.4/32"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressnodeportudpexternaltonode102030024": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 28000,
|
|
"ToPort": 32767,
|
|
"IpProtocol": "udp",
|
|
"CidrIp": "10.20.30.0/24"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngressnodeportudpexternaltonode123432": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupnodescomplexexamplecom"
|
|
},
|
|
"FromPort": 28000,
|
|
"ToPort": 32767,
|
|
"IpProtocol": "udp",
|
|
"CidrIp": "1.2.3.4/32"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupIngresstcpapi111024": {
|
|
"Type": "AWS::EC2::SecurityGroupIngress",
|
|
"Properties": {
|
|
"GroupId": {
|
|
"Ref": "AWSEC2SecurityGroupmasterscomplexexamplecom"
|
|
},
|
|
"FromPort": 8443,
|
|
"ToPort": 8443,
|
|
"IpProtocol": "tcp",
|
|
"CidrIp": "1.1.1.0/24"
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupapielbcomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroup",
|
|
"Properties": {
|
|
"GroupName": "api-elb.complex.example.com",
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"GroupDescription": "Security group for api ELB",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "api-elb.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupmasterscomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroup",
|
|
"Properties": {
|
|
"GroupName": "masters.complex.example.com",
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"GroupDescription": "Security group for masters",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "masters.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2SecurityGroupnodescomplexexamplecom": {
|
|
"Type": "AWS::EC2::SecurityGroup",
|
|
"Properties": {
|
|
"GroupName": "nodes.complex.example.com",
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"GroupDescription": "Security group for nodes",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "nodes.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2SubnetRouteTableAssociationprivateuseast1aprivatecomplexexamplecom": {
|
|
"Type": "AWS::EC2::SubnetRouteTableAssociation",
|
|
"Properties": {
|
|
"SubnetId": {
|
|
"Ref": "AWSEC2Subnetuseast1aprivatecomplexexamplecom"
|
|
},
|
|
"RouteTableId": {
|
|
"Ref": "AWSEC2RouteTableprivateustest1acomplexexamplecom"
|
|
}
|
|
}
|
|
},
|
|
"AWSEC2SubnetRouteTableAssociationuseast1autilitycomplexexamplecom": {
|
|
"Type": "AWS::EC2::SubnetRouteTableAssociation",
|
|
"Properties": {
|
|
"SubnetId": {
|
|
"Ref": "AWSEC2Subnetuseast1autilitycomplexexamplecom"
|
|
},
|
|
"RouteTableId": {
|
|
"Ref": "AWSEC2RouteTablecomplexexamplecom"
|
|
}
|
|
}
|
|
},
|
|
"AWSEC2SubnetRouteTableAssociationustest1acomplexexamplecom": {
|
|
"Type": "AWS::EC2::SubnetRouteTableAssociation",
|
|
"Properties": {
|
|
"SubnetId": {
|
|
"Ref": "AWSEC2Subnetustest1acomplexexamplecom"
|
|
},
|
|
"RouteTableId": {
|
|
"Ref": "AWSEC2RouteTablecomplexexamplecom"
|
|
}
|
|
}
|
|
},
|
|
"AWSEC2Subnetuseast1aprivatecomplexexamplecom": {
|
|
"Type": "AWS::EC2::Subnet",
|
|
"Properties": {
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"CidrBlock": "172.20.64.0/19",
|
|
"AvailabilityZone": "us-test-1a",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "us-east-1a-private.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "SubnetType",
|
|
"Value": "Private"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/role/internal-elb",
|
|
"Value": "1"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2Subnetuseast1autilitycomplexexamplecom": {
|
|
"Type": "AWS::EC2::Subnet",
|
|
"Properties": {
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"CidrBlock": "172.20.96.0/19",
|
|
"AvailabilityZone": "us-test-1a",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "us-east-1a-utility.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "SubnetType",
|
|
"Value": "Utility"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/role/elb",
|
|
"Value": "1"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/role/internal-elb",
|
|
"Value": "1"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2Subnetustest1acomplexexamplecom": {
|
|
"Type": "AWS::EC2::Subnet",
|
|
"Properties": {
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"CidrBlock": "172.20.32.0/19",
|
|
"AvailabilityZone": "us-test-1a",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "us-test-1a.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "SubnetType",
|
|
"Value": "Public"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/role/elb",
|
|
"Value": "1"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/role/internal-elb",
|
|
"Value": "1"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2VPCCidrBlock1010016": {
|
|
"Type": "AWS::EC2::VPCCidrBlock",
|
|
"Properties": {
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"CidrBlock": "10.1.0.0/16"
|
|
}
|
|
},
|
|
"AWSEC2VPCCidrBlock1020016": {
|
|
"Type": "AWS::EC2::VPCCidrBlock",
|
|
"Properties": {
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"CidrBlock": "10.2.0.0/16"
|
|
}
|
|
},
|
|
"AWSEC2VPCCidrBlockAmazonIPv6": {
|
|
"Type": "AWS::EC2::VPCCidrBlock",
|
|
"Properties": {
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"AmazonProvidedIpv6CidrBlock": true
|
|
}
|
|
},
|
|
"AWSEC2VPCDHCPOptionsAssociationcomplexexamplecom": {
|
|
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
|
|
"Properties": {
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"DhcpOptionsId": {
|
|
"Ref": "AWSEC2DHCPOptionscomplexexamplecom"
|
|
}
|
|
}
|
|
},
|
|
"AWSEC2VPCGatewayAttachmentcomplexexamplecom": {
|
|
"Type": "AWS::EC2::VPCGatewayAttachment",
|
|
"Properties": {
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"InternetGatewayId": {
|
|
"Ref": "AWSEC2InternetGatewaycomplexexamplecom"
|
|
}
|
|
}
|
|
},
|
|
"AWSEC2VPCcomplexexamplecom": {
|
|
"Type": "AWS::EC2::VPC",
|
|
"Properties": {
|
|
"CidrBlock": "172.20.0.0/16",
|
|
"EnableDnsHostnames": true,
|
|
"EnableDnsSupport": true,
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2Volumeaetcdeventscomplexexamplecom": {
|
|
"Type": "AWS::EC2::Volume",
|
|
"Properties": {
|
|
"AvailabilityZone": "us-test-1a",
|
|
"Size": 20,
|
|
"VolumeType": "gp3",
|
|
"Iops": 3000,
|
|
"Throughput": 125,
|
|
"Encrypted": false,
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "a.etcd-events.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "k8s.io/etcd/events",
|
|
"Value": "a/a"
|
|
},
|
|
{
|
|
"Key": "k8s.io/role/master",
|
|
"Value": "1"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSEC2Volumeaetcdmaincomplexexamplecom": {
|
|
"Type": "AWS::EC2::Volume",
|
|
"Properties": {
|
|
"AvailabilityZone": "us-test-1a",
|
|
"Size": 20,
|
|
"VolumeType": "gp3",
|
|
"Iops": 3000,
|
|
"Throughput": 125,
|
|
"Encrypted": false,
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "a.etcd-main.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "k8s.io/etcd/main",
|
|
"Value": "a/a"
|
|
},
|
|
{
|
|
"Key": "k8s.io/role/master",
|
|
"Value": "1"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSElasticLoadBalancingV2Listenerapicomplexexamplecom443": {
|
|
"Type": "AWS::ElasticLoadBalancingV2::Listener",
|
|
"Properties": {
|
|
"Certificates": [
|
|
{
|
|
"CertificateArn": "arn:aws:acm:us-test-1:000000000000:certificate/123456789012-1234-1234-1234-12345678"
|
|
}
|
|
],
|
|
"DefaultActions": [
|
|
{
|
|
"Type": "forward",
|
|
"TargetGroupArn": {
|
|
"Ref": "AWSElasticLoadBalancingV2TargetGrouptlscomplexexamplecom5nursn"
|
|
}
|
|
}
|
|
],
|
|
"LoadBalancerArn": {
|
|
"Ref": "AWSElasticLoadBalancingV2LoadBalancerapicomplexexamplecom"
|
|
},
|
|
"Port": 443,
|
|
"Protocol": "TLS",
|
|
"SslPolicy": "ELBSecurityPolicy-2016-08"
|
|
}
|
|
},
|
|
"AWSElasticLoadBalancingV2Listenerapicomplexexamplecom8443": {
|
|
"Type": "AWS::ElasticLoadBalancingV2::Listener",
|
|
"Properties": {
|
|
"DefaultActions": [
|
|
{
|
|
"Type": "forward",
|
|
"TargetGroupArn": {
|
|
"Ref": "AWSElasticLoadBalancingV2TargetGrouptcpcomplexexamplecomvpjolq"
|
|
}
|
|
}
|
|
],
|
|
"LoadBalancerArn": {
|
|
"Ref": "AWSElasticLoadBalancingV2LoadBalancerapicomplexexamplecom"
|
|
},
|
|
"Port": 8443,
|
|
"Protocol": "TCP"
|
|
}
|
|
},
|
|
"AWSElasticLoadBalancingV2LoadBalancerapicomplexexamplecom": {
|
|
"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
|
|
"Properties": {
|
|
"Name": "api-complex-example-com-vd3t5n",
|
|
"Scheme": "internet-facing",
|
|
"SubnetMappings": [
|
|
{
|
|
"SubnetId": {
|
|
"Ref": "AWSEC2Subnetustest1acomplexexamplecom"
|
|
},
|
|
"AllocationId": "eipalloc-012345a678b9cdefa"
|
|
}
|
|
],
|
|
"Type": "network",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "api.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
],
|
|
"LoadBalancerAttributes": [
|
|
{
|
|
"Key": "access_logs.s3.enabled",
|
|
"Value": "true"
|
|
},
|
|
{
|
|
"Key": "access_logs.s3.bucket",
|
|
"Value": "access-log-example"
|
|
},
|
|
{
|
|
"Key": "access_logs.s3.prefix",
|
|
"Value": ""
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSElasticLoadBalancingV2TargetGrouptcpcomplexexamplecomvpjolq": {
|
|
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
|
|
"Properties": {
|
|
"Name": "tcp-complex-example-com-vpjolq",
|
|
"Port": 443,
|
|
"Protocol": "TCP",
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "tcp-complex-example-com-vpjolq"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
],
|
|
"HealthCheckProtocol": "TCP",
|
|
"HealthyThresholdCount": 2,
|
|
"UnhealthyThresholdCount": 2
|
|
}
|
|
},
|
|
"AWSElasticLoadBalancingV2TargetGrouptlscomplexexamplecom5nursn": {
|
|
"Type": "AWS::ElasticLoadBalancingV2::TargetGroup",
|
|
"Properties": {
|
|
"Name": "tls-complex-example-com-5nursn",
|
|
"Port": 443,
|
|
"Protocol": "TLS",
|
|
"VpcId": {
|
|
"Ref": "AWSEC2VPCcomplexexamplecom"
|
|
},
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "tls-complex-example-com-5nursn"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
],
|
|
"HealthCheckProtocol": "TLS",
|
|
"HealthyThresholdCount": 2,
|
|
"UnhealthyThresholdCount": 2
|
|
}
|
|
},
|
|
"AWSIAMInstanceProfilemasterscomplexexamplecom": {
|
|
"Type": "AWS::IAM::InstanceProfile",
|
|
"Properties": {
|
|
"InstanceProfileName": "masters.complex.example.com",
|
|
"Roles": [
|
|
{
|
|
"Ref": "AWSIAMRolemasterscomplexexamplecom"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSIAMInstanceProfilenodescomplexexamplecom": {
|
|
"Type": "AWS::IAM::InstanceProfile",
|
|
"Properties": {
|
|
"InstanceProfileName": "nodes.complex.example.com",
|
|
"Roles": [
|
|
{
|
|
"Ref": "AWSIAMRolenodescomplexexamplecom"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSIAMPolicymasterscomplexexamplecom": {
|
|
"Type": "AWS::IAM::Policy",
|
|
"Properties": {
|
|
"PolicyName": "masters.complex.example.com",
|
|
"Roles": [
|
|
{
|
|
"Ref": "AWSIAMRolemasterscomplexexamplecom"
|
|
}
|
|
],
|
|
"PolicyDocument": {
|
|
"Statement": [
|
|
{
|
|
"Action": "ec2:AttachVolume",
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"aws:ResourceTag/KubernetesCluster": "complex.example.com",
|
|
"aws:ResourceTag/k8s.io/role/master": "1"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": "ec2:CreateTags",
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"ec2:CreateAction": [
|
|
"CreateVolume",
|
|
"CreateSnapshot"
|
|
]
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:ec2:*:*:volume/*",
|
|
"arn:aws:ec2:*:*:snapshot/*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"elasticloadbalancing:CreateLoadBalancer",
|
|
"elasticloadbalancing:CreateLoadBalancerPolicy",
|
|
"elasticloadbalancing:CreateLoadBalancerListeners",
|
|
"ec2:CreateSecurityGroup",
|
|
"ec2:CreateVolume",
|
|
"elasticloadbalancing:CreateListener",
|
|
"elasticloadbalancing:CreateTargetGroup"
|
|
],
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"aws:RequestTag/KubernetesCluster": "complex.example.com"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:Get*"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": "arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/*"
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:GetObject",
|
|
"s3:DeleteObject",
|
|
"s3:DeleteObjectVersion",
|
|
"s3:PutObject"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/complex.example.com/backups/etcd/main/*"
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:GetObject",
|
|
"s3:DeleteObject",
|
|
"s3:DeleteObjectVersion",
|
|
"s3:PutObject"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": "arn:aws:s3:::placeholder-write-bucket/clusters.example.com/complex.example.com/backups/etcd/events/*"
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:GetBucketLocation",
|
|
"s3:GetEncryptionConfiguration",
|
|
"s3:ListBucket",
|
|
"s3:ListBucketVersions"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:s3:::placeholder-read-bucket"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:GetBucketLocation",
|
|
"s3:GetEncryptionConfiguration",
|
|
"s3:ListBucket",
|
|
"s3:ListBucketVersions"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:s3:::placeholder-write-bucket"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"route53:ChangeResourceRecordSets",
|
|
"route53:ListResourceRecordSets",
|
|
"route53:GetHostedZone"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"route53:GetChange"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:route53:::change/*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"route53:ListHostedZones"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"ec2:CreateVolume"
|
|
],
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"aws:RequestTag/KubernetesCluster": "complex.example.com"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": "*"
|
|
},
|
|
{
|
|
"Action": "ec2:CreateTags",
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"ec2:CreateAction": [
|
|
"CreateVolume",
|
|
"CreateSnapshot"
|
|
]
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:ec2:*:*:volume/*",
|
|
"arn:aws:ec2:*:*:snapshot/*"
|
|
]
|
|
},
|
|
{
|
|
"Action": "ec2:DeleteTags",
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"aws:ResourceTag/KubernetesCluster": "complex.example.com"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:ec2:*:*:volume/*",
|
|
"arn:aws:ec2:*:*:snapshot/*"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"autoscaling:DescribeAutoScalingGroups",
|
|
"autoscaling:DescribeAutoScalingInstances",
|
|
"autoscaling:DescribeLaunchConfigurations",
|
|
"autoscaling:DescribeTags",
|
|
"ec2:CreateSecurityGroup",
|
|
"ec2:CreateTags",
|
|
"ec2:DescribeAccountAttributes",
|
|
"ec2:DescribeInstances",
|
|
"ec2:DescribeRegions",
|
|
"ec2:DescribeRouteTables",
|
|
"ec2:DescribeSecurityGroups",
|
|
"ec2:DescribeSubnets",
|
|
"ec2:DescribeTags",
|
|
"ec2:DescribeVolumes",
|
|
"ec2:DescribeVolumesModifications",
|
|
"ec2:DescribeVpcs",
|
|
"elasticloadbalancing:DescribeListeners",
|
|
"elasticloadbalancing:DescribeLoadBalancerAttributes",
|
|
"elasticloadbalancing:DescribeLoadBalancerPolicies",
|
|
"elasticloadbalancing:DescribeLoadBalancers",
|
|
"elasticloadbalancing:DescribeTargetGroups",
|
|
"elasticloadbalancing:DescribeTargetHealth",
|
|
"iam:GetServerCertificate",
|
|
"iam:ListServerCertificates",
|
|
"kms:DescribeKey",
|
|
"kms:GenerateRandom"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": "*"
|
|
},
|
|
{
|
|
"Action": [
|
|
"autoscaling:SetDesiredCapacity",
|
|
"autoscaling:TerminateInstanceInAutoScalingGroup",
|
|
"ec2:AttachVolume",
|
|
"ec2:AuthorizeSecurityGroupIngress",
|
|
"ec2:DeleteRoute",
|
|
"ec2:DeleteSecurityGroup",
|
|
"ec2:DeleteVolume",
|
|
"ec2:DetachVolume",
|
|
"ec2:ModifyInstanceAttribute",
|
|
"ec2:ModifyVolume",
|
|
"ec2:RevokeSecurityGroupIngress",
|
|
"elasticloadbalancing:AddTags",
|
|
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
|
|
"elasticloadbalancing:AttachLoadBalancerToSubnets",
|
|
"elasticloadbalancing:ConfigureHealthCheck",
|
|
"elasticloadbalancing:DeleteListener",
|
|
"elasticloadbalancing:DeleteLoadBalancer",
|
|
"elasticloadbalancing:DeleteLoadBalancerListeners",
|
|
"elasticloadbalancing:DeleteTargetGroup",
|
|
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
|
|
"elasticloadbalancing:DeregisterTargets",
|
|
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
|
|
"elasticloadbalancing:ModifyListener",
|
|
"elasticloadbalancing:ModifyLoadBalancerAttributes",
|
|
"elasticloadbalancing:ModifyTargetGroup",
|
|
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
|
|
"elasticloadbalancing:RegisterTargets",
|
|
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer",
|
|
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
|
|
],
|
|
"Condition": {
|
|
"StringEquals": {
|
|
"aws:ResourceTag/KubernetesCluster": "complex.example.com"
|
|
}
|
|
},
|
|
"Effect": "Allow",
|
|
"Resource": "*"
|
|
}
|
|
],
|
|
"Version": "2012-10-17"
|
|
}
|
|
}
|
|
},
|
|
"AWSIAMPolicynodescomplexexamplecom": {
|
|
"Type": "AWS::IAM::Policy",
|
|
"Properties": {
|
|
"PolicyName": "nodes.complex.example.com",
|
|
"Roles": [
|
|
{
|
|
"Ref": "AWSIAMRolenodescomplexexamplecom"
|
|
}
|
|
],
|
|
"PolicyDocument": {
|
|
"Statement": [
|
|
{
|
|
"Action": [
|
|
"s3:Get*"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/addons/*",
|
|
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/cluster-completed.spec",
|
|
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/igconfig/node/*",
|
|
"arn:aws:s3:::placeholder-read-bucket/clusters.example.com/complex.example.com/secrets/dockerconfig"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"s3:GetBucketLocation",
|
|
"s3:GetEncryptionConfiguration",
|
|
"s3:ListBucket",
|
|
"s3:ListBucketVersions"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": [
|
|
"arn:aws:s3:::placeholder-read-bucket"
|
|
]
|
|
},
|
|
{
|
|
"Action": [
|
|
"autoscaling:DescribeAutoScalingInstances",
|
|
"ec2:DescribeInstances",
|
|
"iam:GetServerCertificate",
|
|
"iam:ListServerCertificates",
|
|
"kms:GenerateRandom"
|
|
],
|
|
"Effect": "Allow",
|
|
"Resource": "*"
|
|
}
|
|
],
|
|
"Version": "2012-10-17"
|
|
}
|
|
}
|
|
},
|
|
"AWSIAMRolemasterscomplexexamplecom": {
|
|
"Type": "AWS::IAM::Role",
|
|
"Properties": {
|
|
"RoleName": "masters.complex.example.com",
|
|
"AssumeRolePolicyDocument": {
|
|
"Statement": [
|
|
{
|
|
"Action": "sts:AssumeRole",
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Service": "ec2.amazonaws.com"
|
|
}
|
|
}
|
|
],
|
|
"Version": "2012-10-17"
|
|
},
|
|
"PermissionsBoundary": "arn:aws:iam:00000000000:policy/boundaries",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "masters.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSIAMRolenodescomplexexamplecom": {
|
|
"Type": "AWS::IAM::Role",
|
|
"Properties": {
|
|
"RoleName": "nodes.complex.example.com",
|
|
"AssumeRolePolicyDocument": {
|
|
"Statement": [
|
|
{
|
|
"Action": "sts:AssumeRole",
|
|
"Effect": "Allow",
|
|
"Principal": {
|
|
"Service": "ec2.amazonaws.com"
|
|
}
|
|
}
|
|
],
|
|
"Version": "2012-10-17"
|
|
},
|
|
"PermissionsBoundary": "arn:aws:iam:00000000000:policy/boundaries",
|
|
"Tags": [
|
|
{
|
|
"Key": "KubernetesCluster",
|
|
"Value": "complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Name",
|
|
"Value": "nodes.complex.example.com"
|
|
},
|
|
{
|
|
"Key": "Owner",
|
|
"Value": "John Doe"
|
|
},
|
|
{
|
|
"Key": "foo/bar",
|
|
"Value": "fib+baz"
|
|
},
|
|
{
|
|
"Key": "kubernetes.io/cluster/complex.example.com",
|
|
"Value": "owned"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"AWSRoute53RecordSetapicomplexexamplecom": {
|
|
"Type": "AWS::Route53::RecordSet",
|
|
"Properties": {
|
|
"Name": "api.complex.example.com",
|
|
"Type": "A",
|
|
"AliasTarget": {
|
|
"DNSName": {
|
|
"Fn::GetAtt": [
|
|
"AWSElasticLoadBalancingV2LoadBalancerapicomplexexamplecom",
|
|
"DNSName"
|
|
]
|
|
},
|
|
"HostedZoneId": {
|
|
"Fn::GetAtt": [
|
|
"AWSElasticLoadBalancingV2LoadBalancerapicomplexexamplecom",
|
|
"CanonicalHostedZoneID"
|
|
]
|
|
},
|
|
"EvaluateTargetHealth": false
|
|
},
|
|
"HostedZoneId": "/hostedzone/Z1AFAKE1ZON3YO"
|
|
}
|
|
}
|
|
}
|
|
}
|