kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
kops/tests/integration/update_cluster/containerd-cloudformation/cloudformation.json

1083 lines
32 KiB
JSON
Raw Blame History

{
"Resources": {
"AWSAutoScalingAutoScalingGroupmasterustest1amasterscontainerdexamplecom": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AutoScalingGroupName": "master-us-test-1a.masters.containerd.example.com",
"LaunchTemplate": {
"LaunchTemplateId": {
"Ref": "AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom"
},
"Version": {
"Fn::GetAtt": [
"AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom",
"LatestVersionNumber"
]
}
},
"MaxSize": "1",
"MinSize": "1",
"VPCZoneIdentifier": [
{
"Ref": "AWSEC2Subnetustest1acontainerdexamplecom"
}
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com",
"PropagateAtLaunch": true
},
{
"Key": "Name",
"Value": "master-us-test-1a.masters.containerd.example.com",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/role/master",
"Value": "1",
"PropagateAtLaunch": true
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1a",
"PropagateAtLaunch": true
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned",
"PropagateAtLaunch": true
}
],
"MetricsCollection": [
{
"Granularity": "1Minute",
"Metrics": [
"GroupDesiredCapacity",
"GroupInServiceInstances",
"GroupMaxSize",
"GroupMinSize",
"GroupPendingInstances",
"GroupStandbyInstances",
"GroupTerminatingInstances",
"GroupTotalInstances"
]
}
]
}
},
"AWSAutoScalingAutoScalingGroupnodescontainerdexamplecom": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AutoScalingGroupName": "nodes.containerd.example.com",
"LaunchTemplate": {
"LaunchTemplateId": {
"Ref": "AWSEC2LaunchTemplatenodescontainerdexamplecom"
},
"Version": {
"Fn::GetAtt": [
"AWSEC2LaunchTemplatenodescontainerdexamplecom",
"LatestVersionNumber"
]
}
},
"MaxSize": "2",
"MinSize": "2",
"VPCZoneIdentifier": [
{
"Ref": "AWSEC2Subnetustest1acontainerdexamplecom"
}
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com",
"PropagateAtLaunch": true
},
{
"Key": "Name",
"Value": "nodes.containerd.example.com",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": "",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/role/node",
"Value": "1",
"PropagateAtLaunch": true
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "nodes",
"PropagateAtLaunch": true
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned",
"PropagateAtLaunch": true
}
],
"MetricsCollection": [
{
"Granularity": "1Minute",
"Metrics": [
"GroupDesiredCapacity",
"GroupInServiceInstances",
"GroupMaxSize",
"GroupMinSize",
"GroupPendingInstances",
"GroupStandbyInstances",
"GroupTerminatingInstances",
"GroupTotalInstances"
]
}
]
}
},
"AWSEC2DHCPOptionscontainerdexamplecom": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "us-test-1.compute.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "containerd.example.com"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2InternetGatewaycontainerdexamplecom": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "containerd.example.com"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2LaunchTemplatemasterustest1amasterscontainerdexamplecom": {
"Type": "AWS::EC2::LaunchTemplate",
"Properties": {
"LaunchTemplateName": "master-us-test-1a.masters.containerd.example.com",
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp2",
"VolumeSize": 64,
"DeleteOnTermination": true
}
},
{
"DeviceName": "/dev/sdc",
"VirtualName": "ephemeral0"
}
],
"IamInstanceProfile": {
"Name": {
"Ref": "AWSIAMInstanceProfilemasterscontainerdexamplecom"
}
},
"ImageId": "ami-11400000",
"InstanceType": "m3.medium",
"KeyName": "kubernetes.containerd.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional"
},
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Groups": [
{
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
}
]
}
],
"TagSpecifications": [
{
"ResourceType": "instance",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "master-us-test-1a.masters.containerd.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1a"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
},
{
"ResourceType": "volume",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "master-us-test-1a.masters.containerd.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "master"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master",
"Value": ""
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "master-us-test-1a"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
],
"UserData": "extracted"
}
}
},
"AWSEC2LaunchTemplatenodescontainerdexamplecom": {
"Type": "AWS::EC2::LaunchTemplate",
"Properties": {
"LaunchTemplateName": "nodes.containerd.example.com",
"LaunchTemplateData": {
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp2",
"VolumeSize": 128,
"DeleteOnTermination": true
}
}
],
"IamInstanceProfile": {
"Name": {
"Ref": "AWSIAMInstanceProfilenodescontainerdexamplecom"
}
},
"ImageId": "ami-11400000",
"InstanceType": "t2.medium",
"KeyName": "kubernetes.containerd.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57",
"MetadataOptions": {
"HttpPutResponseHopLimit": 1,
"HttpTokens": "optional"
},
"NetworkInterfaces": [
{
"AssociatePublicIpAddress": true,
"DeleteOnTermination": true,
"DeviceIndex": 0,
"Groups": [
{
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
}
]
}
],
"TagSpecifications": [
{
"ResourceType": "instance",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "nodes.containerd.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": ""
},
{
"Key": "k8s.io/role/node",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "nodes"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
},
{
"ResourceType": "volume",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "nodes.containerd.example.com"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role",
"Value": "node"
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node",
"Value": ""
},
{
"Key": "k8s.io/role/node",
"Value": "1"
},
{
"Key": "kops.k8s.io/instancegroup",
"Value": "nodes"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
],
"UserData": "extracted"
}
}
},
"AWSEC2Route00000": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "AWSEC2RouteTablecontainerdexamplecom"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "AWSEC2InternetGatewaycontainerdexamplecom"
}
}
},
"AWSEC2RouteTablecontainerdexamplecom": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCcontainerdexamplecom"
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "containerd.example.com"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
},
{
"Key": "kubernetes.io/kops/role",
"Value": "public"
}
]
}
},
"AWSEC2SecurityGroupEgressmasterscontainerdexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodescontainerdexamplecomegressall0to000000": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpsexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"FromPort": 443,
"ToPort": 443,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressmasterscontainerdexamplecomingressall0to0masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressmasterscontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingressall0to0nodescontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp1to2379masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp2382to4000masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingresstcp4003to65535masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodescontainerdexamplecomingressudp1to65535masterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmasterscontainerdexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodescontainerdexamplecom"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupmasterscontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupName": "masters.containerd.example.com",
"VpcId": {
"Ref": "AWSEC2VPCcontainerdexamplecom"
},
"GroupDescription": "Security group for masters",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "masters.containerd.example.com"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2SecurityGroupnodescontainerdexamplecom": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupName": "nodes.containerd.example.com",
"VpcId": {
"Ref": "AWSEC2VPCcontainerdexamplecom"
},
"GroupDescription": "Security group for nodes",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "nodes.containerd.example.com"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2SubnetRouteTableAssociationustest1acontainerdexamplecom": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "AWSEC2Subnetustest1acontainerdexamplecom"
},
"RouteTableId": {
"Ref": "AWSEC2RouteTablecontainerdexamplecom"
}
}
},
"AWSEC2Subnetustest1acontainerdexamplecom": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCcontainerdexamplecom"
},
"CidrBlock": "172.20.32.0/19",
"AvailabilityZone": "us-test-1a",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "us-test-1a.containerd.example.com"
},
{
"Key": "SubnetType",
"Value": "Public"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
},
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
}
]
}
},
"AWSEC2VPCDHCPOptionsAssociationcontainerdexamplecom": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCcontainerdexamplecom"
},
"DhcpOptionsId": {
"Ref": "AWSEC2DHCPOptionscontainerdexamplecom"
}
}
},
"AWSEC2VPCGatewayAttachmentcontainerdexamplecom": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCcontainerdexamplecom"
},
"InternetGatewayId": {
"Ref": "AWSEC2InternetGatewaycontainerdexamplecom"
}
}
},
"AWSEC2VPCcontainerdexamplecom": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "172.20.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "containerd.example.com"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2Volumeustest1aetcdeventscontainerdexamplecom": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-test-1a",
"Size": 20,
"VolumeType": "gp2",
"Encrypted": false,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "us-test-1a.etcd-events.containerd.example.com"
},
{
"Key": "k8s.io/etcd/events",
"Value": "us-test-1a/us-test-1a"
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
},
"AWSEC2Volumeustest1aetcdmaincontainerdexamplecom": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-test-1a",
"Size": 20,
"VolumeType": "gp2",
"Encrypted": false,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "containerd.example.com"
},
{
"Key": "Name",
"Value": "us-test-1a.etcd-main.containerd.example.com"
},
{
"Key": "k8s.io/etcd/main",
"Value": "us-test-1a/us-test-1a"
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kubernetes.io/cluster/containerd.example.com",
"Value": "owned"
}
]
}
},
"AWSIAMInstanceProfilemasterscontainerdexamplecom": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"InstanceProfileName": "masters.containerd.example.com",
"Roles": [
{
"Ref": "AWSIAMRolemasterscontainerdexamplecom"
}
]
}
},
"AWSIAMInstanceProfilenodescontainerdexamplecom": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"InstanceProfileName": "nodes.containerd.example.com",
"Roles": [
{
"Ref": "AWSIAMRolenodescontainerdexamplecom"
}
]
}
},
"AWSIAMPolicymasterscontainerdexamplecom": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "masters.containerd.example.com",
"Roles": [
{
"Ref": "AWSIAMRolemasterscontainerdexamplecom"
}
],
"PolicyDocument": {
"Statement": [
{
"Action": [
"ec2:DescribeAccountAttributes",
"ec2:DescribeInstances",
"ec2:DescribeInternetGateways",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:DescribeVolumesModifications",
"ec2:ModifyInstanceAttribute",
"ec2:ModifyVolume"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "containerd.example.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"ec2:DescribeLaunchTemplateVersions"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup"
],
"Condition": {
"StringEquals": {
"autoscaling:ResourceTag/KubernetesCluster": "containerd.example.com"
}
},
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"elasticloadbalancing:AddTags",
"elasticloadbalancing:AttachLoadBalancerToSubnets",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateLoadBalancerPolicy",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancerListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"ec2:DescribeVpcs",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DeregisterTargets",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"iam:ListServerCertificates",
"iam:GetServerCertificate"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"route53:GetHostedZone"
],
"Effect": "Allow",
"Resource": [
"arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO"
]
},
{
"Action": [
"route53:GetChange"
],
"Effect": "Allow",
"Resource": [
"arn:aws:route53:::change/*"
]
},
{
"Action": [
"route53:ListHostedZones"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
}
}
},
"AWSIAMPolicynodescontainerdexamplecom": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "nodes.containerd.example.com",
"Roles": [
{
"Ref": "AWSIAMRolenodescontainerdexamplecom"
}
],
"PolicyDocument": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRegions"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
],
"Version": "2012-10-17"
}
}
},
"AWSIAMRolemasterscontainerdexamplecom": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": "masters.containerd.example.com",
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
}
}
},
"AWSIAMRolenodescontainerdexamplecom": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": "nodes.containerd.example.com",
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink