@pulumi/eks 2.4.0 → 2.5.0-alpha.1716314787
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cluster.js +4 -2
- package/cluster.js.map +1 -1
- package/cmd/provider/schema.json +16 -1
- package/cni/README.md +1 -1
- package/cni/aws-k8s-cni.yaml +553 -527
- package/dependencies.js.map +1 -1
- package/nodegroup.d.ts +27 -1
- package/nodegroup.js +62 -1
- package/nodegroup.js.map +1 -1
- package/package.json +1 -1
- package/package.json.dev +1 -1
package/cni/aws-k8s-cni.yaml
CHANGED
|
@@ -5,572 +5,598 @@
|
|
|
5
5
|
apiVersion: apiextensions.k8s.io/v1
|
|
6
6
|
kind: CustomResourceDefinition
|
|
7
7
|
metadata:
|
|
8
|
-
|
|
8
|
+
name: eniconfigs.crd.k8s.amazonaws.com
|
|
9
9
|
spec:
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
10
|
+
scope: Cluster
|
|
11
|
+
group: crd.k8s.amazonaws.com
|
|
12
|
+
preserveUnknownFields: false
|
|
13
|
+
versions:
|
|
14
|
+
- name: v1alpha1
|
|
15
|
+
served: true
|
|
16
|
+
storage: true
|
|
17
|
+
schema:
|
|
18
|
+
openAPIV3Schema:
|
|
19
|
+
type: object
|
|
20
|
+
x-kubernetes-preserve-unknown-fields: true
|
|
21
|
+
names:
|
|
22
|
+
plural: eniconfigs
|
|
23
|
+
singular: eniconfig
|
|
24
|
+
kind: ENIConfig
|
|
25
25
|
---
|
|
26
26
|
apiVersion: apiextensions.k8s.io/v1
|
|
27
27
|
kind: CustomResourceDefinition
|
|
28
28
|
metadata:
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
29
|
+
annotations:
|
|
30
|
+
controller-gen.kubebuilder.io/version: v0.11.3
|
|
31
|
+
creationTimestamp: null
|
|
32
|
+
labels:
|
|
33
|
+
app.kubernetes.io/name: amazon-network-policy-controller-k8s
|
|
34
|
+
name: policyendpoints.networking.k8s.aws
|
|
35
35
|
spec:
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
properties:
|
|
49
|
-
apiVersion:
|
|
50
|
-
description: 'APIVersion defines the versioned schema of this representation
|
|
51
|
-
of an object. Servers should convert recognized schemas to the latest
|
|
52
|
-
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
53
|
-
type: string
|
|
54
|
-
kind:
|
|
55
|
-
description: 'Kind is a string value representing the REST resource this
|
|
56
|
-
object represents. Servers may infer this from the endpoint the client
|
|
57
|
-
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
58
|
-
type: string
|
|
59
|
-
metadata:
|
|
60
|
-
type: object
|
|
61
|
-
spec:
|
|
62
|
-
description: PolicyEndpointSpec defines the desired state of PolicyEndpoint
|
|
63
|
-
properties:
|
|
64
|
-
egress:
|
|
65
|
-
description: Egress is the list of egress rules containing resolved
|
|
66
|
-
network addresses
|
|
67
|
-
items:
|
|
68
|
-
description: EndpointInfo defines the network endpoint information
|
|
69
|
-
for the policy ingress/egress
|
|
70
|
-
properties:
|
|
71
|
-
cidr:
|
|
72
|
-
description: CIDR is the network address(s) of the endpoint
|
|
73
|
-
type: string
|
|
74
|
-
except:
|
|
75
|
-
description: Except is the exceptions to the CIDR ranges mentioned
|
|
76
|
-
above.
|
|
77
|
-
items:
|
|
78
|
-
type: string
|
|
79
|
-
type: array
|
|
80
|
-
ports:
|
|
81
|
-
description: Ports is the list of ports
|
|
82
|
-
items:
|
|
83
|
-
description: Port contains information about the transport
|
|
84
|
-
port/protocol
|
|
85
|
-
properties:
|
|
86
|
-
endPort:
|
|
87
|
-
description: Endport specifies the port range port to
|
|
88
|
-
endPort port must be defined and an integer, endPort
|
|
89
|
-
> port
|
|
90
|
-
format: int32
|
|
91
|
-
type: integer
|
|
92
|
-
port:
|
|
93
|
-
description: Port specifies the numerical port for the
|
|
94
|
-
protocol. If empty applies to all ports
|
|
95
|
-
format: int32
|
|
96
|
-
type: integer
|
|
97
|
-
protocol:
|
|
98
|
-
default: TCP
|
|
99
|
-
description: Protocol specifies the transport protocol,
|
|
100
|
-
default TCP
|
|
101
|
-
type: string
|
|
102
|
-
type: object
|
|
103
|
-
type: array
|
|
104
|
-
required:
|
|
105
|
-
- cidr
|
|
106
|
-
type: object
|
|
107
|
-
type: array
|
|
108
|
-
ingress:
|
|
109
|
-
description: Ingress is the list of ingress rules containing resolved
|
|
110
|
-
network addresses
|
|
111
|
-
items:
|
|
112
|
-
description: EndpointInfo defines the network endpoint information
|
|
113
|
-
for the policy ingress/egress
|
|
36
|
+
group: networking.k8s.aws
|
|
37
|
+
names:
|
|
38
|
+
kind: PolicyEndpoint
|
|
39
|
+
listKind: PolicyEndpointList
|
|
40
|
+
plural: policyendpoints
|
|
41
|
+
singular: policyendpoint
|
|
42
|
+
scope: Namespaced
|
|
43
|
+
versions:
|
|
44
|
+
- name: v1alpha1
|
|
45
|
+
schema:
|
|
46
|
+
openAPIV3Schema:
|
|
47
|
+
description: PolicyEndpoint is the Schema for the policyendpoints API
|
|
114
48
|
properties:
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
above.
|
|
121
|
-
items:
|
|
122
|
-
type: string
|
|
123
|
-
type: array
|
|
124
|
-
ports:
|
|
125
|
-
description: Ports is the list of ports
|
|
126
|
-
items:
|
|
127
|
-
description: Port contains information about the transport
|
|
128
|
-
port/protocol
|
|
129
|
-
properties:
|
|
130
|
-
endPort:
|
|
131
|
-
description: Endport specifies the port range port to
|
|
132
|
-
endPort port must be defined and an integer, endPort
|
|
133
|
-
> port
|
|
134
|
-
format: int32
|
|
135
|
-
type: integer
|
|
136
|
-
port:
|
|
137
|
-
description: Port specifies the numerical port for the
|
|
138
|
-
protocol. If empty applies to all ports
|
|
139
|
-
format: int32
|
|
140
|
-
type: integer
|
|
141
|
-
protocol:
|
|
142
|
-
default: TCP
|
|
143
|
-
description: Protocol specifies the transport protocol,
|
|
144
|
-
default TCP
|
|
145
|
-
type: string
|
|
146
|
-
type: object
|
|
147
|
-
type: array
|
|
148
|
-
required:
|
|
149
|
-
- cidr
|
|
150
|
-
type: object
|
|
151
|
-
type: array
|
|
152
|
-
podIsolation:
|
|
153
|
-
description: PodIsolation specifies whether the pod needs to be isolated
|
|
154
|
-
for a particular traffic direction Ingress or Egress, or both. If
|
|
155
|
-
default isolation is not specified, and there are no ingress/egress
|
|
156
|
-
rules, then the pod is not isolated from the point of view of this
|
|
157
|
-
policy. This follows the NetworkPolicy spec.PolicyTypes.
|
|
158
|
-
items:
|
|
159
|
-
description: PolicyType string describes the NetworkPolicy type
|
|
160
|
-
This type is beta-level in 1.8
|
|
161
|
-
type: string
|
|
162
|
-
type: array
|
|
163
|
-
podSelector:
|
|
164
|
-
description: PodSelector is the podSelector from the policy resource
|
|
165
|
-
properties:
|
|
166
|
-
matchExpressions:
|
|
167
|
-
description: matchExpressions is a list of label selector requirements.
|
|
168
|
-
The requirements are ANDed.
|
|
169
|
-
items:
|
|
170
|
-
description: A label selector requirement is a selector that
|
|
171
|
-
contains values, a key, and an operator that relates the key
|
|
172
|
-
and values.
|
|
173
|
-
properties:
|
|
174
|
-
key:
|
|
175
|
-
description: key is the label key that the selector applies
|
|
176
|
-
to.
|
|
49
|
+
apiVersion:
|
|
50
|
+
description:
|
|
51
|
+
"APIVersion defines the versioned schema of this representation
|
|
52
|
+
of an object. Servers should convert recognized schemas to the latest
|
|
53
|
+
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
|
|
177
54
|
type: string
|
|
178
|
-
|
|
179
|
-
description:
|
|
180
|
-
|
|
181
|
-
|
|
55
|
+
kind:
|
|
56
|
+
description: "Kind is a string value representing the REST resource this
|
|
57
|
+
object represents. Servers may infer this from the endpoint the client
|
|
58
|
+
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
|
|
182
59
|
type: string
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
194
|
-
|
|
195
|
-
|
|
196
|
-
|
|
197
|
-
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
224
|
-
|
|
225
|
-
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
231
|
-
|
|
232
|
-
|
|
60
|
+
metadata:
|
|
61
|
+
type: object
|
|
62
|
+
spec:
|
|
63
|
+
description: PolicyEndpointSpec defines the desired state of PolicyEndpoint
|
|
64
|
+
properties:
|
|
65
|
+
egress:
|
|
66
|
+
description:
|
|
67
|
+
Egress is the list of egress rules containing resolved
|
|
68
|
+
network addresses
|
|
69
|
+
items:
|
|
70
|
+
description:
|
|
71
|
+
EndpointInfo defines the network endpoint information
|
|
72
|
+
for the policy ingress/egress
|
|
73
|
+
properties:
|
|
74
|
+
cidr:
|
|
75
|
+
description: CIDR is the network address(s) of the endpoint
|
|
76
|
+
type: string
|
|
77
|
+
except:
|
|
78
|
+
description:
|
|
79
|
+
Except is the exceptions to the CIDR ranges mentioned
|
|
80
|
+
above.
|
|
81
|
+
items:
|
|
82
|
+
type: string
|
|
83
|
+
type: array
|
|
84
|
+
ports:
|
|
85
|
+
description: Ports is the list of ports
|
|
86
|
+
items:
|
|
87
|
+
description:
|
|
88
|
+
Port contains information about the transport
|
|
89
|
+
port/protocol
|
|
90
|
+
properties:
|
|
91
|
+
endPort:
|
|
92
|
+
description:
|
|
93
|
+
Endport specifies the port range port to
|
|
94
|
+
endPort port must be defined and an integer, endPort
|
|
95
|
+
> port
|
|
96
|
+
format: int32
|
|
97
|
+
type: integer
|
|
98
|
+
port:
|
|
99
|
+
description:
|
|
100
|
+
Port specifies the numerical port for the
|
|
101
|
+
protocol. If empty applies to all ports
|
|
102
|
+
format: int32
|
|
103
|
+
type: integer
|
|
104
|
+
protocol:
|
|
105
|
+
default: TCP
|
|
106
|
+
description:
|
|
107
|
+
Protocol specifies the transport protocol,
|
|
108
|
+
default TCP
|
|
109
|
+
type: string
|
|
110
|
+
type: object
|
|
111
|
+
type: array
|
|
112
|
+
required:
|
|
113
|
+
- cidr
|
|
114
|
+
type: object
|
|
115
|
+
type: array
|
|
116
|
+
ingress:
|
|
117
|
+
description:
|
|
118
|
+
Ingress is the list of ingress rules containing resolved
|
|
119
|
+
network addresses
|
|
120
|
+
items:
|
|
121
|
+
description:
|
|
122
|
+
EndpointInfo defines the network endpoint information
|
|
123
|
+
for the policy ingress/egress
|
|
124
|
+
properties:
|
|
125
|
+
cidr:
|
|
126
|
+
description: CIDR is the network address(s) of the endpoint
|
|
127
|
+
type: string
|
|
128
|
+
except:
|
|
129
|
+
description:
|
|
130
|
+
Except is the exceptions to the CIDR ranges mentioned
|
|
131
|
+
above.
|
|
132
|
+
items:
|
|
133
|
+
type: string
|
|
134
|
+
type: array
|
|
135
|
+
ports:
|
|
136
|
+
description: Ports is the list of ports
|
|
137
|
+
items:
|
|
138
|
+
description:
|
|
139
|
+
Port contains information about the transport
|
|
140
|
+
port/protocol
|
|
141
|
+
properties:
|
|
142
|
+
endPort:
|
|
143
|
+
description:
|
|
144
|
+
Endport specifies the port range port to
|
|
145
|
+
endPort port must be defined and an integer, endPort
|
|
146
|
+
> port
|
|
147
|
+
format: int32
|
|
148
|
+
type: integer
|
|
149
|
+
port:
|
|
150
|
+
description:
|
|
151
|
+
Port specifies the numerical port for the
|
|
152
|
+
protocol. If empty applies to all ports
|
|
153
|
+
format: int32
|
|
154
|
+
type: integer
|
|
155
|
+
protocol:
|
|
156
|
+
default: TCP
|
|
157
|
+
description:
|
|
158
|
+
Protocol specifies the transport protocol,
|
|
159
|
+
default TCP
|
|
160
|
+
type: string
|
|
161
|
+
type: object
|
|
162
|
+
type: array
|
|
163
|
+
required:
|
|
164
|
+
- cidr
|
|
165
|
+
type: object
|
|
166
|
+
type: array
|
|
167
|
+
podIsolation:
|
|
168
|
+
description:
|
|
169
|
+
PodIsolation specifies whether the pod needs to be isolated
|
|
170
|
+
for a particular traffic direction Ingress or Egress, or both. If
|
|
171
|
+
default isolation is not specified, and there are no ingress/egress
|
|
172
|
+
rules, then the pod is not isolated from the point of view of this
|
|
173
|
+
policy. This follows the NetworkPolicy spec.PolicyTypes.
|
|
174
|
+
items:
|
|
175
|
+
description:
|
|
176
|
+
PolicyType string describes the NetworkPolicy type
|
|
177
|
+
This type is beta-level in 1.8
|
|
178
|
+
type: string
|
|
179
|
+
type: array
|
|
180
|
+
podSelector:
|
|
181
|
+
description: PodSelector is the podSelector from the policy resource
|
|
182
|
+
properties:
|
|
183
|
+
matchExpressions:
|
|
184
|
+
description:
|
|
185
|
+
matchExpressions is a list of label selector requirements.
|
|
186
|
+
The requirements are ANDed.
|
|
187
|
+
items:
|
|
188
|
+
description:
|
|
189
|
+
A label selector requirement is a selector that
|
|
190
|
+
contains values, a key, and an operator that relates the key
|
|
191
|
+
and values.
|
|
192
|
+
properties:
|
|
193
|
+
key:
|
|
194
|
+
description:
|
|
195
|
+
key is the label key that the selector applies
|
|
196
|
+
to.
|
|
197
|
+
type: string
|
|
198
|
+
operator:
|
|
199
|
+
description:
|
|
200
|
+
operator represents a key's relationship to
|
|
201
|
+
a set of values. Valid operators are In, NotIn, Exists
|
|
202
|
+
and DoesNotExist.
|
|
203
|
+
type: string
|
|
204
|
+
values:
|
|
205
|
+
description:
|
|
206
|
+
values is an array of string values. If the
|
|
207
|
+
operator is In or NotIn, the values array must be non-empty.
|
|
208
|
+
If the operator is Exists or DoesNotExist, the values
|
|
209
|
+
array must be empty. This array is replaced during a strategic
|
|
210
|
+
merge patch.
|
|
211
|
+
items:
|
|
212
|
+
type: string
|
|
213
|
+
type: array
|
|
214
|
+
required:
|
|
215
|
+
- key
|
|
216
|
+
- operator
|
|
217
|
+
type: object
|
|
218
|
+
type: array
|
|
219
|
+
matchLabels:
|
|
220
|
+
additionalProperties:
|
|
221
|
+
type: string
|
|
222
|
+
description:
|
|
223
|
+
matchLabels is a map of {key,value} pairs. A single
|
|
224
|
+
{key,value} in the matchLabels map is equivalent to an element
|
|
225
|
+
of matchExpressions, whose key field is "key", the operator
|
|
226
|
+
is "In", and the values array contains only "value". The requirements
|
|
227
|
+
are ANDed.
|
|
228
|
+
type: object
|
|
229
|
+
type: object
|
|
230
|
+
x-kubernetes-map-type: atomic
|
|
231
|
+
podSelectorEndpoints:
|
|
232
|
+
description:
|
|
233
|
+
PodSelectorEndpoints contains information about the pods
|
|
234
|
+
matching the podSelector
|
|
235
|
+
items:
|
|
236
|
+
description:
|
|
237
|
+
PodEndpoint defines the summary information for the
|
|
238
|
+
pods
|
|
239
|
+
properties:
|
|
240
|
+
hostIP:
|
|
241
|
+
description:
|
|
242
|
+
HostIP is the IP address of the host the pod is
|
|
243
|
+
currently running on
|
|
244
|
+
type: string
|
|
245
|
+
name:
|
|
246
|
+
description: Name is the pod name
|
|
247
|
+
type: string
|
|
248
|
+
namespace:
|
|
249
|
+
description: Namespace is the pod namespace
|
|
250
|
+
type: string
|
|
251
|
+
podIP:
|
|
252
|
+
description: PodIP is the IP address of the pod
|
|
253
|
+
type: string
|
|
254
|
+
required:
|
|
255
|
+
- hostIP
|
|
256
|
+
- name
|
|
257
|
+
- namespace
|
|
258
|
+
- podIP
|
|
259
|
+
type: object
|
|
260
|
+
type: array
|
|
261
|
+
policyRef:
|
|
262
|
+
description:
|
|
263
|
+
PolicyRef is a reference to the Kubernetes NetworkPolicy
|
|
264
|
+
resource.
|
|
265
|
+
properties:
|
|
266
|
+
name:
|
|
267
|
+
description: Name is the name of the Policy
|
|
268
|
+
type: string
|
|
269
|
+
namespace:
|
|
270
|
+
description: Namespace is the namespace of the Policy
|
|
271
|
+
type: string
|
|
272
|
+
required:
|
|
273
|
+
- name
|
|
274
|
+
- namespace
|
|
275
|
+
type: object
|
|
276
|
+
required:
|
|
277
|
+
- policyRef
|
|
278
|
+
type: object
|
|
279
|
+
status:
|
|
280
|
+
description: PolicyEndpointStatus defines the observed state of PolicyEndpoint
|
|
281
|
+
type: object
|
|
233
282
|
type: object
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
properties:
|
|
239
|
-
name:
|
|
240
|
-
description: Name is the name of the Policy
|
|
241
|
-
type: string
|
|
242
|
-
namespace:
|
|
243
|
-
description: Namespace is the namespace of the Policy
|
|
244
|
-
type: string
|
|
245
|
-
required:
|
|
246
|
-
- name
|
|
247
|
-
- namespace
|
|
248
|
-
type: object
|
|
249
|
-
required:
|
|
250
|
-
- policyRef
|
|
251
|
-
type: object
|
|
252
|
-
status:
|
|
253
|
-
description: PolicyEndpointStatus defines the observed state of PolicyEndpoint
|
|
254
|
-
type: object
|
|
255
|
-
type: object
|
|
256
|
-
served: true
|
|
257
|
-
storage: true
|
|
258
|
-
subresources:
|
|
259
|
-
status: {}
|
|
283
|
+
served: true
|
|
284
|
+
storage: true
|
|
285
|
+
subresources:
|
|
286
|
+
status: {}
|
|
260
287
|
---
|
|
261
288
|
# Source: aws-vpc-cni/templates/serviceaccount.yaml
|
|
262
289
|
apiVersion: v1
|
|
263
290
|
kind: ServiceAccount
|
|
264
291
|
metadata:
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
292
|
+
name: aws-node
|
|
293
|
+
namespace: kube-system
|
|
294
|
+
labels:
|
|
295
|
+
app.kubernetes.io/name: aws-node
|
|
296
|
+
app.kubernetes.io/instance: aws-vpc-cni
|
|
297
|
+
k8s-app: aws-node
|
|
298
|
+
app.kubernetes.io/version: "v1.16.0"
|
|
272
299
|
---
|
|
273
300
|
# Source: aws-vpc-cni/templates/configmap.yaml
|
|
274
301
|
apiVersion: v1
|
|
275
302
|
kind: ConfigMap
|
|
276
303
|
metadata:
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
304
|
+
name: amazon-vpc-cni
|
|
305
|
+
namespace: kube-system
|
|
306
|
+
labels:
|
|
307
|
+
app.kubernetes.io/name: aws-node
|
|
308
|
+
app.kubernetes.io/instance: aws-vpc-cni
|
|
309
|
+
k8s-app: aws-node
|
|
310
|
+
app.kubernetes.io/version: "v1.16.0"
|
|
284
311
|
data:
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
|
|
312
|
+
enable-windows-ipam: "false"
|
|
313
|
+
enable-network-policy-controller: "false"
|
|
314
|
+
enable-windows-prefix-delegation: "false"
|
|
315
|
+
warm-prefix-target: "0"
|
|
316
|
+
warm-ip-target: "1"
|
|
317
|
+
minimum-ip-target: "3"
|
|
318
|
+
branch-eni-cooldown: "60"
|
|
292
319
|
---
|
|
293
320
|
# Source: aws-vpc-cni/templates/clusterrole.yaml
|
|
294
321
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
295
322
|
kind: ClusterRole
|
|
296
323
|
metadata:
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
324
|
+
name: aws-node
|
|
325
|
+
labels:
|
|
326
|
+
app.kubernetes.io/name: aws-node
|
|
327
|
+
app.kubernetes.io/instance: aws-vpc-cni
|
|
328
|
+
k8s-app: aws-node
|
|
329
|
+
app.kubernetes.io/version: "v1.16.0"
|
|
303
330
|
rules:
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
|
|
335
|
-
|
|
336
|
-
|
|
337
|
-
|
|
331
|
+
- apiGroups:
|
|
332
|
+
- crd.k8s.amazonaws.com
|
|
333
|
+
resources:
|
|
334
|
+
- eniconfigs
|
|
335
|
+
verbs: ["list", "watch", "get"]
|
|
336
|
+
- apiGroups: [""]
|
|
337
|
+
resources:
|
|
338
|
+
- namespaces
|
|
339
|
+
verbs: ["list", "watch", "get"]
|
|
340
|
+
- apiGroups: [""]
|
|
341
|
+
resources:
|
|
342
|
+
- pods
|
|
343
|
+
verbs: ["list", "watch", "get"]
|
|
344
|
+
- apiGroups: [""]
|
|
345
|
+
resources:
|
|
346
|
+
- nodes
|
|
347
|
+
verbs: ["list", "watch", "get"]
|
|
348
|
+
- apiGroups: ["", "events.k8s.io"]
|
|
349
|
+
resources:
|
|
350
|
+
- events
|
|
351
|
+
verbs: ["create", "patch", "list"]
|
|
352
|
+
- apiGroups: ["networking.k8s.aws"]
|
|
353
|
+
resources:
|
|
354
|
+
- policyendpoints
|
|
355
|
+
verbs: ["get", "list", "watch"]
|
|
356
|
+
- apiGroups: ["networking.k8s.aws"]
|
|
357
|
+
resources:
|
|
358
|
+
- policyendpoints/status
|
|
359
|
+
verbs: ["get"]
|
|
360
|
+
- apiGroups:
|
|
361
|
+
- vpcresources.k8s.aws
|
|
362
|
+
resources:
|
|
363
|
+
- cninodes
|
|
364
|
+
verbs: ["get", "list", "watch", "patch"]
|
|
338
365
|
---
|
|
339
366
|
# Source: aws-vpc-cni/templates/clusterrolebinding.yaml
|
|
340
367
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
341
368
|
kind: ClusterRoleBinding
|
|
342
369
|
metadata:
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
370
|
+
name: aws-node
|
|
371
|
+
labels:
|
|
372
|
+
app.kubernetes.io/name: aws-node
|
|
373
|
+
app.kubernetes.io/instance: aws-vpc-cni
|
|
374
|
+
k8s-app: aws-node
|
|
375
|
+
app.kubernetes.io/version: "v1.16.0"
|
|
349
376
|
roleRef:
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
name: aws-node
|
|
353
|
-
subjects:
|
|
354
|
-
- kind: ServiceAccount
|
|
377
|
+
apiGroup: rbac.authorization.k8s.io
|
|
378
|
+
kind: ClusterRole
|
|
355
379
|
name: aws-node
|
|
356
|
-
|
|
380
|
+
subjects:
|
|
381
|
+
- kind: ServiceAccount
|
|
382
|
+
name: aws-node
|
|
383
|
+
namespace: kube-system
|
|
357
384
|
---
|
|
358
385
|
# Source: aws-vpc-cni/templates/daemonset.yaml
|
|
359
386
|
kind: DaemonSet
|
|
360
387
|
apiVersion: apps/v1
|
|
361
388
|
metadata:
|
|
362
|
-
|
|
363
|
-
|
|
364
|
-
|
|
365
|
-
app.kubernetes.io/name: aws-node
|
|
366
|
-
app.kubernetes.io/instance: aws-vpc-cni
|
|
367
|
-
k8s-app: aws-node
|
|
368
|
-
app.kubernetes.io/version: "v1.16.0"
|
|
369
|
-
spec:
|
|
370
|
-
updateStrategy:
|
|
371
|
-
rollingUpdate:
|
|
372
|
-
maxUnavailable: 10%
|
|
373
|
-
type: RollingUpdate
|
|
374
|
-
selector:
|
|
375
|
-
matchLabels:
|
|
376
|
-
k8s-app: aws-node
|
|
377
|
-
template:
|
|
378
|
-
metadata:
|
|
379
|
-
labels:
|
|
389
|
+
name: aws-node
|
|
390
|
+
namespace: kube-system
|
|
391
|
+
labels:
|
|
380
392
|
app.kubernetes.io/name: aws-node
|
|
381
393
|
app.kubernetes.io/instance: aws-vpc-cni
|
|
382
394
|
k8s-app: aws-node
|
|
383
|
-
|
|
384
|
-
|
|
385
|
-
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
|
|
389
|
-
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
400
|
-
|
|
401
|
-
|
|
402
|
-
|
|
403
|
-
|
|
404
|
-
|
|
405
|
-
|
|
406
|
-
|
|
407
|
-
|
|
408
|
-
|
|
409
|
-
|
|
410
|
-
|
|
411
|
-
|
|
412
|
-
|
|
413
|
-
|
|
414
|
-
|
|
415
|
-
|
|
416
|
-
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
|
|
426
|
-
|
|
427
|
-
|
|
428
|
-
|
|
429
|
-
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
436
|
-
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
461
|
-
|
|
462
|
-
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
|
|
471
|
-
|
|
472
|
-
|
|
473
|
-
|
|
474
|
-
|
|
475
|
-
|
|
476
|
-
|
|
477
|
-
|
|
478
|
-
|
|
479
|
-
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
|
|
483
|
-
|
|
484
|
-
|
|
485
|
-
|
|
486
|
-
|
|
487
|
-
|
|
488
|
-
|
|
489
|
-
|
|
490
|
-
|
|
491
|
-
|
|
492
|
-
|
|
493
|
-
|
|
494
|
-
|
|
495
|
-
|
|
496
|
-
|
|
497
|
-
|
|
498
|
-
|
|
499
|
-
|
|
500
|
-
|
|
501
|
-
|
|
502
|
-
|
|
503
|
-
|
|
504
|
-
|
|
505
|
-
|
|
506
|
-
|
|
507
|
-
|
|
508
|
-
|
|
509
|
-
|
|
510
|
-
|
|
511
|
-
|
|
512
|
-
|
|
513
|
-
|
|
514
|
-
|
|
515
|
-
|
|
516
|
-
|
|
517
|
-
|
|
518
|
-
|
|
519
|
-
|
|
520
|
-
|
|
521
|
-
|
|
522
|
-
|
|
523
|
-
|
|
524
|
-
|
|
525
|
-
|
|
526
|
-
|
|
527
|
-
|
|
528
|
-
|
|
529
|
-
|
|
530
|
-
|
|
531
|
-
|
|
532
|
-
|
|
533
|
-
|
|
534
|
-
|
|
535
|
-
|
|
536
|
-
|
|
537
|
-
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
|
|
543
|
-
|
|
544
|
-
|
|
545
|
-
|
|
546
|
-
|
|
547
|
-
|
|
548
|
-
|
|
549
|
-
|
|
550
|
-
|
|
551
|
-
|
|
552
|
-
|
|
553
|
-
|
|
554
|
-
|
|
555
|
-
|
|
556
|
-
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
563
|
-
|
|
564
|
-
|
|
565
|
-
|
|
566
|
-
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
574
|
-
|
|
575
|
-
|
|
576
|
-
|
|
395
|
+
app.kubernetes.io/version: "v1.16.0"
|
|
396
|
+
spec:
|
|
397
|
+
updateStrategy:
|
|
398
|
+
rollingUpdate:
|
|
399
|
+
maxUnavailable: 10%
|
|
400
|
+
type: RollingUpdate
|
|
401
|
+
selector:
|
|
402
|
+
matchLabels:
|
|
403
|
+
k8s-app: aws-node
|
|
404
|
+
template:
|
|
405
|
+
metadata:
|
|
406
|
+
labels:
|
|
407
|
+
app.kubernetes.io/name: aws-node
|
|
408
|
+
app.kubernetes.io/instance: aws-vpc-cni
|
|
409
|
+
k8s-app: aws-node
|
|
410
|
+
spec:
|
|
411
|
+
priorityClassName: "system-node-critical"
|
|
412
|
+
serviceAccountName: aws-node
|
|
413
|
+
hostNetwork: true
|
|
414
|
+
initContainers:
|
|
415
|
+
- name: aws-vpc-cni-init
|
|
416
|
+
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.16.0
|
|
417
|
+
env: []
|
|
418
|
+
# env:
|
|
419
|
+
# - name: DISABLE_TCP_EARLY_DEMUX
|
|
420
|
+
# value: "false"
|
|
421
|
+
# - name: ENABLE_IPv6
|
|
422
|
+
# value: "false"
|
|
423
|
+
securityContext:
|
|
424
|
+
privileged: true
|
|
425
|
+
resources:
|
|
426
|
+
requests:
|
|
427
|
+
cpu: 25m
|
|
428
|
+
volumeMounts:
|
|
429
|
+
- mountPath: /host/opt/cni/bin
|
|
430
|
+
name: cni-bin-dir
|
|
431
|
+
terminationGracePeriodSeconds: 10
|
|
432
|
+
tolerations:
|
|
433
|
+
- operator: Exists
|
|
434
|
+
securityContext: {}
|
|
435
|
+
containers:
|
|
436
|
+
- name: aws-node
|
|
437
|
+
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.16.0
|
|
438
|
+
ports:
|
|
439
|
+
- containerPort: 61678
|
|
440
|
+
name: metrics
|
|
441
|
+
livenessProbe:
|
|
442
|
+
exec:
|
|
443
|
+
command:
|
|
444
|
+
- /app/grpc-health-probe
|
|
445
|
+
- -addr=:50051
|
|
446
|
+
- -connect-timeout=5s
|
|
447
|
+
- -rpc-timeout=5s
|
|
448
|
+
initialDelaySeconds: 60
|
|
449
|
+
timeoutSeconds: 10
|
|
450
|
+
readinessProbe:
|
|
451
|
+
exec:
|
|
452
|
+
command:
|
|
453
|
+
- /app/grpc-health-probe
|
|
454
|
+
- -addr=:50051
|
|
455
|
+
- -connect-timeout=5s
|
|
456
|
+
- -rpc-timeout=5s
|
|
457
|
+
initialDelaySeconds: 1
|
|
458
|
+
timeoutSeconds: 10
|
|
459
|
+
env:
|
|
460
|
+
- name: ADDITIONAL_ENI_TAGS
|
|
461
|
+
value: "{}"
|
|
462
|
+
# - name: AWS_VPC_CNI_NODE_PORT_SUPPORT
|
|
463
|
+
# value: "true"
|
|
464
|
+
# - name: AWS_VPC_ENI_MTU
|
|
465
|
+
# value: "9001"
|
|
466
|
+
# - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
|
|
467
|
+
# value: "false"
|
|
468
|
+
# - name: AWS_VPC_K8S_CNI_EXTERNALSNAT
|
|
469
|
+
# value: "false"
|
|
470
|
+
# - name: AWS_VPC_K8S_CNI_LOGLEVEL
|
|
471
|
+
# value: "DEBUG"
|
|
472
|
+
# - name: AWS_VPC_K8S_CNI_LOG_FILE
|
|
473
|
+
# value: "/host/var/log/aws-routed-eni/ipamd.log"
|
|
474
|
+
- name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
|
|
475
|
+
value: "prng"
|
|
476
|
+
# - name: AWS_VPC_K8S_CNI_VETHPREFIX
|
|
477
|
+
# value: "eni"
|
|
478
|
+
# - name: AWS_VPC_K8S_PLUGIN_LOG_FILE
|
|
479
|
+
# value: "/var/log/aws-routed-eni/plugin.log"
|
|
480
|
+
# - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
|
|
481
|
+
# value: "DEBUG"
|
|
482
|
+
- name: DISABLE_INTROSPECTION
|
|
483
|
+
value: "false"
|
|
484
|
+
- name: DISABLE_METRICS
|
|
485
|
+
value: "false"
|
|
486
|
+
- name: DISABLE_NETWORK_RESOURCE_PROVISIONING
|
|
487
|
+
value: "false"
|
|
488
|
+
- name: ENABLE_IPv4
|
|
489
|
+
value: "true"
|
|
490
|
+
# - name: ENABLE_IPv6
|
|
491
|
+
# value: "false"
|
|
492
|
+
# - name: ENABLE_POD_ENI
|
|
493
|
+
# value: "false"
|
|
494
|
+
# - name: ENABLE_PREFIX_DELEGATION
|
|
495
|
+
# value: "false"
|
|
496
|
+
- name: VPC_CNI_VERSION
|
|
497
|
+
value: "v1.16.0"
|
|
498
|
+
# - name: WARM_ENI_TARGET
|
|
499
|
+
# value: "1"
|
|
500
|
+
- name: WARM_PREFIX_TARGET
|
|
501
|
+
value: "1"
|
|
502
|
+
- name: MY_NODE_NAME
|
|
503
|
+
valueFrom:
|
|
504
|
+
fieldRef:
|
|
505
|
+
apiVersion: v1
|
|
506
|
+
fieldPath: spec.nodeName
|
|
507
|
+
- name: MY_POD_NAME
|
|
508
|
+
valueFrom:
|
|
509
|
+
fieldRef:
|
|
510
|
+
apiVersion: v1
|
|
511
|
+
fieldPath: metadata.name
|
|
512
|
+
resources:
|
|
513
|
+
requests:
|
|
514
|
+
cpu: 25m
|
|
515
|
+
securityContext:
|
|
516
|
+
capabilities:
|
|
517
|
+
add:
|
|
518
|
+
- NET_ADMIN
|
|
519
|
+
- NET_RAW
|
|
520
|
+
volumeMounts:
|
|
521
|
+
- mountPath: /host/opt/cni/bin
|
|
522
|
+
name: cni-bin-dir
|
|
523
|
+
- mountPath: /host/etc/cni/net.d
|
|
524
|
+
name: cni-net-dir
|
|
525
|
+
- mountPath: /host/var/log/aws-routed-eni
|
|
526
|
+
name: log-dir
|
|
527
|
+
- mountPath: /var/run/aws-node
|
|
528
|
+
name: run-dir
|
|
529
|
+
- mountPath: /run/xtables.lock
|
|
530
|
+
name: xtables-lock
|
|
531
|
+
- name: aws-eks-nodeagent
|
|
532
|
+
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7
|
|
533
|
+
env:
|
|
534
|
+
- name: MY_NODE_NAME
|
|
535
|
+
valueFrom:
|
|
536
|
+
fieldRef:
|
|
537
|
+
apiVersion: v1
|
|
538
|
+
fieldPath: spec.nodeName
|
|
539
|
+
args:
|
|
540
|
+
- --enable-ipv6=false
|
|
541
|
+
- --enable-network-policy=false
|
|
542
|
+
- --enable-cloudwatch-logs=false
|
|
543
|
+
- --enable-policy-event-logs=false
|
|
544
|
+
- --metrics-bind-addr=:8162
|
|
545
|
+
- --health-probe-bind-addr=:8163
|
|
546
|
+
- --conntrack-cache-cleanup-period=300
|
|
547
|
+
resources:
|
|
548
|
+
requests:
|
|
549
|
+
cpu: 25m
|
|
550
|
+
securityContext:
|
|
551
|
+
capabilities:
|
|
552
|
+
add:
|
|
553
|
+
- NET_ADMIN
|
|
554
|
+
privileged: true
|
|
555
|
+
volumeMounts:
|
|
556
|
+
- mountPath: /host/opt/cni/bin
|
|
557
|
+
name: cni-bin-dir
|
|
558
|
+
- mountPath: /sys/fs/bpf
|
|
559
|
+
name: bpf-pin-path
|
|
560
|
+
- mountPath: /var/log/aws-routed-eni
|
|
561
|
+
name: log-dir
|
|
562
|
+
- mountPath: /var/run/aws-node
|
|
563
|
+
name: run-dir
|
|
564
|
+
volumes:
|
|
565
|
+
- name: bpf-pin-path
|
|
566
|
+
hostPath:
|
|
567
|
+
path: /sys/fs/bpf
|
|
568
|
+
- name: cni-bin-dir
|
|
569
|
+
hostPath:
|
|
570
|
+
path: /opt/cni/bin
|
|
571
|
+
- name: cni-net-dir
|
|
572
|
+
hostPath:
|
|
573
|
+
path: /etc/cni/net.d
|
|
574
|
+
- name: log-dir
|
|
575
|
+
hostPath:
|
|
576
|
+
path: /var/log/aws-routed-eni
|
|
577
|
+
type: DirectoryOrCreate
|
|
578
|
+
- name: run-dir
|
|
579
|
+
hostPath:
|
|
580
|
+
path: /var/run/aws-node
|
|
581
|
+
type: DirectoryOrCreate
|
|
582
|
+
- name: xtables-lock
|
|
583
|
+
hostPath:
|
|
584
|
+
path: /run/xtables.lock
|
|
585
|
+
affinity:
|
|
586
|
+
nodeAffinity:
|
|
587
|
+
requiredDuringSchedulingIgnoredDuringExecution:
|
|
588
|
+
nodeSelectorTerms:
|
|
589
|
+
- matchExpressions:
|
|
590
|
+
- key: kubernetes.io/os
|
|
591
|
+
operator: In
|
|
592
|
+
values:
|
|
593
|
+
- linux
|
|
594
|
+
- key: kubernetes.io/arch
|
|
595
|
+
operator: In
|
|
596
|
+
values:
|
|
597
|
+
- amd64
|
|
598
|
+
- arm64
|
|
599
|
+
- key: eks.amazonaws.com/compute-type
|
|
600
|
+
operator: NotIn
|
|
601
|
+
values:
|
|
602
|
+
- fargate
|