{ "description": "AWSClusterTemplate is the Schema for the awsclustertemplates API.", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "AWSClusterTemplateSpec defines the desired state of AWSClusterTemplate.", "properties": { "template": { "properties": { "spec": { "description": "AWSClusterSpec defines the desired state of AWSCluster", "properties": { "additionalTags": { "additionalProperties": { "type": "string" }, "description": "AdditionalTags is an optional set of tags to add to AWS resources managed by the AWS provider, in addition to the ones added by default.", "type": "object" }, "bastion": { "description": "Bastion contains options to configure the bastion host.", "properties": { "allowedCIDRBlocks": { "description": "AllowedCIDRBlocks is a list of CIDR blocks allowed to access the bastion host. They are set as ingress rules for the Bastion host's Security Group (defaults to 0.0.0.0/0).", "items": { "type": "string" }, "type": "array" }, "ami": { "description": "AMI will use the specified AMI to boot the bastion. If not specified, the AMI will default to one picked out in public space.", "type": "string" }, "disableIngressRules": { "description": "DisableIngressRules will ensure there are no Ingress rules in the bastion host's security group. Requires AllowedCIDRBlocks to be empty.", "type": "boolean" }, "enabled": { "description": "Enabled allows this provider to create a bastion host instance with a public ip to access the VPC private network.", "type": "boolean" }, "instanceType": { "description": "InstanceType will use the specified instance type for the bastion. If not specified, Cluster API Provider AWS will use t3.micro for all regions except us-east-1, where t2.micro will be the default.", "type": "string" } }, "type": "object", "additionalProperties": false }, "controlPlaneEndpoint": { "description": "ControlPlaneEndpoint represents the endpoint used to communicate with the control plane.", "properties": { "host": { "description": "The hostname on which the API server is serving.", "type": "string" }, "port": { "description": "The port on which the API server is serving.", "format": "int32", "type": "integer" } }, "required": [ "host", "port" ], "type": "object", "additionalProperties": false }, "controlPlaneLoadBalancer": { "description": "ControlPlaneLoadBalancer is optional configuration for customizing control plane behavior.", "properties": { "additionalSecurityGroups": { "description": "AdditionalSecurityGroups sets the security groups used by the load balancer. Expected to be security group IDs This is optional - if not provided new security groups will be created for the load balancer", "items": { "type": "string" }, "type": "array" }, "crossZoneLoadBalancing": { "description": "CrossZoneLoadBalancing enables the classic ELB cross availability zone balancing. \n With cross-zone load balancing, each load balancer node for your Classic Load Balancer distributes requests evenly across the registered instances in all enabled Availability Zones. If cross-zone load balancing is disabled, each load balancer node distributes requests evenly across the registered instances in its Availability Zone only. \n Defaults to false.", "type": "boolean" }, "scheme": { "default": "internet-facing", "description": "Scheme sets the scheme of the load balancer (defaults to internet-facing)", "enum": [ "internet-facing", "Internet-facing", "internal" ], "type": "string" }, "subnets": { "description": "Subnets sets the subnets that should be applied to the control plane load balancer (defaults to discovered subnets for managed VPCs or an empty set for unmanaged VPCs)", "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "identityRef": { "description": "IdentityRef is a reference to a identity to be used when reconciling this cluster", "properties": { "kind": { "description": "Kind of the identity.", "enum": [ "AWSClusterControllerIdentity", "AWSClusterRoleIdentity", "AWSClusterStaticIdentity" ], "type": "string" }, "name": { "description": "Name of the identity.", "minLength": 1, "type": "string" } }, "required": [ "kind", "name" ], "type": "object", "additionalProperties": false }, "imageLookupBaseOS": { "description": "ImageLookupBaseOS is the name of the base operating system used to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupBaseOS.", "type": "string" }, "imageLookupFormat": { "description": "ImageLookupFormat is the AMI naming format to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capa-ami-{{.BaseOS}}-?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/", "type": "string" }, "imageLookupOrg": { "description": "ImageLookupOrg is the AWS Organization ID to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg.", "type": "string" }, "network": { "description": "NetworkSpec encapsulates all things related to AWS network.", "properties": { "cni": { "description": "CNI configuration", "properties": { "cniIngressRules": { "description": "CNIIngressRules specify rules to apply to control plane and worker node security groups. The source for the rule will be set to control plane and worker security group IDs.", "items": { "description": "CNIIngressRule defines an AWS ingress rule for CNI requirements.", "properties": { "description": { "type": "string" }, "fromPort": { "format": "int64", "type": "integer" }, "protocol": { "description": "SecurityGroupProtocol defines the protocol type for a security group rule.", "type": "string" }, "toPort": { "format": "int64", "type": "integer" } }, "required": [ "description", "fromPort", "protocol", "toPort" ], "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "securityGroupOverrides": { "additionalProperties": { "type": "string" }, "description": "SecurityGroupOverrides is an optional set of security groups to use for cluster instances This is optional - if not provided new security groups will be created for the cluster", "type": "object" }, "subnets": { "description": "Subnets configuration.", "items": { "description": "SubnetSpec configures an AWS Subnet.", "properties": { "availabilityZone": { "description": "AvailabilityZone defines the availability zone to use for this subnet in the cluster's region.", "type": "string" }, "cidrBlock": { "description": "CidrBlock is the CIDR block to be used when the provider creates a managed VPC.", "type": "string" }, "id": { "description": "ID defines a unique identifier to reference this resource.", "type": "string" }, "isPublic": { "description": "IsPublic defines the subnet as a public subnet. A subnet is public when it is associated with a route table that has a route to an internet gateway.", "type": "boolean" }, "natGatewayId": { "description": "NatGatewayID is the NAT gateway id associated with the subnet. Ignored unless the subnet is managed by the provider, in which case this is set on the public subnet where the NAT gateway resides. It is then used to determine routes for private subnets in the same AZ as the public subnet.", "type": "string" }, "routeTableId": { "description": "RouteTableID is the routing table id associated with the subnet.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags is a collection of tags describing the resource.", "type": "object" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "vpc": { "description": "VPC configuration.", "properties": { "availabilityZoneSelection": { "default": "Ordered", "description": "AvailabilityZoneSelection specifies how AZs should be selected if there are more AZs in a region than specified by AvailabilityZoneUsageLimit. There are 2 selection schemes: Ordered - selects based on alphabetical order Random - selects AZs randomly in a region Defaults to Ordered", "enum": [ "Ordered", "Random" ], "type": "string" }, "availabilityZoneUsageLimit": { "default": 3, "description": "AvailabilityZoneUsageLimit specifies the maximum number of availability zones (AZ) that should be used in a region when automatically creating subnets. If a region has more than this number of AZs then this number of AZs will be picked randomly when creating default subnets. Defaults to 3", "minimum": 1, "type": "integer" }, "cidrBlock": { "description": "CidrBlock is the CIDR block to be used when the provider creates a managed VPC. Defaults to 10.0.0.0/16.", "type": "string" }, "id": { "description": "ID is the vpc-id of the VPC this provider should use to create resources.", "type": "string" }, "internetGatewayId": { "description": "InternetGatewayID is the id of the internet gateway associated with the VPC.", "type": "string" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Tags is a collection of tags describing the resource.", "type": "object" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "region": { "description": "The AWS Region the cluster lives in.", "type": "string" }, "sshKeyName": { "description": "SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name)", "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object", "additionalProperties": false } }, "required": [ "template" ], "type": "object", "additionalProperties": false } }, "type": "object" }