aws-sdk-eks 1.47.0 → 1.48.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-eks.rb +2 -2
- data/lib/aws-sdk-eks/client.rb +282 -34
- data/lib/aws-sdk-eks/client_api.rb +148 -0
- data/lib/aws-sdk-eks/types.rb +523 -67
- metadata +2 -2
@@ -24,6 +24,8 @@ module Aws::EKS
|
|
24
24
|
AddonVersionInfo = Shapes::StructureShape.new(name: 'AddonVersionInfo')
|
25
25
|
AddonVersionInfoList = Shapes::ListShape.new(name: 'AddonVersionInfoList')
|
26
26
|
Addons = Shapes::ListShape.new(name: 'Addons')
|
27
|
+
AssociateIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'AssociateIdentityProviderConfigRequest')
|
28
|
+
AssociateIdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'AssociateIdentityProviderConfigResponse')
|
27
29
|
AutoScalingGroup = Shapes::StructureShape.new(name: 'AutoScalingGroup')
|
28
30
|
AutoScalingGroupList = Shapes::ListShape.new(name: 'AutoScalingGroupList')
|
29
31
|
BadRequestException = Shapes::StructureShape.new(name: 'BadRequestException')
|
@@ -64,10 +66,14 @@ module Aws::EKS
|
|
64
66
|
DescribeClusterResponse = Shapes::StructureShape.new(name: 'DescribeClusterResponse')
|
65
67
|
DescribeFargateProfileRequest = Shapes::StructureShape.new(name: 'DescribeFargateProfileRequest')
|
66
68
|
DescribeFargateProfileResponse = Shapes::StructureShape.new(name: 'DescribeFargateProfileResponse')
|
69
|
+
DescribeIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'DescribeIdentityProviderConfigRequest')
|
70
|
+
DescribeIdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'DescribeIdentityProviderConfigResponse')
|
67
71
|
DescribeNodegroupRequest = Shapes::StructureShape.new(name: 'DescribeNodegroupRequest')
|
68
72
|
DescribeNodegroupResponse = Shapes::StructureShape.new(name: 'DescribeNodegroupResponse')
|
69
73
|
DescribeUpdateRequest = Shapes::StructureShape.new(name: 'DescribeUpdateRequest')
|
70
74
|
DescribeUpdateResponse = Shapes::StructureShape.new(name: 'DescribeUpdateResponse')
|
75
|
+
DisassociateIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'DisassociateIdentityProviderConfigRequest')
|
76
|
+
DisassociateIdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'DisassociateIdentityProviderConfigResponse')
|
71
77
|
EncryptionConfig = Shapes::StructureShape.new(name: 'EncryptionConfig')
|
72
78
|
EncryptionConfigList = Shapes::ListShape.new(name: 'EncryptionConfigList')
|
73
79
|
ErrorCode = Shapes::StringShape.new(name: 'ErrorCode')
|
@@ -80,6 +86,9 @@ module Aws::EKS
|
|
80
86
|
FargateProfileStatus = Shapes::StringShape.new(name: 'FargateProfileStatus')
|
81
87
|
FargateProfilesRequestMaxResults = Shapes::IntegerShape.new(name: 'FargateProfilesRequestMaxResults')
|
82
88
|
Identity = Shapes::StructureShape.new(name: 'Identity')
|
89
|
+
IdentityProviderConfig = Shapes::StructureShape.new(name: 'IdentityProviderConfig')
|
90
|
+
IdentityProviderConfigResponse = Shapes::StructureShape.new(name: 'IdentityProviderConfigResponse')
|
91
|
+
IdentityProviderConfigs = Shapes::ListShape.new(name: 'IdentityProviderConfigs')
|
83
92
|
InvalidParameterException = Shapes::StructureShape.new(name: 'InvalidParameterException')
|
84
93
|
InvalidRequestException = Shapes::StructureShape.new(name: 'InvalidRequestException')
|
85
94
|
Issue = Shapes::StructureShape.new(name: 'Issue')
|
@@ -95,6 +104,9 @@ module Aws::EKS
|
|
95
104
|
ListClustersResponse = Shapes::StructureShape.new(name: 'ListClustersResponse')
|
96
105
|
ListFargateProfilesRequest = Shapes::StructureShape.new(name: 'ListFargateProfilesRequest')
|
97
106
|
ListFargateProfilesResponse = Shapes::StructureShape.new(name: 'ListFargateProfilesResponse')
|
107
|
+
ListIdentityProviderConfigsRequest = Shapes::StructureShape.new(name: 'ListIdentityProviderConfigsRequest')
|
108
|
+
ListIdentityProviderConfigsRequestMaxResults = Shapes::IntegerShape.new(name: 'ListIdentityProviderConfigsRequestMaxResults')
|
109
|
+
ListIdentityProviderConfigsResponse = Shapes::StructureShape.new(name: 'ListIdentityProviderConfigsResponse')
|
98
110
|
ListNodegroupsRequest = Shapes::StructureShape.new(name: 'ListNodegroupsRequest')
|
99
111
|
ListNodegroupsRequestMaxResults = Shapes::IntegerShape.new(name: 'ListNodegroupsRequestMaxResults')
|
100
112
|
ListNodegroupsResponse = Shapes::StructureShape.new(name: 'ListNodegroupsResponse')
|
@@ -116,6 +128,8 @@ module Aws::EKS
|
|
116
128
|
NodegroupStatus = Shapes::StringShape.new(name: 'NodegroupStatus')
|
117
129
|
NotFoundException = Shapes::StructureShape.new(name: 'NotFoundException')
|
118
130
|
OIDC = Shapes::StructureShape.new(name: 'OIDC')
|
131
|
+
OidcIdentityProviderConfig = Shapes::StructureShape.new(name: 'OidcIdentityProviderConfig')
|
132
|
+
OidcIdentityProviderConfigRequest = Shapes::StructureShape.new(name: 'OidcIdentityProviderConfigRequest')
|
119
133
|
Provider = Shapes::StructureShape.new(name: 'Provider')
|
120
134
|
RemoteAccessConfig = Shapes::StructureShape.new(name: 'RemoteAccessConfig')
|
121
135
|
ResolveConflicts = Shapes::StringShape.new(name: 'ResolveConflicts')
|
@@ -156,10 +170,14 @@ module Aws::EKS
|
|
156
170
|
UpdateType = Shapes::StringShape.new(name: 'UpdateType')
|
157
171
|
VpcConfigRequest = Shapes::StructureShape.new(name: 'VpcConfigRequest')
|
158
172
|
VpcConfigResponse = Shapes::StructureShape.new(name: 'VpcConfigResponse')
|
173
|
+
configStatus = Shapes::StringShape.new(name: 'configStatus')
|
159
174
|
labelKey = Shapes::StringShape.new(name: 'labelKey')
|
160
175
|
labelValue = Shapes::StringShape.new(name: 'labelValue')
|
161
176
|
labelsKeyList = Shapes::ListShape.new(name: 'labelsKeyList')
|
162
177
|
labelsMap = Shapes::MapShape.new(name: 'labelsMap')
|
178
|
+
requiredClaimsKey = Shapes::StringShape.new(name: 'requiredClaimsKey')
|
179
|
+
requiredClaimsMap = Shapes::MapShape.new(name: 'requiredClaimsMap')
|
180
|
+
requiredClaimsValue = Shapes::StringShape.new(name: 'requiredClaimsValue')
|
163
181
|
|
164
182
|
Addon.add_member(:addon_name, Shapes::ShapeRef.new(shape: String, location_name: "addonName"))
|
165
183
|
Addon.add_member(:cluster_name, Shapes::ShapeRef.new(shape: ClusterName, location_name: "clusterName"))
|
@@ -197,6 +215,16 @@ module Aws::EKS
|
|
197
215
|
|
198
216
|
Addons.member = Shapes::ShapeRef.new(shape: AddonInfo)
|
199
217
|
|
218
|
+
AssociateIdentityProviderConfigRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
|
219
|
+
AssociateIdentityProviderConfigRequest.add_member(:oidc, Shapes::ShapeRef.new(shape: OidcIdentityProviderConfigRequest, required: true, location_name: "oidc"))
|
220
|
+
AssociateIdentityProviderConfigRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
|
221
|
+
AssociateIdentityProviderConfigRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: String, location_name: "clientRequestToken", metadata: {"idempotencyToken"=>true}))
|
222
|
+
AssociateIdentityProviderConfigRequest.struct_class = Types::AssociateIdentityProviderConfigRequest
|
223
|
+
|
224
|
+
AssociateIdentityProviderConfigResponse.add_member(:update, Shapes::ShapeRef.new(shape: Update, location_name: "update"))
|
225
|
+
AssociateIdentityProviderConfigResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
|
226
|
+
AssociateIdentityProviderConfigResponse.struct_class = Types::AssociateIdentityProviderConfigResponse
|
227
|
+
|
200
228
|
AutoScalingGroup.add_member(:name, Shapes::ShapeRef.new(shape: String, location_name: "name"))
|
201
229
|
AutoScalingGroup.struct_class = Types::AutoScalingGroup
|
202
230
|
|
@@ -355,6 +383,13 @@ module Aws::EKS
|
|
355
383
|
DescribeFargateProfileResponse.add_member(:fargate_profile, Shapes::ShapeRef.new(shape: FargateProfile, location_name: "fargateProfile"))
|
356
384
|
DescribeFargateProfileResponse.struct_class = Types::DescribeFargateProfileResponse
|
357
385
|
|
386
|
+
DescribeIdentityProviderConfigRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
|
387
|
+
DescribeIdentityProviderConfigRequest.add_member(:identity_provider_config, Shapes::ShapeRef.new(shape: IdentityProviderConfig, required: true, location_name: "identityProviderConfig"))
|
388
|
+
DescribeIdentityProviderConfigRequest.struct_class = Types::DescribeIdentityProviderConfigRequest
|
389
|
+
|
390
|
+
DescribeIdentityProviderConfigResponse.add_member(:identity_provider_config, Shapes::ShapeRef.new(shape: IdentityProviderConfigResponse, location_name: "identityProviderConfig"))
|
391
|
+
DescribeIdentityProviderConfigResponse.struct_class = Types::DescribeIdentityProviderConfigResponse
|
392
|
+
|
358
393
|
DescribeNodegroupRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
|
359
394
|
DescribeNodegroupRequest.add_member(:nodegroup_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "nodegroupName"))
|
360
395
|
DescribeNodegroupRequest.struct_class = Types::DescribeNodegroupRequest
|
@@ -371,6 +406,14 @@ module Aws::EKS
|
|
371
406
|
DescribeUpdateResponse.add_member(:update, Shapes::ShapeRef.new(shape: Update, location_name: "update"))
|
372
407
|
DescribeUpdateResponse.struct_class = Types::DescribeUpdateResponse
|
373
408
|
|
409
|
+
DisassociateIdentityProviderConfigRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
|
410
|
+
DisassociateIdentityProviderConfigRequest.add_member(:identity_provider_config, Shapes::ShapeRef.new(shape: IdentityProviderConfig, required: true, location_name: "identityProviderConfig"))
|
411
|
+
DisassociateIdentityProviderConfigRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: String, location_name: "clientRequestToken", metadata: {"idempotencyToken"=>true}))
|
412
|
+
DisassociateIdentityProviderConfigRequest.struct_class = Types::DisassociateIdentityProviderConfigRequest
|
413
|
+
|
414
|
+
DisassociateIdentityProviderConfigResponse.add_member(:update, Shapes::ShapeRef.new(shape: Update, location_name: "update"))
|
415
|
+
DisassociateIdentityProviderConfigResponse.struct_class = Types::DisassociateIdentityProviderConfigResponse
|
416
|
+
|
374
417
|
EncryptionConfig.add_member(:resources, Shapes::ShapeRef.new(shape: StringList, location_name: "resources"))
|
375
418
|
EncryptionConfig.add_member(:provider, Shapes::ShapeRef.new(shape: Provider, location_name: "provider"))
|
376
419
|
EncryptionConfig.struct_class = Types::EncryptionConfig
|
@@ -407,6 +450,15 @@ module Aws::EKS
|
|
407
450
|
Identity.add_member(:oidc, Shapes::ShapeRef.new(shape: OIDC, location_name: "oidc"))
|
408
451
|
Identity.struct_class = Types::Identity
|
409
452
|
|
453
|
+
IdentityProviderConfig.add_member(:type, Shapes::ShapeRef.new(shape: String, required: true, location_name: "type"))
|
454
|
+
IdentityProviderConfig.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "name"))
|
455
|
+
IdentityProviderConfig.struct_class = Types::IdentityProviderConfig
|
456
|
+
|
457
|
+
IdentityProviderConfigResponse.add_member(:oidc, Shapes::ShapeRef.new(shape: OidcIdentityProviderConfig, location_name: "oidc"))
|
458
|
+
IdentityProviderConfigResponse.struct_class = Types::IdentityProviderConfigResponse
|
459
|
+
|
460
|
+
IdentityProviderConfigs.member = Shapes::ShapeRef.new(shape: IdentityProviderConfig)
|
461
|
+
|
410
462
|
InvalidParameterException.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, location_name: "clusterName"))
|
411
463
|
InvalidParameterException.add_member(:nodegroup_name, Shapes::ShapeRef.new(shape: String, location_name: "nodegroupName"))
|
412
464
|
InvalidParameterException.add_member(:fargate_profile_name, Shapes::ShapeRef.new(shape: String, location_name: "fargateProfileName"))
|
@@ -464,6 +516,15 @@ module Aws::EKS
|
|
464
516
|
ListFargateProfilesResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
|
465
517
|
ListFargateProfilesResponse.struct_class = Types::ListFargateProfilesResponse
|
466
518
|
|
519
|
+
ListIdentityProviderConfigsRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
|
520
|
+
ListIdentityProviderConfigsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: ListIdentityProviderConfigsRequestMaxResults, location: "querystring", location_name: "maxResults"))
|
521
|
+
ListIdentityProviderConfigsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "nextToken"))
|
522
|
+
ListIdentityProviderConfigsRequest.struct_class = Types::ListIdentityProviderConfigsRequest
|
523
|
+
|
524
|
+
ListIdentityProviderConfigsResponse.add_member(:identity_provider_configs, Shapes::ShapeRef.new(shape: IdentityProviderConfigs, location_name: "identityProviderConfigs"))
|
525
|
+
ListIdentityProviderConfigsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location_name: "nextToken"))
|
526
|
+
ListIdentityProviderConfigsResponse.struct_class = Types::ListIdentityProviderConfigsResponse
|
527
|
+
|
467
528
|
ListNodegroupsRequest.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, required: true, location: "uri", location_name: "name"))
|
468
529
|
ListNodegroupsRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: ListNodegroupsRequestMaxResults, location: "querystring", location_name: "maxResults"))
|
469
530
|
ListNodegroupsRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: String, location: "querystring", location_name: "nextToken"))
|
@@ -542,6 +603,30 @@ module Aws::EKS
|
|
542
603
|
OIDC.add_member(:issuer, Shapes::ShapeRef.new(shape: String, location_name: "issuer"))
|
543
604
|
OIDC.struct_class = Types::OIDC
|
544
605
|
|
606
|
+
OidcIdentityProviderConfig.add_member(:identity_provider_config_name, Shapes::ShapeRef.new(shape: String, location_name: "identityProviderConfigName"))
|
607
|
+
OidcIdentityProviderConfig.add_member(:identity_provider_config_arn, Shapes::ShapeRef.new(shape: String, location_name: "identityProviderConfigArn"))
|
608
|
+
OidcIdentityProviderConfig.add_member(:cluster_name, Shapes::ShapeRef.new(shape: String, location_name: "clusterName"))
|
609
|
+
OidcIdentityProviderConfig.add_member(:issuer_url, Shapes::ShapeRef.new(shape: String, location_name: "issuerUrl"))
|
610
|
+
OidcIdentityProviderConfig.add_member(:client_id, Shapes::ShapeRef.new(shape: String, location_name: "clientId"))
|
611
|
+
OidcIdentityProviderConfig.add_member(:username_claim, Shapes::ShapeRef.new(shape: String, location_name: "usernameClaim"))
|
612
|
+
OidcIdentityProviderConfig.add_member(:username_prefix, Shapes::ShapeRef.new(shape: String, location_name: "usernamePrefix"))
|
613
|
+
OidcIdentityProviderConfig.add_member(:groups_claim, Shapes::ShapeRef.new(shape: String, location_name: "groupsClaim"))
|
614
|
+
OidcIdentityProviderConfig.add_member(:groups_prefix, Shapes::ShapeRef.new(shape: String, location_name: "groupsPrefix"))
|
615
|
+
OidcIdentityProviderConfig.add_member(:required_claims, Shapes::ShapeRef.new(shape: requiredClaimsMap, location_name: "requiredClaims"))
|
616
|
+
OidcIdentityProviderConfig.add_member(:tags, Shapes::ShapeRef.new(shape: TagMap, location_name: "tags"))
|
617
|
+
OidcIdentityProviderConfig.add_member(:status, Shapes::ShapeRef.new(shape: configStatus, location_name: "status"))
|
618
|
+
OidcIdentityProviderConfig.struct_class = Types::OidcIdentityProviderConfig
|
619
|
+
|
620
|
+
OidcIdentityProviderConfigRequest.add_member(:identity_provider_config_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "identityProviderConfigName"))
|
621
|
+
OidcIdentityProviderConfigRequest.add_member(:issuer_url, Shapes::ShapeRef.new(shape: String, required: true, location_name: "issuerUrl"))
|
622
|
+
OidcIdentityProviderConfigRequest.add_member(:client_id, Shapes::ShapeRef.new(shape: String, required: true, location_name: "clientId"))
|
623
|
+
OidcIdentityProviderConfigRequest.add_member(:username_claim, Shapes::ShapeRef.new(shape: String, location_name: "usernameClaim"))
|
624
|
+
OidcIdentityProviderConfigRequest.add_member(:username_prefix, Shapes::ShapeRef.new(shape: String, location_name: "usernamePrefix"))
|
625
|
+
OidcIdentityProviderConfigRequest.add_member(:groups_claim, Shapes::ShapeRef.new(shape: String, location_name: "groupsClaim"))
|
626
|
+
OidcIdentityProviderConfigRequest.add_member(:groups_prefix, Shapes::ShapeRef.new(shape: String, location_name: "groupsPrefix"))
|
627
|
+
OidcIdentityProviderConfigRequest.add_member(:required_claims, Shapes::ShapeRef.new(shape: requiredClaimsMap, location_name: "requiredClaims"))
|
628
|
+
OidcIdentityProviderConfigRequest.struct_class = Types::OidcIdentityProviderConfigRequest
|
629
|
+
|
545
630
|
Provider.add_member(:key_arn, Shapes::ShapeRef.new(shape: String, location_name: "keyArn"))
|
546
631
|
Provider.struct_class = Types::Provider
|
547
632
|
|
@@ -690,6 +775,9 @@ module Aws::EKS
|
|
690
775
|
labelsMap.key = Shapes::ShapeRef.new(shape: labelKey)
|
691
776
|
labelsMap.value = Shapes::ShapeRef.new(shape: labelValue)
|
692
777
|
|
778
|
+
requiredClaimsMap.key = Shapes::ShapeRef.new(shape: requiredClaimsKey)
|
779
|
+
requiredClaimsMap.value = Shapes::ShapeRef.new(shape: requiredClaimsValue)
|
780
|
+
|
693
781
|
|
694
782
|
# @api private
|
695
783
|
API = Seahorse::Model::Api.new.tap do |api|
|
@@ -709,6 +797,20 @@ module Aws::EKS
|
|
709
797
|
"uid" => "eks-2017-11-01",
|
710
798
|
}
|
711
799
|
|
800
|
+
api.add_operation(:associate_identity_provider_config, Seahorse::Model::Operation.new.tap do |o|
|
801
|
+
o.name = "AssociateIdentityProviderConfig"
|
802
|
+
o.http_method = "POST"
|
803
|
+
o.http_request_uri = "/clusters/{name}/identity-provider-configs/associate"
|
804
|
+
o.input = Shapes::ShapeRef.new(shape: AssociateIdentityProviderConfigRequest)
|
805
|
+
o.output = Shapes::ShapeRef.new(shape: AssociateIdentityProviderConfigResponse)
|
806
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
807
|
+
o.errors << Shapes::ShapeRef.new(shape: ClientException)
|
808
|
+
o.errors << Shapes::ShapeRef.new(shape: ServerException)
|
809
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
|
810
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
811
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
812
|
+
end)
|
813
|
+
|
712
814
|
api.add_operation(:create_addon, Seahorse::Model::Operation.new.tap do |o|
|
713
815
|
o.name = "CreateAddon"
|
714
816
|
o.http_method = "POST"
|
@@ -873,6 +975,19 @@ module Aws::EKS
|
|
873
975
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
874
976
|
end)
|
875
977
|
|
978
|
+
api.add_operation(:describe_identity_provider_config, Seahorse::Model::Operation.new.tap do |o|
|
979
|
+
o.name = "DescribeIdentityProviderConfig"
|
980
|
+
o.http_method = "POST"
|
981
|
+
o.http_request_uri = "/clusters/{name}/identity-provider-configs/describe"
|
982
|
+
o.input = Shapes::ShapeRef.new(shape: DescribeIdentityProviderConfigRequest)
|
983
|
+
o.output = Shapes::ShapeRef.new(shape: DescribeIdentityProviderConfigResponse)
|
984
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
985
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
986
|
+
o.errors << Shapes::ShapeRef.new(shape: ClientException)
|
987
|
+
o.errors << Shapes::ShapeRef.new(shape: ServerException)
|
988
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
989
|
+
end)
|
990
|
+
|
876
991
|
api.add_operation(:describe_nodegroup, Seahorse::Model::Operation.new.tap do |o|
|
877
992
|
o.name = "DescribeNodegroup"
|
878
993
|
o.http_method = "GET"
|
@@ -898,6 +1013,20 @@ module Aws::EKS
|
|
898
1013
|
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
899
1014
|
end)
|
900
1015
|
|
1016
|
+
api.add_operation(:disassociate_identity_provider_config, Seahorse::Model::Operation.new.tap do |o|
|
1017
|
+
o.name = "DisassociateIdentityProviderConfig"
|
1018
|
+
o.http_method = "POST"
|
1019
|
+
o.http_request_uri = "/clusters/{name}/identity-provider-configs/disassociate"
|
1020
|
+
o.input = Shapes::ShapeRef.new(shape: DisassociateIdentityProviderConfigRequest)
|
1021
|
+
o.output = Shapes::ShapeRef.new(shape: DisassociateIdentityProviderConfigResponse)
|
1022
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
1023
|
+
o.errors << Shapes::ShapeRef.new(shape: ClientException)
|
1024
|
+
o.errors << Shapes::ShapeRef.new(shape: ServerException)
|
1025
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
|
1026
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
1027
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
|
1028
|
+
end)
|
1029
|
+
|
901
1030
|
api.add_operation(:list_addons, Seahorse::Model::Operation.new.tap do |o|
|
902
1031
|
o.name = "ListAddons"
|
903
1032
|
o.http_method = "GET"
|
@@ -953,6 +1082,25 @@ module Aws::EKS
|
|
953
1082
|
)
|
954
1083
|
end)
|
955
1084
|
|
1085
|
+
api.add_operation(:list_identity_provider_configs, Seahorse::Model::Operation.new.tap do |o|
|
1086
|
+
o.name = "ListIdentityProviderConfigs"
|
1087
|
+
o.http_method = "GET"
|
1088
|
+
o.http_request_uri = "/clusters/{name}/identity-provider-configs"
|
1089
|
+
o.input = Shapes::ShapeRef.new(shape: ListIdentityProviderConfigsRequest)
|
1090
|
+
o.output = Shapes::ShapeRef.new(shape: ListIdentityProviderConfigsResponse)
|
1091
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
|
1092
|
+
o.errors << Shapes::ShapeRef.new(shape: ClientException)
|
1093
|
+
o.errors << Shapes::ShapeRef.new(shape: ServerException)
|
1094
|
+
o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
|
1095
|
+
o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
|
1096
|
+
o[:pager] = Aws::Pager.new(
|
1097
|
+
limit_key: "max_results",
|
1098
|
+
tokens: {
|
1099
|
+
"next_token" => "next_token"
|
1100
|
+
}
|
1101
|
+
)
|
1102
|
+
end)
|
1103
|
+
|
956
1104
|
api.add_operation(:list_nodegroups, Seahorse::Model::Operation.new.tap do |o|
|
957
1105
|
o.name = "ListNodegroups"
|
958
1106
|
o.http_method = "GET"
|
data/lib/aws-sdk-eks/types.rb
CHANGED
@@ -161,6 +161,80 @@ module Aws::EKS
|
|
161
161
|
include Aws::Structure
|
162
162
|
end
|
163
163
|
|
164
|
+
# @note When making an API call, you may pass AssociateIdentityProviderConfigRequest
|
165
|
+
# data as a hash:
|
166
|
+
#
|
167
|
+
# {
|
168
|
+
# cluster_name: "String", # required
|
169
|
+
# oidc: { # required
|
170
|
+
# identity_provider_config_name: "String", # required
|
171
|
+
# issuer_url: "String", # required
|
172
|
+
# client_id: "String", # required
|
173
|
+
# username_claim: "String",
|
174
|
+
# username_prefix: "String",
|
175
|
+
# groups_claim: "String",
|
176
|
+
# groups_prefix: "String",
|
177
|
+
# required_claims: {
|
178
|
+
# "requiredClaimsKey" => "requiredClaimsValue",
|
179
|
+
# },
|
180
|
+
# },
|
181
|
+
# tags: {
|
182
|
+
# "TagKey" => "TagValue",
|
183
|
+
# },
|
184
|
+
# client_request_token: "String",
|
185
|
+
# }
|
186
|
+
#
|
187
|
+
# @!attribute [rw] cluster_name
|
188
|
+
# The name of the cluster to associate the configuration to.
|
189
|
+
# @return [String]
|
190
|
+
#
|
191
|
+
# @!attribute [rw] oidc
|
192
|
+
# An object that represents an OpenID Connect (OIDC) identity provider
|
193
|
+
# configuration.
|
194
|
+
# @return [Types::OidcIdentityProviderConfigRequest]
|
195
|
+
#
|
196
|
+
# @!attribute [rw] tags
|
197
|
+
# The metadata to apply to the configuration to assist with
|
198
|
+
# categorization and organization. Each tag consists of a key and an
|
199
|
+
# optional value, both of which you define.
|
200
|
+
# @return [Hash<String,String>]
|
201
|
+
#
|
202
|
+
# @!attribute [rw] client_request_token
|
203
|
+
# Unique, case-sensitive identifier that you provide to ensure the
|
204
|
+
# idempotency of the request.
|
205
|
+
#
|
206
|
+
# **A suitable default value is auto-generated.** You should normally
|
207
|
+
# not need to pass this option.
|
208
|
+
# @return [String]
|
209
|
+
#
|
210
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateIdentityProviderConfigRequest AWS API Documentation
|
211
|
+
#
|
212
|
+
class AssociateIdentityProviderConfigRequest < Struct.new(
|
213
|
+
:cluster_name,
|
214
|
+
:oidc,
|
215
|
+
:tags,
|
216
|
+
:client_request_token)
|
217
|
+
SENSITIVE = []
|
218
|
+
include Aws::Structure
|
219
|
+
end
|
220
|
+
|
221
|
+
# @!attribute [rw] update
|
222
|
+
# An object representing an asynchronous update.
|
223
|
+
# @return [Types::Update]
|
224
|
+
#
|
225
|
+
# @!attribute [rw] tags
|
226
|
+
# The tags for the resource.
|
227
|
+
# @return [Hash<String,String>]
|
228
|
+
#
|
229
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/AssociateIdentityProviderConfigResponse AWS API Documentation
|
230
|
+
#
|
231
|
+
class AssociateIdentityProviderConfigResponse < Struct.new(
|
232
|
+
:update,
|
233
|
+
:tags)
|
234
|
+
SENSITIVE = []
|
235
|
+
include Aws::Structure
|
236
|
+
end
|
237
|
+
|
164
238
|
# An Auto Scaling group that is associated with an Amazon EKS managed
|
165
239
|
# node group.
|
166
240
|
#
|
@@ -815,7 +889,7 @@ module Aws::EKS
|
|
815
889
|
#
|
816
890
|
#
|
817
891
|
#
|
818
|
-
# [1]: https://docs.aws.amazon.com/managed-node-groups.html#managed-node-group-capacity-types
|
892
|
+
# [1]: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types
|
819
893
|
# [2]: https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html
|
820
894
|
# @return [Array<String>]
|
821
895
|
#
|
@@ -850,17 +924,16 @@ module Aws::EKS
|
|
850
924
|
# @!attribute [rw] node_role
|
851
925
|
# The Amazon Resource Name (ARN) of the IAM role to associate with
|
852
926
|
# your node group. The Amazon EKS worker node `kubelet` daemon makes
|
853
|
-
# calls to AWS APIs on your behalf.
|
854
|
-
#
|
855
|
-
# policies. Before you can launch
|
856
|
-
#
|
857
|
-
#
|
858
|
-
#
|
859
|
-
#
|
860
|
-
#
|
861
|
-
#
|
862
|
-
#
|
863
|
-
# Amazon EKS User Guide.
|
927
|
+
# calls to AWS APIs on your behalf. Nodes receive permissions for
|
928
|
+
# these API calls through an IAM instance profile and associated
|
929
|
+
# policies. Before you can launch nodes and register them into a
|
930
|
+
# cluster, you must create an IAM role for those nodes to use when
|
931
|
+
# they are launched. For more information, see [Amazon EKS node IAM
|
932
|
+
# role][1] in the <i> <i>Amazon EKS User Guide</i> </i>. If you
|
933
|
+
# specify `launchTemplate`, then don't specify [ `IamInstanceProfile`
|
934
|
+
# ][2] in your launch template, or the node group deployment will
|
935
|
+
# fail. For more information about using launch templates with Amazon
|
936
|
+
# EKS, see [Launch template support][3] in the Amazon EKS User Guide.
|
864
937
|
#
|
865
938
|
#
|
866
939
|
#
|
@@ -1307,6 +1380,48 @@ module Aws::EKS
|
|
1307
1380
|
include Aws::Structure
|
1308
1381
|
end
|
1309
1382
|
|
1383
|
+
# @note When making an API call, you may pass DescribeIdentityProviderConfigRequest
|
1384
|
+
# data as a hash:
|
1385
|
+
#
|
1386
|
+
# {
|
1387
|
+
# cluster_name: "String", # required
|
1388
|
+
# identity_provider_config: { # required
|
1389
|
+
# type: "String", # required
|
1390
|
+
# name: "String", # required
|
1391
|
+
# },
|
1392
|
+
# }
|
1393
|
+
#
|
1394
|
+
# @!attribute [rw] cluster_name
|
1395
|
+
# The cluster name that the identity provider configuration is
|
1396
|
+
# associated to.
|
1397
|
+
# @return [String]
|
1398
|
+
#
|
1399
|
+
# @!attribute [rw] identity_provider_config
|
1400
|
+
# An object that represents an identity provider configuration.
|
1401
|
+
# @return [Types::IdentityProviderConfig]
|
1402
|
+
#
|
1403
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeIdentityProviderConfigRequest AWS API Documentation
|
1404
|
+
#
|
1405
|
+
class DescribeIdentityProviderConfigRequest < Struct.new(
|
1406
|
+
:cluster_name,
|
1407
|
+
:identity_provider_config)
|
1408
|
+
SENSITIVE = []
|
1409
|
+
include Aws::Structure
|
1410
|
+
end
|
1411
|
+
|
1412
|
+
# @!attribute [rw] identity_provider_config
|
1413
|
+
# The object that represents an OpenID Connect (OIDC) identity
|
1414
|
+
# provider configuration.
|
1415
|
+
# @return [Types::IdentityProviderConfigResponse]
|
1416
|
+
#
|
1417
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DescribeIdentityProviderConfigResponse AWS API Documentation
|
1418
|
+
#
|
1419
|
+
class DescribeIdentityProviderConfigResponse < Struct.new(
|
1420
|
+
:identity_provider_config)
|
1421
|
+
SENSITIVE = []
|
1422
|
+
include Aws::Structure
|
1423
|
+
end
|
1424
|
+
|
1310
1425
|
# @note When making an API call, you may pass DescribeNodegroupRequest
|
1311
1426
|
# data as a hash:
|
1312
1427
|
#
|
@@ -1398,6 +1513,56 @@ module Aws::EKS
|
|
1398
1513
|
include Aws::Structure
|
1399
1514
|
end
|
1400
1515
|
|
1516
|
+
# @note When making an API call, you may pass DisassociateIdentityProviderConfigRequest
|
1517
|
+
# data as a hash:
|
1518
|
+
#
|
1519
|
+
# {
|
1520
|
+
# cluster_name: "String", # required
|
1521
|
+
# identity_provider_config: { # required
|
1522
|
+
# type: "String", # required
|
1523
|
+
# name: "String", # required
|
1524
|
+
# },
|
1525
|
+
# client_request_token: "String",
|
1526
|
+
# }
|
1527
|
+
#
|
1528
|
+
# @!attribute [rw] cluster_name
|
1529
|
+
# The name of the cluster to disassociate an identity provider from.
|
1530
|
+
# @return [String]
|
1531
|
+
#
|
1532
|
+
# @!attribute [rw] identity_provider_config
|
1533
|
+
# An object that represents an identity provider configuration.
|
1534
|
+
# @return [Types::IdentityProviderConfig]
|
1535
|
+
#
|
1536
|
+
# @!attribute [rw] client_request_token
|
1537
|
+
# A unique, case-sensitive identifier that you provide to ensure the
|
1538
|
+
# idempotency of the request.
|
1539
|
+
#
|
1540
|
+
# **A suitable default value is auto-generated.** You should normally
|
1541
|
+
# not need to pass this option.
|
1542
|
+
# @return [String]
|
1543
|
+
#
|
1544
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateIdentityProviderConfigRequest AWS API Documentation
|
1545
|
+
#
|
1546
|
+
class DisassociateIdentityProviderConfigRequest < Struct.new(
|
1547
|
+
:cluster_name,
|
1548
|
+
:identity_provider_config,
|
1549
|
+
:client_request_token)
|
1550
|
+
SENSITIVE = []
|
1551
|
+
include Aws::Structure
|
1552
|
+
end
|
1553
|
+
|
1554
|
+
# @!attribute [rw] update
|
1555
|
+
# An object representing an asynchronous update.
|
1556
|
+
# @return [Types::Update]
|
1557
|
+
#
|
1558
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/DisassociateIdentityProviderConfigResponse AWS API Documentation
|
1559
|
+
#
|
1560
|
+
class DisassociateIdentityProviderConfigResponse < Struct.new(
|
1561
|
+
:update)
|
1562
|
+
SENSITIVE = []
|
1563
|
+
include Aws::Structure
|
1564
|
+
end
|
1565
|
+
|
1401
1566
|
# The encryption configuration for the cluster.
|
1402
1567
|
#
|
1403
1568
|
# @note When making an API call, you may pass EncryptionConfig
|
@@ -1574,12 +1739,11 @@ module Aws::EKS
|
|
1574
1739
|
include Aws::Structure
|
1575
1740
|
end
|
1576
1741
|
|
1577
|
-
# An object representing an identity provider
|
1578
|
-
# credentials.
|
1742
|
+
# An object representing an identity provider.
|
1579
1743
|
#
|
1580
1744
|
# @!attribute [rw] oidc
|
1581
|
-
#
|
1582
|
-
#
|
1745
|
+
# An object representing the [OpenID Connect][1] identity provider
|
1746
|
+
# information.
|
1583
1747
|
#
|
1584
1748
|
#
|
1585
1749
|
#
|
@@ -1594,6 +1758,48 @@ module Aws::EKS
|
|
1594
1758
|
include Aws::Structure
|
1595
1759
|
end
|
1596
1760
|
|
1761
|
+
# An object representing an identity provider configuration.
|
1762
|
+
#
|
1763
|
+
# @note When making an API call, you may pass IdentityProviderConfig
|
1764
|
+
# data as a hash:
|
1765
|
+
#
|
1766
|
+
# {
|
1767
|
+
# type: "String", # required
|
1768
|
+
# name: "String", # required
|
1769
|
+
# }
|
1770
|
+
#
|
1771
|
+
# @!attribute [rw] type
|
1772
|
+
# The type of the identity provider configuration.
|
1773
|
+
# @return [String]
|
1774
|
+
#
|
1775
|
+
# @!attribute [rw] name
|
1776
|
+
# The name of the identity provider configuration.
|
1777
|
+
# @return [String]
|
1778
|
+
#
|
1779
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/IdentityProviderConfig AWS API Documentation
|
1780
|
+
#
|
1781
|
+
class IdentityProviderConfig < Struct.new(
|
1782
|
+
:type,
|
1783
|
+
:name)
|
1784
|
+
SENSITIVE = []
|
1785
|
+
include Aws::Structure
|
1786
|
+
end
|
1787
|
+
|
1788
|
+
# An object that represents an identity configuration.
|
1789
|
+
#
|
1790
|
+
# @!attribute [rw] oidc
|
1791
|
+
# An object that represents an OpenID Connect (OIDC) identity provider
|
1792
|
+
# configuration.
|
1793
|
+
# @return [Types::OidcIdentityProviderConfig]
|
1794
|
+
#
|
1795
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/IdentityProviderConfigResponse AWS API Documentation
|
1796
|
+
#
|
1797
|
+
class IdentityProviderConfigResponse < Struct.new(
|
1798
|
+
:oidc)
|
1799
|
+
SENSITIVE = []
|
1800
|
+
include Aws::Structure
|
1801
|
+
end
|
1802
|
+
|
1597
1803
|
# The specified parameter is invalid. Review the available parameters
|
1598
1804
|
# for the API request.
|
1599
1805
|
#
|
@@ -1721,8 +1927,8 @@ module Aws::EKS
|
|
1721
1927
|
#
|
1722
1928
|
# * **NodeCreationFailure**\: Your launched instances are unable to
|
1723
1929
|
# register with your Amazon EKS cluster. Common causes of this
|
1724
|
-
# failure are insufficient [
|
1725
|
-
#
|
1930
|
+
# failure are insufficient [node IAM role][2] permissions or lack of
|
1931
|
+
# outbound internet access for the nodes.
|
1726
1932
|
#
|
1727
1933
|
#
|
1728
1934
|
#
|
@@ -2060,6 +2266,71 @@ module Aws::EKS
|
|
2060
2266
|
include Aws::Structure
|
2061
2267
|
end
|
2062
2268
|
|
2269
|
+
# @note When making an API call, you may pass ListIdentityProviderConfigsRequest
|
2270
|
+
# data as a hash:
|
2271
|
+
#
|
2272
|
+
# {
|
2273
|
+
# cluster_name: "String", # required
|
2274
|
+
# max_results: 1,
|
2275
|
+
# next_token: "String",
|
2276
|
+
# }
|
2277
|
+
#
|
2278
|
+
# @!attribute [rw] cluster_name
|
2279
|
+
# The cluster name that you want to list identity provider
|
2280
|
+
# configurations for.
|
2281
|
+
# @return [String]
|
2282
|
+
#
|
2283
|
+
# @!attribute [rw] max_results
|
2284
|
+
# The maximum number of identity provider configurations returned by
|
2285
|
+
# `ListIdentityProviderConfigs` in paginated output. When you use this
|
2286
|
+
# parameter, `ListIdentityProviderConfigs` returns only `maxResults`
|
2287
|
+
# results in a single page along with a `nextToken` response element.
|
2288
|
+
# You can see the remaining results of the initial request by sending
|
2289
|
+
# another `ListIdentityProviderConfigs` request with the returned
|
2290
|
+
# `nextToken` value. This value can be between 1 and 100. If you
|
2291
|
+
# don't use this parameter, `ListIdentityProviderConfigs` returns up
|
2292
|
+
# to 100 results and a `nextToken` value, if applicable.
|
2293
|
+
# @return [Integer]
|
2294
|
+
#
|
2295
|
+
# @!attribute [rw] next_token
|
2296
|
+
# The `nextToken` value returned from a previous paginated
|
2297
|
+
# `IdentityProviderConfigsRequest` where `maxResults` was used and the
|
2298
|
+
# results exceeded the value of that parameter. Pagination continues
|
2299
|
+
# from the end of the previous results that returned the `nextToken`
|
2300
|
+
# value.
|
2301
|
+
# @return [String]
|
2302
|
+
#
|
2303
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigsRequest AWS API Documentation
|
2304
|
+
#
|
2305
|
+
class ListIdentityProviderConfigsRequest < Struct.new(
|
2306
|
+
:cluster_name,
|
2307
|
+
:max_results,
|
2308
|
+
:next_token)
|
2309
|
+
SENSITIVE = []
|
2310
|
+
include Aws::Structure
|
2311
|
+
end
|
2312
|
+
|
2313
|
+
# @!attribute [rw] identity_provider_configs
|
2314
|
+
# The identity provider configurations for the cluster.
|
2315
|
+
# @return [Array<Types::IdentityProviderConfig>]
|
2316
|
+
#
|
2317
|
+
# @!attribute [rw] next_token
|
2318
|
+
# The `nextToken` value returned from a previous paginated
|
2319
|
+
# `ListIdentityProviderConfigsResponse` where `maxResults` was used
|
2320
|
+
# and the results exceeded the value of that parameter. Pagination
|
2321
|
+
# continues from the end of the previous results that returned the
|
2322
|
+
# `nextToken` value.
|
2323
|
+
# @return [String]
|
2324
|
+
#
|
2325
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/ListIdentityProviderConfigsResponse AWS API Documentation
|
2326
|
+
#
|
2327
|
+
class ListIdentityProviderConfigsResponse < Struct.new(
|
2328
|
+
:identity_provider_configs,
|
2329
|
+
:next_token)
|
2330
|
+
SENSITIVE = []
|
2331
|
+
include Aws::Structure
|
2332
|
+
end
|
2333
|
+
|
2063
2334
|
# @note When making an API call, you may pass ListNodegroupsRequest
|
2064
2335
|
# data as a hash:
|
2065
2336
|
#
|
@@ -2365,10 +2636,10 @@ module Aws::EKS
|
|
2365
2636
|
# @return [String]
|
2366
2637
|
#
|
2367
2638
|
# @!attribute [rw] node_role
|
2368
|
-
# The IAM role associated with your node group. The Amazon EKS
|
2369
|
-
#
|
2370
|
-
#
|
2371
|
-
#
|
2639
|
+
# The IAM role associated with your node group. The Amazon EKS node
|
2640
|
+
# `kubelet` daemon makes calls to AWS APIs on your behalf. Nodes
|
2641
|
+
# receive permissions for these API calls through an IAM instance
|
2642
|
+
# profile and associated policies.
|
2372
2643
|
# @return [String]
|
2373
2644
|
#
|
2374
2645
|
# @!attribute [rw] labels
|
@@ -2461,7 +2732,7 @@ module Aws::EKS
|
|
2461
2732
|
#
|
2462
2733
|
# @!attribute [rw] remote_access_security_group
|
2463
2734
|
# The remote access security group associated with the node group.
|
2464
|
-
# This security group controls SSH access to the
|
2735
|
+
# This security group controls SSH access to the nodes.
|
2465
2736
|
# @return [String]
|
2466
2737
|
#
|
2467
2738
|
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/NodegroupResources AWS API Documentation
|
@@ -2488,19 +2759,24 @@ module Aws::EKS
|
|
2488
2759
|
# }
|
2489
2760
|
#
|
2490
2761
|
# @!attribute [rw] min_size
|
2491
|
-
# The minimum number of
|
2492
|
-
#
|
2762
|
+
# The minimum number of nodes that the managed node group can scale in
|
2763
|
+
# to. This number must be greater than zero.
|
2493
2764
|
# @return [Integer]
|
2494
2765
|
#
|
2495
2766
|
# @!attribute [rw] max_size
|
2496
|
-
# The maximum number of
|
2497
|
-
#
|
2498
|
-
#
|
2767
|
+
# The maximum number of nodes that the managed node group can scale
|
2768
|
+
# out to. For information about the maximum number that you can
|
2769
|
+
# specify, see [Amazon EKS service quotas][1] in the *Amazon EKS User
|
2770
|
+
# Guide*.
|
2771
|
+
#
|
2772
|
+
#
|
2773
|
+
#
|
2774
|
+
# [1]: https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html
|
2499
2775
|
# @return [Integer]
|
2500
2776
|
#
|
2501
2777
|
# @!attribute [rw] desired_size
|
2502
|
-
# The current number of
|
2503
|
-
#
|
2778
|
+
# The current number of nodes that the managed node group should
|
2779
|
+
# maintain.
|
2504
2780
|
# @return [Integer]
|
2505
2781
|
#
|
2506
2782
|
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/NodegroupScalingConfig AWS API Documentation
|
@@ -2527,15 +2803,15 @@ module Aws::EKS
|
|
2527
2803
|
include Aws::Structure
|
2528
2804
|
end
|
2529
2805
|
|
2530
|
-
# An object representing the [OpenID Connect][1] identity
|
2531
|
-
# information for the cluster.
|
2806
|
+
# An object representing the [OpenID Connect][1] (OIDC) identity
|
2807
|
+
# provider information for the cluster.
|
2532
2808
|
#
|
2533
2809
|
#
|
2534
2810
|
#
|
2535
2811
|
# [1]: https://openid.net/connect/
|
2536
2812
|
#
|
2537
2813
|
# @!attribute [rw] issuer
|
2538
|
-
# The issuer URL for the
|
2814
|
+
# The issuer URL for the OIDC identity provider.
|
2539
2815
|
# @return [String]
|
2540
2816
|
#
|
2541
2817
|
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/OIDC AWS API Documentation
|
@@ -2546,6 +2822,187 @@ module Aws::EKS
|
|
2546
2822
|
include Aws::Structure
|
2547
2823
|
end
|
2548
2824
|
|
2825
|
+
# An object that represents the configuration for an OpenID Connect
|
2826
|
+
# (OIDC) identity provider.
|
2827
|
+
#
|
2828
|
+
# @!attribute [rw] identity_provider_config_name
|
2829
|
+
# The name of the configuration.
|
2830
|
+
# @return [String]
|
2831
|
+
#
|
2832
|
+
# @!attribute [rw] identity_provider_config_arn
|
2833
|
+
# The ARN of the configuration.
|
2834
|
+
# @return [String]
|
2835
|
+
#
|
2836
|
+
# @!attribute [rw] cluster_name
|
2837
|
+
# The cluster that the configuration is associated to.
|
2838
|
+
# @return [String]
|
2839
|
+
#
|
2840
|
+
# @!attribute [rw] issuer_url
|
2841
|
+
# The URL of the OIDC identity provider that allows the API server to
|
2842
|
+
# discover public signing keys for verifying tokens.
|
2843
|
+
# @return [String]
|
2844
|
+
#
|
2845
|
+
# @!attribute [rw] client_id
|
2846
|
+
# This is also known as *audience*. The ID of the client application
|
2847
|
+
# that makes authentication requests to the OIDC identity provider.
|
2848
|
+
# @return [String]
|
2849
|
+
#
|
2850
|
+
# @!attribute [rw] username_claim
|
2851
|
+
# The JSON Web token (JWT) claim that is used as the username.
|
2852
|
+
# @return [String]
|
2853
|
+
#
|
2854
|
+
# @!attribute [rw] username_prefix
|
2855
|
+
# The prefix that is prepended to username claims to prevent clashes
|
2856
|
+
# with existing names. The prefix can't contain `system:`
|
2857
|
+
# @return [String]
|
2858
|
+
#
|
2859
|
+
# @!attribute [rw] groups_claim
|
2860
|
+
# The JSON web token (JWT) claim that the provider uses to return your
|
2861
|
+
# groups.
|
2862
|
+
# @return [String]
|
2863
|
+
#
|
2864
|
+
# @!attribute [rw] groups_prefix
|
2865
|
+
# The prefix that is prepended to group claims to prevent clashes with
|
2866
|
+
# existing names (such as `system:` groups). For example, the value`
|
2867
|
+
# oidc:` creates group names like `oidc:engineering` and `oidc:infra`.
|
2868
|
+
# The prefix can't contain `system:`
|
2869
|
+
# @return [String]
|
2870
|
+
#
|
2871
|
+
# @!attribute [rw] required_claims
|
2872
|
+
# The key-value pairs that describe required claims in the identity
|
2873
|
+
# token. If set, each claim is verified to be present in the token
|
2874
|
+
# with a matching value.
|
2875
|
+
# @return [Hash<String,String>]
|
2876
|
+
#
|
2877
|
+
# @!attribute [rw] tags
|
2878
|
+
# The metadata to apply to the provider configuration to assist with
|
2879
|
+
# categorization and organization. Each tag consists of a key and an
|
2880
|
+
# optional value, both of which you defined.
|
2881
|
+
# @return [Hash<String,String>]
|
2882
|
+
#
|
2883
|
+
# @!attribute [rw] status
|
2884
|
+
# The status of the OIDC identity provider.
|
2885
|
+
# @return [String]
|
2886
|
+
#
|
2887
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/OidcIdentityProviderConfig AWS API Documentation
|
2888
|
+
#
|
2889
|
+
class OidcIdentityProviderConfig < Struct.new(
|
2890
|
+
:identity_provider_config_name,
|
2891
|
+
:identity_provider_config_arn,
|
2892
|
+
:cluster_name,
|
2893
|
+
:issuer_url,
|
2894
|
+
:client_id,
|
2895
|
+
:username_claim,
|
2896
|
+
:username_prefix,
|
2897
|
+
:groups_claim,
|
2898
|
+
:groups_prefix,
|
2899
|
+
:required_claims,
|
2900
|
+
:tags,
|
2901
|
+
:status)
|
2902
|
+
SENSITIVE = []
|
2903
|
+
include Aws::Structure
|
2904
|
+
end
|
2905
|
+
|
2906
|
+
# An object representing an OpenID Connect (OIDC) configuration. Before
|
2907
|
+
# associating an OIDC identity provider to your cluster, review the
|
2908
|
+
# considerations in [Authenticating users for your cluster from an
|
2909
|
+
# OpenID Connect identity provider][1] in the *Amazon EKS User Guide*.
|
2910
|
+
#
|
2911
|
+
#
|
2912
|
+
#
|
2913
|
+
# [1]: https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html
|
2914
|
+
#
|
2915
|
+
# @note When making an API call, you may pass OidcIdentityProviderConfigRequest
|
2916
|
+
# data as a hash:
|
2917
|
+
#
|
2918
|
+
# {
|
2919
|
+
# identity_provider_config_name: "String", # required
|
2920
|
+
# issuer_url: "String", # required
|
2921
|
+
# client_id: "String", # required
|
2922
|
+
# username_claim: "String",
|
2923
|
+
# username_prefix: "String",
|
2924
|
+
# groups_claim: "String",
|
2925
|
+
# groups_prefix: "String",
|
2926
|
+
# required_claims: {
|
2927
|
+
# "requiredClaimsKey" => "requiredClaimsValue",
|
2928
|
+
# },
|
2929
|
+
# }
|
2930
|
+
#
|
2931
|
+
# @!attribute [rw] identity_provider_config_name
|
2932
|
+
# The name of the OIDC provider configuration.
|
2933
|
+
# @return [String]
|
2934
|
+
#
|
2935
|
+
# @!attribute [rw] issuer_url
|
2936
|
+
# The URL of the OpenID identity provider that allows the API server
|
2937
|
+
# to discover public signing keys for verifying tokens. The URL must
|
2938
|
+
# begin with `https://` and should correspond to the `iss` claim in
|
2939
|
+
# the provider's OIDC ID tokens. Per the OIDC standard, path
|
2940
|
+
# components are allowed but query parameters are not. Typically the
|
2941
|
+
# URL consists of only a hostname, like `https://server.example.org`
|
2942
|
+
# or `https://example.com`. This URL should point to the level below
|
2943
|
+
# `.well-known/openid-configuration` and must be publicly accessible
|
2944
|
+
# over the internet.
|
2945
|
+
# @return [String]
|
2946
|
+
#
|
2947
|
+
# @!attribute [rw] client_id
|
2948
|
+
# This is also known as *audience*. The ID for the client application
|
2949
|
+
# that makes authentication requests to the OpenID identity provider.
|
2950
|
+
# @return [String]
|
2951
|
+
#
|
2952
|
+
# @!attribute [rw] username_claim
|
2953
|
+
# The JSON Web Token (JWT) claim to use as the username. The default
|
2954
|
+
# is `sub`, which is expected to be a unique identifier of the end
|
2955
|
+
# user. You can choose other claims, such as `email` or `name`,
|
2956
|
+
# depending on the OpenID identity provider. Claims other than `email`
|
2957
|
+
# are prefixed with the issuer URL to prevent naming clashes with
|
2958
|
+
# other plug-ins.
|
2959
|
+
# @return [String]
|
2960
|
+
#
|
2961
|
+
# @!attribute [rw] username_prefix
|
2962
|
+
# The prefix that is prepended to username claims to prevent clashes
|
2963
|
+
# with existing names. If you do not provide this field, and
|
2964
|
+
# `username` is a value other than `email`, the prefix defaults to
|
2965
|
+
# `issuerurl#`. You can use the value `-` to disable all prefixing.
|
2966
|
+
# @return [String]
|
2967
|
+
#
|
2968
|
+
# @!attribute [rw] groups_claim
|
2969
|
+
# The JWT claim that the provider uses to return your groups.
|
2970
|
+
# @return [String]
|
2971
|
+
#
|
2972
|
+
# @!attribute [rw] groups_prefix
|
2973
|
+
# The prefix that is prepended to group claims to prevent clashes with
|
2974
|
+
# existing names (such as `system:` groups). For example, the value`
|
2975
|
+
# oidc:` will create group names like `oidc:engineering` and
|
2976
|
+
# `oidc:infra`.
|
2977
|
+
# @return [String]
|
2978
|
+
#
|
2979
|
+
# @!attribute [rw] required_claims
|
2980
|
+
# The key value pairs that describe required claims in the identity
|
2981
|
+
# token. If set, each claim is verified to be present in the token
|
2982
|
+
# with a matching value. For the maximum number of claims that you can
|
2983
|
+
# require, see [Amazon EKS service quotas][1] in the *Amazon EKS User
|
2984
|
+
# Guide*.
|
2985
|
+
#
|
2986
|
+
#
|
2987
|
+
#
|
2988
|
+
# [1]: https://docs.aws.amazon.com/eks/latest/userguide/service-quotas.html
|
2989
|
+
# @return [Hash<String,String>]
|
2990
|
+
#
|
2991
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/eks-2017-11-01/OidcIdentityProviderConfigRequest AWS API Documentation
|
2992
|
+
#
|
2993
|
+
class OidcIdentityProviderConfigRequest < Struct.new(
|
2994
|
+
:identity_provider_config_name,
|
2995
|
+
:issuer_url,
|
2996
|
+
:client_id,
|
2997
|
+
:username_claim,
|
2998
|
+
:username_prefix,
|
2999
|
+
:groups_claim,
|
3000
|
+
:groups_prefix,
|
3001
|
+
:required_claims)
|
3002
|
+
SENSITIVE = []
|
3003
|
+
include Aws::Structure
|
3004
|
+
end
|
3005
|
+
|
2549
3006
|
# Identifies the AWS Key Management Service (AWS KMS) customer master
|
2550
3007
|
# key (CMK) used to encrypt the secrets.
|
2551
3008
|
#
|
@@ -2590,9 +3047,9 @@ module Aws::EKS
|
|
2590
3047
|
#
|
2591
3048
|
# @!attribute [rw] ec2_ssh_key
|
2592
3049
|
# The Amazon EC2 SSH key that provides access for SSH communication
|
2593
|
-
# with the
|
2594
|
-
#
|
2595
|
-
#
|
3050
|
+
# with the nodes in the managed node group. For more information, see
|
3051
|
+
# [Amazon EC2 Key Pairs][1] in the *Amazon Elastic Compute Cloud User
|
3052
|
+
# Guide for Linux Instances*.
|
2596
3053
|
#
|
2597
3054
|
#
|
2598
3055
|
#
|
@@ -2601,11 +3058,11 @@ module Aws::EKS
|
|
2601
3058
|
#
|
2602
3059
|
# @!attribute [rw] source_security_groups
|
2603
3060
|
# The security groups that are allowed SSH access (port 22) to the
|
2604
|
-
#
|
2605
|
-
#
|
2606
|
-
#
|
2607
|
-
#
|
2608
|
-
#
|
3061
|
+
# nodes. If you specify an Amazon EC2 SSH key but do not specify a
|
3062
|
+
# source security group when you create a managed node group, then
|
3063
|
+
# port 22 on the nodes is opened to the internet (0.0.0.0/0). For more
|
3064
|
+
# information, see [Security Groups for Your VPC][1] in the *Amazon
|
3065
|
+
# Virtual Private Cloud User Guide*.
|
2609
3066
|
#
|
2610
3067
|
#
|
2611
3068
|
#
|
@@ -3348,19 +3805,18 @@ module Aws::EKS
|
|
3348
3805
|
# }
|
3349
3806
|
#
|
3350
3807
|
# @!attribute [rw] subnet_ids
|
3351
|
-
# Specify subnets for your Amazon EKS
|
3808
|
+
# Specify subnets for your Amazon EKS nodes. Amazon EKS creates
|
3352
3809
|
# cross-account elastic network interfaces in these subnets to allow
|
3353
|
-
# communication between your
|
3354
|
-
# plane.
|
3810
|
+
# communication between your nodes and the Kubernetes control plane.
|
3355
3811
|
# @return [Array<String>]
|
3356
3812
|
#
|
3357
3813
|
# @!attribute [rw] security_group_ids
|
3358
3814
|
# Specify one or more security groups for the cross-account elastic
|
3359
3815
|
# network interfaces that Amazon EKS creates to use to allow
|
3360
|
-
# communication between your
|
3361
|
-
#
|
3362
|
-
#
|
3363
|
-
#
|
3816
|
+
# communication between your nodes and the Kubernetes control plane.
|
3817
|
+
# If you don't specify any security groups, then familiarize yourself
|
3818
|
+
# with the difference between Amazon EKS defaults for clusters
|
3819
|
+
# deployed with Kubernetes:
|
3364
3820
|
#
|
3365
3821
|
# * 1\.14 Amazon EKS platform version `eks.2` and earlier
|
3366
3822
|
#
|
@@ -3394,12 +3850,12 @@ module Aws::EKS
|
|
3394
3850
|
# access, Kubernetes API requests from within your cluster's VPC use
|
3395
3851
|
# the private VPC endpoint. The default value for this parameter is
|
3396
3852
|
# `false`, which disables private access for your Kubernetes API
|
3397
|
-
# server. If you disable private access and you have
|
3398
|
-
#
|
3399
|
-
#
|
3400
|
-
#
|
3401
|
-
#
|
3402
|
-
#
|
3853
|
+
# server. If you disable private access and you have nodes or AWS
|
3854
|
+
# Fargate pods in the cluster, then ensure that `publicAccessCidrs`
|
3855
|
+
# includes the necessary CIDR blocks for communication with the nodes
|
3856
|
+
# or Fargate pods. For more information, see [Amazon EKS Cluster
|
3857
|
+
# Endpoint Access Control][1] in the <i> <i>Amazon EKS User Guide</i>
|
3858
|
+
# </i>.
|
3403
3859
|
#
|
3404
3860
|
#
|
3405
3861
|
#
|
@@ -3411,8 +3867,8 @@ module Aws::EKS
|
|
3411
3867
|
# Kubernetes API server endpoint. Communication to the endpoint from
|
3412
3868
|
# addresses outside of the CIDR blocks that you specify is denied. The
|
3413
3869
|
# default value is `0.0.0.0/0`. If you've disabled private endpoint
|
3414
|
-
# access and you have
|
3415
|
-
#
|
3870
|
+
# access and you have nodes or AWS Fargate pods in the cluster, then
|
3871
|
+
# ensure that you specify the necessary CIDR blocks. For more
|
3416
3872
|
# information, see [Amazon EKS Cluster Endpoint Access Control][1] in
|
3417
3873
|
# the <i> <i>Amazon EKS User Guide</i> </i>.
|
3418
3874
|
#
|
@@ -3443,7 +3899,7 @@ module Aws::EKS
|
|
3443
3899
|
# @!attribute [rw] security_group_ids
|
3444
3900
|
# The security groups associated with the cross-account elastic
|
3445
3901
|
# network interfaces that are used to allow communication between your
|
3446
|
-
#
|
3902
|
+
# nodes and the Kubernetes control plane.
|
3447
3903
|
# @return [Array<String>]
|
3448
3904
|
#
|
3449
3905
|
# @!attribute [rw] cluster_security_group_id
|
@@ -3468,12 +3924,12 @@ module Aws::EKS
|
|
3468
3924
|
# endpoint is enabled. If the Amazon EKS private API server endpoint
|
3469
3925
|
# is enabled, Kubernetes API requests that originate from within your
|
3470
3926
|
# cluster's VPC use the private VPC endpoint instead of traversing
|
3471
|
-
# the internet. If this value is disabled and you have
|
3472
|
-
#
|
3473
|
-
#
|
3474
|
-
#
|
3475
|
-
#
|
3476
|
-
#
|
3927
|
+
# the internet. If this value is disabled and you have nodes or AWS
|
3928
|
+
# Fargate pods in the cluster, then ensure that `publicAccessCidrs`
|
3929
|
+
# includes the necessary CIDR blocks for communication with the nodes
|
3930
|
+
# or Fargate pods. For more information, see [Amazon EKS Cluster
|
3931
|
+
# Endpoint Access Control][1] in the <i> <i>Amazon EKS User Guide</i>
|
3932
|
+
# </i>.
|
3477
3933
|
#
|
3478
3934
|
#
|
3479
3935
|
#
|
@@ -3485,10 +3941,10 @@ module Aws::EKS
|
|
3485
3941
|
# Kubernetes API server endpoint. Communication to the endpoint from
|
3486
3942
|
# addresses outside of the listed CIDR blocks is denied. The default
|
3487
3943
|
# value is `0.0.0.0/0`. If you've disabled private endpoint access
|
3488
|
-
# and you have
|
3489
|
-
#
|
3490
|
-
#
|
3491
|
-
#
|
3944
|
+
# and you have nodes or AWS Fargate pods in the cluster, then ensure
|
3945
|
+
# that the necessary CIDR blocks are listed. For more information, see
|
3946
|
+
# [Amazon EKS Cluster Endpoint Access Control][1] in the <i> <i>Amazon
|
3947
|
+
# EKS User Guide</i> </i>.
|
3492
3948
|
#
|
3493
3949
|
#
|
3494
3950
|
#
|