@pulumi/eks 2.8.1 → 3.0.0-alpha.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/addon.d.ts +61 -13
- package/addon.js +45 -18
- package/addon.js.map +1 -1
- package/cluster.d.ts +291 -585
- package/cluster.js +120 -947
- package/cluster.js.map +1 -1
- package/clusterCreationRoleProvider.d.ts +28 -0
- package/clusterCreationRoleProvider.js +47 -0
- package/clusterCreationRoleProvider.js.map +1 -0
- package/clusterMixins.d.ts +71 -0
- package/clusterMixins.js +107 -0
- package/clusterMixins.js.map +1 -0
- package/index.d.ts +31 -7
- package/index.js +80 -34
- package/index.js.map +1 -1
- package/managedNodeGroup.d.ts +221 -0
- package/managedNodeGroup.js +81 -0
- package/managedNodeGroup.js.map +1 -0
- package/nodeGroup.d.ts +273 -0
- package/nodeGroup.js +93 -0
- package/nodeGroup.js.map +1 -0
- package/nodeGroupSecurityGroup.d.ts +51 -0
- package/nodeGroupSecurityGroup.js +60 -0
- package/nodeGroupSecurityGroup.js.map +1 -0
- package/nodeGroupV2.d.ts +280 -0
- package/nodeGroupV2.js +90 -0
- package/nodeGroupV2.js.map +1 -0
- package/nodegroupMixins.d.ts +203 -0
- package/{securitygroup.js → nodegroupMixins.js} +25 -36
- package/nodegroupMixins.js.map +1 -0
- package/package.json +8 -36
- package/provider.d.ts +21 -0
- package/provider.js +38 -0
- package/provider.js.map +1 -0
- package/{storageclass.js → storageclassMixins.js} +1 -14
- package/storageclassMixins.js.map +1 -0
- package/types/enums/index.d.ts +170 -0
- package/types/enums/index.js +145 -0
- package/types/enums/index.js.map +1 -0
- package/types/index.d.ts +4 -0
- package/types/index.js +13 -0
- package/types/index.js.map +1 -0
- package/types/input.d.ts +745 -0
- package/types/input.js +30 -0
- package/types/input.js.map +1 -0
- package/types/output.d.ts +422 -0
- package/types/output.js +5 -0
- package/types/output.js.map +1 -0
- package/utilities.d.ts +8 -1
- package/utilities.js +90 -17
- package/utilities.js.map +1 -1
- package/vpcCniAddon.d.ts +175 -0
- package/vpcCniAddon.js +88 -0
- package/vpcCniAddon.js.map +1 -0
- package/LICENSE +0 -202
- package/README.md +0 -77
- package/authenticationMode.d.ts +0 -24
- package/authenticationMode.js +0 -172
- package/authenticationMode.js.map +0 -1
- package/authenticationMode.test.d.ts +0 -1
- package/authenticationMode.test.js +0 -208
- package/authenticationMode.test.js.map +0 -1
- package/cert-thumprint.d.ts +0 -16
- package/cert-thumprint.js +0 -113
- package/cert-thumprint.js.map +0 -1
- package/cmd/provider/addon.d.ts +0 -1
- package/cmd/provider/addon.js +0 -40
- package/cmd/provider/addon.js.map +0 -1
- package/cmd/provider/cluster.d.ts +0 -1
- package/cmd/provider/cluster.js +0 -71
- package/cmd/provider/cluster.js.map +0 -1
- package/cmd/provider/cni.d.ts +0 -2
- package/cmd/provider/cni.js +0 -291
- package/cmd/provider/cni.js.map +0 -1
- package/cmd/provider/index.d.ts +0 -1
- package/cmd/provider/index.js +0 -171
- package/cmd/provider/index.js.map +0 -1
- package/cmd/provider/nodegroup.d.ts +0 -1
- package/cmd/provider/nodegroup.js +0 -89
- package/cmd/provider/nodegroup.js.map +0 -1
- package/cmd/provider/randomSuffix.d.ts +0 -1
- package/cmd/provider/randomSuffix.js +0 -52
- package/cmd/provider/randomSuffix.js.map +0 -1
- package/cmd/provider/schema.json +0 -1909
- package/cmd/provider/securitygroup.d.ts +0 -1
- package/cmd/provider/securitygroup.js +0 -41
- package/cmd/provider/securitygroup.js.map +0 -1
- package/cni/README.md +0 -6
- package/cni/aws-k8s-cni.yaml +0 -602
- package/cni.d.ts +0 -177
- package/cni.js +0 -64
- package/cni.js.map +0 -1
- package/dashboard/heapster-rbac.yaml +0 -12
- package/dashboard/heapster.yaml +0 -46
- package/dashboard/influxdb.yaml +0 -40
- package/dashboard/kubernetes-dashboard.yaml +0 -167
- package/dashboard.d.ts +0 -5
- package/dashboard.js +0 -58
- package/dashboard.js.map +0 -1
- package/dependencies.d.ts +0 -2
- package/dependencies.js +0 -81
- package/dependencies.js.map +0 -1
- package/dependencies.test.d.ts +0 -1
- package/dependencies.test.js +0 -133
- package/dependencies.test.js.map +0 -1
- package/nodegroup.d.ts +0 -515
- package/nodegroup.js +0 -1152
- package/nodegroup.js.map +0 -1
- package/nodegroup.test.d.ts +0 -1
- package/nodegroup.test.js +0 -336
- package/nodegroup.test.js.map +0 -1
- package/package.json.dev +0 -67
- package/randomSuffix.d.ts +0 -1
- package/randomSuffix.js +0 -51
- package/randomSuffix.js.map +0 -1
- package/securitygroup.d.ts +0 -52
- package/securitygroup.js.map +0 -1
- package/servicerole.d.ts +0 -43
- package/servicerole.js +0 -72
- package/servicerole.js.map +0 -1
- package/storageclass.js.map +0 -1
- package/utils.d.ts +0 -23
- package/utils.js +0 -16
- package/utils.js.map +0 -1
- /package/{storageclass.d.ts → storageclassMixins.d.ts} +0 -0
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
|
@@ -1,41 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
// Copyright 2016-2020, Pulumi Corporation.
|
|
3
|
-
//
|
|
4
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
|
-
// you may not use this file except in compliance with the License.
|
|
6
|
-
// You may obtain a copy of the License at
|
|
7
|
-
//
|
|
8
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
-
//
|
|
10
|
-
// Unless required by applicable law or agreed to in writing, software
|
|
11
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
13
|
-
// See the License for the specific language governing permissions and
|
|
14
|
-
// limitations under the License.
|
|
15
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
16
|
-
exports.nodeGroupSecurityGroupProviderFactory = void 0;
|
|
17
|
-
const securitygroup_1 = require("../../securitygroup");
|
|
18
|
-
const nodeGroupSecurityGroupProvider = {
|
|
19
|
-
construct: (name, type, inputs, options) => {
|
|
20
|
-
try {
|
|
21
|
-
const nodeGroupSecurityGroup = new securitygroup_1.NodeGroupSecurityGroup(name, inputs, options);
|
|
22
|
-
return Promise.resolve({
|
|
23
|
-
urn: nodeGroupSecurityGroup.urn,
|
|
24
|
-
state: {
|
|
25
|
-
securityGroup: nodeGroupSecurityGroup.securityGroup,
|
|
26
|
-
securityGroupRule: nodeGroupSecurityGroup.securityGroupRule,
|
|
27
|
-
},
|
|
28
|
-
});
|
|
29
|
-
}
|
|
30
|
-
catch (e) {
|
|
31
|
-
return Promise.reject(e);
|
|
32
|
-
}
|
|
33
|
-
},
|
|
34
|
-
version: "", // ignored
|
|
35
|
-
};
|
|
36
|
-
/** @internal */
|
|
37
|
-
function nodeGroupSecurityGroupProviderFactory() {
|
|
38
|
-
return nodeGroupSecurityGroupProvider;
|
|
39
|
-
}
|
|
40
|
-
exports.nodeGroupSecurityGroupProviderFactory = nodeGroupSecurityGroupProviderFactory;
|
|
41
|
-
//# sourceMappingURL=securitygroup.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"securitygroup.js","sourceRoot":"","sources":["../../../cmd/provider/securitygroup.ts"],"names":[],"mappings":";AAAA,2CAA2C;AAC3C,EAAE;AACF,kEAAkE;AAClE,mEAAmE;AACnE,0CAA0C;AAC1C,EAAE;AACF,iDAAiD;AACjD,EAAE;AACF,sEAAsE;AACtE,oEAAoE;AACpE,2EAA2E;AAC3E,sEAAsE;AACtE,iCAAiC;;;AAGjC,uDAA6D;AAE7D,MAAM,8BAA8B,GAA6B;IAC7D,SAAS,EAAE,CACP,IAAY,EACZ,IAAY,EACZ,MAAqB,EACrB,OAAwC,EAC1C,EAAE;QACA,IAAI;YACA,MAAM,sBAAsB,GAAG,IAAI,sCAAsB,CAAC,IAAI,EAAO,MAAM,EAAE,OAAO,CAAC,CAAC;YACtF,OAAO,OAAO,CAAC,OAAO,CAAC;gBACnB,GAAG,EAAE,sBAAsB,CAAC,GAAG;gBAC/B,KAAK,EAAE;oBACH,aAAa,EAAE,sBAAsB,CAAC,aAAa;oBACnD,iBAAiB,EAAE,sBAAsB,CAAC,iBAAiB;iBAC9D;aACJ,CAAC,CAAC;SACN;QAAC,OAAO,CAAC,EAAE;YACR,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;SAC5B;IACL,CAAC;IACD,OAAO,EAAE,EAAE,EAAE,UAAU;CAC1B,CAAC;AAEF,gBAAgB;AAChB,SAAgB,qCAAqC;IACjD,OAAO,8BAA8B,CAAC;AAC1C,CAAC;AAFD,sFAEC"}
|
package/cni/README.md
DELETED
|
@@ -1,6 +0,0 @@
|
|
|
1
|
-
The CNI manfiest used has divergence between the
|
|
2
|
-
[upstream CNI](https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.16.0/config/master/aws-k8s-cni.yaml),
|
|
3
|
-
Pulumi's [approach](https://github.com/pulumi/pulumi-eks/blob/master/nodejs/eks/cni/aws-k8s-cni.yaml),
|
|
4
|
-
and what AWS does by [default](https://github.com/aws/amazon-vpc-cni-k8s/issues/755) for Fargate clusters.
|
|
5
|
-
|
|
6
|
-
Pulumi's fork of the manifest removes certain lines from the upstream manifest. This is showcased in our forked copy by commenting out such lines.
|
package/cni/aws-k8s-cni.yaml
DELETED
|
@@ -1,602 +0,0 @@
|
|
|
1
|
-
# Adapted from: https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.16.0/config/master/aws-k8s-cni.yaml
|
|
2
|
-
# Configuration that differs from upstream are commented out.
|
|
3
|
-
---
|
|
4
|
-
# Source: aws-vpc-cni/crds/customresourcedefinition.yaml
|
|
5
|
-
apiVersion: apiextensions.k8s.io/v1
|
|
6
|
-
kind: CustomResourceDefinition
|
|
7
|
-
metadata:
|
|
8
|
-
name: eniconfigs.crd.k8s.amazonaws.com
|
|
9
|
-
spec:
|
|
10
|
-
scope: Cluster
|
|
11
|
-
group: crd.k8s.amazonaws.com
|
|
12
|
-
preserveUnknownFields: false
|
|
13
|
-
versions:
|
|
14
|
-
- name: v1alpha1
|
|
15
|
-
served: true
|
|
16
|
-
storage: true
|
|
17
|
-
schema:
|
|
18
|
-
openAPIV3Schema:
|
|
19
|
-
type: object
|
|
20
|
-
x-kubernetes-preserve-unknown-fields: true
|
|
21
|
-
names:
|
|
22
|
-
plural: eniconfigs
|
|
23
|
-
singular: eniconfig
|
|
24
|
-
kind: ENIConfig
|
|
25
|
-
---
|
|
26
|
-
apiVersion: apiextensions.k8s.io/v1
|
|
27
|
-
kind: CustomResourceDefinition
|
|
28
|
-
metadata:
|
|
29
|
-
annotations:
|
|
30
|
-
controller-gen.kubebuilder.io/version: v0.11.3
|
|
31
|
-
creationTimestamp: null
|
|
32
|
-
labels:
|
|
33
|
-
app.kubernetes.io/name: amazon-network-policy-controller-k8s
|
|
34
|
-
name: policyendpoints.networking.k8s.aws
|
|
35
|
-
spec:
|
|
36
|
-
group: networking.k8s.aws
|
|
37
|
-
names:
|
|
38
|
-
kind: PolicyEndpoint
|
|
39
|
-
listKind: PolicyEndpointList
|
|
40
|
-
plural: policyendpoints
|
|
41
|
-
singular: policyendpoint
|
|
42
|
-
scope: Namespaced
|
|
43
|
-
versions:
|
|
44
|
-
- name: v1alpha1
|
|
45
|
-
schema:
|
|
46
|
-
openAPIV3Schema:
|
|
47
|
-
description: PolicyEndpoint is the Schema for the policyendpoints API
|
|
48
|
-
properties:
|
|
49
|
-
apiVersion:
|
|
50
|
-
description:
|
|
51
|
-
"APIVersion defines the versioned schema of this representation
|
|
52
|
-
of an object. Servers should convert recognized schemas to the latest
|
|
53
|
-
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
|
|
54
|
-
type: string
|
|
55
|
-
kind:
|
|
56
|
-
description: "Kind is a string value representing the REST resource this
|
|
57
|
-
object represents. Servers may infer this from the endpoint the client
|
|
58
|
-
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
|
|
59
|
-
type: string
|
|
60
|
-
metadata:
|
|
61
|
-
type: object
|
|
62
|
-
spec:
|
|
63
|
-
description: PolicyEndpointSpec defines the desired state of PolicyEndpoint
|
|
64
|
-
properties:
|
|
65
|
-
egress:
|
|
66
|
-
description:
|
|
67
|
-
Egress is the list of egress rules containing resolved
|
|
68
|
-
network addresses
|
|
69
|
-
items:
|
|
70
|
-
description:
|
|
71
|
-
EndpointInfo defines the network endpoint information
|
|
72
|
-
for the policy ingress/egress
|
|
73
|
-
properties:
|
|
74
|
-
cidr:
|
|
75
|
-
description: CIDR is the network address(s) of the endpoint
|
|
76
|
-
type: string
|
|
77
|
-
except:
|
|
78
|
-
description:
|
|
79
|
-
Except is the exceptions to the CIDR ranges mentioned
|
|
80
|
-
above.
|
|
81
|
-
items:
|
|
82
|
-
type: string
|
|
83
|
-
type: array
|
|
84
|
-
ports:
|
|
85
|
-
description: Ports is the list of ports
|
|
86
|
-
items:
|
|
87
|
-
description:
|
|
88
|
-
Port contains information about the transport
|
|
89
|
-
port/protocol
|
|
90
|
-
properties:
|
|
91
|
-
endPort:
|
|
92
|
-
description:
|
|
93
|
-
Endport specifies the port range port to
|
|
94
|
-
endPort port must be defined and an integer, endPort
|
|
95
|
-
> port
|
|
96
|
-
format: int32
|
|
97
|
-
type: integer
|
|
98
|
-
port:
|
|
99
|
-
description:
|
|
100
|
-
Port specifies the numerical port for the
|
|
101
|
-
protocol. If empty applies to all ports
|
|
102
|
-
format: int32
|
|
103
|
-
type: integer
|
|
104
|
-
protocol:
|
|
105
|
-
default: TCP
|
|
106
|
-
description:
|
|
107
|
-
Protocol specifies the transport protocol,
|
|
108
|
-
default TCP
|
|
109
|
-
type: string
|
|
110
|
-
type: object
|
|
111
|
-
type: array
|
|
112
|
-
required:
|
|
113
|
-
- cidr
|
|
114
|
-
type: object
|
|
115
|
-
type: array
|
|
116
|
-
ingress:
|
|
117
|
-
description:
|
|
118
|
-
Ingress is the list of ingress rules containing resolved
|
|
119
|
-
network addresses
|
|
120
|
-
items:
|
|
121
|
-
description:
|
|
122
|
-
EndpointInfo defines the network endpoint information
|
|
123
|
-
for the policy ingress/egress
|
|
124
|
-
properties:
|
|
125
|
-
cidr:
|
|
126
|
-
description: CIDR is the network address(s) of the endpoint
|
|
127
|
-
type: string
|
|
128
|
-
except:
|
|
129
|
-
description:
|
|
130
|
-
Except is the exceptions to the CIDR ranges mentioned
|
|
131
|
-
above.
|
|
132
|
-
items:
|
|
133
|
-
type: string
|
|
134
|
-
type: array
|
|
135
|
-
ports:
|
|
136
|
-
description: Ports is the list of ports
|
|
137
|
-
items:
|
|
138
|
-
description:
|
|
139
|
-
Port contains information about the transport
|
|
140
|
-
port/protocol
|
|
141
|
-
properties:
|
|
142
|
-
endPort:
|
|
143
|
-
description:
|
|
144
|
-
Endport specifies the port range port to
|
|
145
|
-
endPort port must be defined and an integer, endPort
|
|
146
|
-
> port
|
|
147
|
-
format: int32
|
|
148
|
-
type: integer
|
|
149
|
-
port:
|
|
150
|
-
description:
|
|
151
|
-
Port specifies the numerical port for the
|
|
152
|
-
protocol. If empty applies to all ports
|
|
153
|
-
format: int32
|
|
154
|
-
type: integer
|
|
155
|
-
protocol:
|
|
156
|
-
default: TCP
|
|
157
|
-
description:
|
|
158
|
-
Protocol specifies the transport protocol,
|
|
159
|
-
default TCP
|
|
160
|
-
type: string
|
|
161
|
-
type: object
|
|
162
|
-
type: array
|
|
163
|
-
required:
|
|
164
|
-
- cidr
|
|
165
|
-
type: object
|
|
166
|
-
type: array
|
|
167
|
-
podIsolation:
|
|
168
|
-
description:
|
|
169
|
-
PodIsolation specifies whether the pod needs to be isolated
|
|
170
|
-
for a particular traffic direction Ingress or Egress, or both. If
|
|
171
|
-
default isolation is not specified, and there are no ingress/egress
|
|
172
|
-
rules, then the pod is not isolated from the point of view of this
|
|
173
|
-
policy. This follows the NetworkPolicy spec.PolicyTypes.
|
|
174
|
-
items:
|
|
175
|
-
description:
|
|
176
|
-
PolicyType string describes the NetworkPolicy type
|
|
177
|
-
This type is beta-level in 1.8
|
|
178
|
-
type: string
|
|
179
|
-
type: array
|
|
180
|
-
podSelector:
|
|
181
|
-
description: PodSelector is the podSelector from the policy resource
|
|
182
|
-
properties:
|
|
183
|
-
matchExpressions:
|
|
184
|
-
description:
|
|
185
|
-
matchExpressions is a list of label selector requirements.
|
|
186
|
-
The requirements are ANDed.
|
|
187
|
-
items:
|
|
188
|
-
description:
|
|
189
|
-
A label selector requirement is a selector that
|
|
190
|
-
contains values, a key, and an operator that relates the key
|
|
191
|
-
and values.
|
|
192
|
-
properties:
|
|
193
|
-
key:
|
|
194
|
-
description:
|
|
195
|
-
key is the label key that the selector applies
|
|
196
|
-
to.
|
|
197
|
-
type: string
|
|
198
|
-
operator:
|
|
199
|
-
description:
|
|
200
|
-
operator represents a key's relationship to
|
|
201
|
-
a set of values. Valid operators are In, NotIn, Exists
|
|
202
|
-
and DoesNotExist.
|
|
203
|
-
type: string
|
|
204
|
-
values:
|
|
205
|
-
description:
|
|
206
|
-
values is an array of string values. If the
|
|
207
|
-
operator is In or NotIn, the values array must be non-empty.
|
|
208
|
-
If the operator is Exists or DoesNotExist, the values
|
|
209
|
-
array must be empty. This array is replaced during a strategic
|
|
210
|
-
merge patch.
|
|
211
|
-
items:
|
|
212
|
-
type: string
|
|
213
|
-
type: array
|
|
214
|
-
required:
|
|
215
|
-
- key
|
|
216
|
-
- operator
|
|
217
|
-
type: object
|
|
218
|
-
type: array
|
|
219
|
-
matchLabels:
|
|
220
|
-
additionalProperties:
|
|
221
|
-
type: string
|
|
222
|
-
description:
|
|
223
|
-
matchLabels is a map of {key,value} pairs. A single
|
|
224
|
-
{key,value} in the matchLabels map is equivalent to an element
|
|
225
|
-
of matchExpressions, whose key field is "key", the operator
|
|
226
|
-
is "In", and the values array contains only "value". The requirements
|
|
227
|
-
are ANDed.
|
|
228
|
-
type: object
|
|
229
|
-
type: object
|
|
230
|
-
x-kubernetes-map-type: atomic
|
|
231
|
-
podSelectorEndpoints:
|
|
232
|
-
description:
|
|
233
|
-
PodSelectorEndpoints contains information about the pods
|
|
234
|
-
matching the podSelector
|
|
235
|
-
items:
|
|
236
|
-
description:
|
|
237
|
-
PodEndpoint defines the summary information for the
|
|
238
|
-
pods
|
|
239
|
-
properties:
|
|
240
|
-
hostIP:
|
|
241
|
-
description:
|
|
242
|
-
HostIP is the IP address of the host the pod is
|
|
243
|
-
currently running on
|
|
244
|
-
type: string
|
|
245
|
-
name:
|
|
246
|
-
description: Name is the pod name
|
|
247
|
-
type: string
|
|
248
|
-
namespace:
|
|
249
|
-
description: Namespace is the pod namespace
|
|
250
|
-
type: string
|
|
251
|
-
podIP:
|
|
252
|
-
description: PodIP is the IP address of the pod
|
|
253
|
-
type: string
|
|
254
|
-
required:
|
|
255
|
-
- hostIP
|
|
256
|
-
- name
|
|
257
|
-
- namespace
|
|
258
|
-
- podIP
|
|
259
|
-
type: object
|
|
260
|
-
type: array
|
|
261
|
-
policyRef:
|
|
262
|
-
description:
|
|
263
|
-
PolicyRef is a reference to the Kubernetes NetworkPolicy
|
|
264
|
-
resource.
|
|
265
|
-
properties:
|
|
266
|
-
name:
|
|
267
|
-
description: Name is the name of the Policy
|
|
268
|
-
type: string
|
|
269
|
-
namespace:
|
|
270
|
-
description: Namespace is the namespace of the Policy
|
|
271
|
-
type: string
|
|
272
|
-
required:
|
|
273
|
-
- name
|
|
274
|
-
- namespace
|
|
275
|
-
type: object
|
|
276
|
-
required:
|
|
277
|
-
- policyRef
|
|
278
|
-
type: object
|
|
279
|
-
status:
|
|
280
|
-
description: PolicyEndpointStatus defines the observed state of PolicyEndpoint
|
|
281
|
-
type: object
|
|
282
|
-
type: object
|
|
283
|
-
served: true
|
|
284
|
-
storage: true
|
|
285
|
-
subresources:
|
|
286
|
-
status: {}
|
|
287
|
-
---
|
|
288
|
-
# Source: aws-vpc-cni/templates/serviceaccount.yaml
|
|
289
|
-
apiVersion: v1
|
|
290
|
-
kind: ServiceAccount
|
|
291
|
-
metadata:
|
|
292
|
-
name: aws-node
|
|
293
|
-
namespace: kube-system
|
|
294
|
-
labels:
|
|
295
|
-
app.kubernetes.io/name: aws-node
|
|
296
|
-
app.kubernetes.io/instance: aws-vpc-cni
|
|
297
|
-
k8s-app: aws-node
|
|
298
|
-
app.kubernetes.io/version: "v1.16.0"
|
|
299
|
-
---
|
|
300
|
-
# Source: aws-vpc-cni/templates/configmap.yaml
|
|
301
|
-
apiVersion: v1
|
|
302
|
-
kind: ConfigMap
|
|
303
|
-
metadata:
|
|
304
|
-
name: amazon-vpc-cni
|
|
305
|
-
namespace: kube-system
|
|
306
|
-
labels:
|
|
307
|
-
app.kubernetes.io/name: aws-node
|
|
308
|
-
app.kubernetes.io/instance: aws-vpc-cni
|
|
309
|
-
k8s-app: aws-node
|
|
310
|
-
app.kubernetes.io/version: "v1.16.0"
|
|
311
|
-
data:
|
|
312
|
-
enable-windows-ipam: "false"
|
|
313
|
-
enable-network-policy-controller: "false"
|
|
314
|
-
enable-windows-prefix-delegation: "false"
|
|
315
|
-
warm-prefix-target: "0"
|
|
316
|
-
warm-ip-target: "1"
|
|
317
|
-
minimum-ip-target: "3"
|
|
318
|
-
branch-eni-cooldown: "60"
|
|
319
|
-
---
|
|
320
|
-
# Source: aws-vpc-cni/templates/clusterrole.yaml
|
|
321
|
-
apiVersion: rbac.authorization.k8s.io/v1
|
|
322
|
-
kind: ClusterRole
|
|
323
|
-
metadata:
|
|
324
|
-
name: aws-node
|
|
325
|
-
labels:
|
|
326
|
-
app.kubernetes.io/name: aws-node
|
|
327
|
-
app.kubernetes.io/instance: aws-vpc-cni
|
|
328
|
-
k8s-app: aws-node
|
|
329
|
-
app.kubernetes.io/version: "v1.16.0"
|
|
330
|
-
rules:
|
|
331
|
-
- apiGroups:
|
|
332
|
-
- crd.k8s.amazonaws.com
|
|
333
|
-
resources:
|
|
334
|
-
- eniconfigs
|
|
335
|
-
verbs: ["list", "watch", "get"]
|
|
336
|
-
- apiGroups: [""]
|
|
337
|
-
resources:
|
|
338
|
-
- namespaces
|
|
339
|
-
verbs: ["list", "watch", "get"]
|
|
340
|
-
- apiGroups: [""]
|
|
341
|
-
resources:
|
|
342
|
-
- pods
|
|
343
|
-
verbs: ["list", "watch", "get"]
|
|
344
|
-
- apiGroups: [""]
|
|
345
|
-
resources:
|
|
346
|
-
- nodes
|
|
347
|
-
verbs: ["list", "watch", "get"]
|
|
348
|
-
- apiGroups: ["", "events.k8s.io"]
|
|
349
|
-
resources:
|
|
350
|
-
- events
|
|
351
|
-
verbs: ["create", "patch", "list"]
|
|
352
|
-
- apiGroups: ["networking.k8s.aws"]
|
|
353
|
-
resources:
|
|
354
|
-
- policyendpoints
|
|
355
|
-
verbs: ["get", "list", "watch"]
|
|
356
|
-
- apiGroups: ["networking.k8s.aws"]
|
|
357
|
-
resources:
|
|
358
|
-
- policyendpoints/status
|
|
359
|
-
verbs: ["get"]
|
|
360
|
-
- apiGroups:
|
|
361
|
-
- vpcresources.k8s.aws
|
|
362
|
-
resources:
|
|
363
|
-
- cninodes
|
|
364
|
-
verbs: ["get", "list", "watch", "patch"]
|
|
365
|
-
---
|
|
366
|
-
# Source: aws-vpc-cni/templates/clusterrolebinding.yaml
|
|
367
|
-
apiVersion: rbac.authorization.k8s.io/v1
|
|
368
|
-
kind: ClusterRoleBinding
|
|
369
|
-
metadata:
|
|
370
|
-
name: aws-node
|
|
371
|
-
labels:
|
|
372
|
-
app.kubernetes.io/name: aws-node
|
|
373
|
-
app.kubernetes.io/instance: aws-vpc-cni
|
|
374
|
-
k8s-app: aws-node
|
|
375
|
-
app.kubernetes.io/version: "v1.16.0"
|
|
376
|
-
roleRef:
|
|
377
|
-
apiGroup: rbac.authorization.k8s.io
|
|
378
|
-
kind: ClusterRole
|
|
379
|
-
name: aws-node
|
|
380
|
-
subjects:
|
|
381
|
-
- kind: ServiceAccount
|
|
382
|
-
name: aws-node
|
|
383
|
-
namespace: kube-system
|
|
384
|
-
---
|
|
385
|
-
# Source: aws-vpc-cni/templates/daemonset.yaml
|
|
386
|
-
kind: DaemonSet
|
|
387
|
-
apiVersion: apps/v1
|
|
388
|
-
metadata:
|
|
389
|
-
name: aws-node
|
|
390
|
-
namespace: kube-system
|
|
391
|
-
labels:
|
|
392
|
-
app.kubernetes.io/name: aws-node
|
|
393
|
-
app.kubernetes.io/instance: aws-vpc-cni
|
|
394
|
-
k8s-app: aws-node
|
|
395
|
-
app.kubernetes.io/version: "v1.16.0"
|
|
396
|
-
spec:
|
|
397
|
-
updateStrategy:
|
|
398
|
-
rollingUpdate:
|
|
399
|
-
maxUnavailable: 10%
|
|
400
|
-
type: RollingUpdate
|
|
401
|
-
selector:
|
|
402
|
-
matchLabels:
|
|
403
|
-
k8s-app: aws-node
|
|
404
|
-
template:
|
|
405
|
-
metadata:
|
|
406
|
-
labels:
|
|
407
|
-
app.kubernetes.io/name: aws-node
|
|
408
|
-
app.kubernetes.io/instance: aws-vpc-cni
|
|
409
|
-
k8s-app: aws-node
|
|
410
|
-
spec:
|
|
411
|
-
priorityClassName: "system-node-critical"
|
|
412
|
-
serviceAccountName: aws-node
|
|
413
|
-
hostNetwork: true
|
|
414
|
-
initContainers:
|
|
415
|
-
- name: aws-vpc-cni-init
|
|
416
|
-
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.16.0
|
|
417
|
-
env: []
|
|
418
|
-
# env:
|
|
419
|
-
# - name: DISABLE_TCP_EARLY_DEMUX
|
|
420
|
-
# value: "false"
|
|
421
|
-
# - name: ENABLE_IPv6
|
|
422
|
-
# value: "false"
|
|
423
|
-
securityContext:
|
|
424
|
-
privileged: true
|
|
425
|
-
resources:
|
|
426
|
-
requests:
|
|
427
|
-
cpu: 25m
|
|
428
|
-
volumeMounts:
|
|
429
|
-
- mountPath: /host/opt/cni/bin
|
|
430
|
-
name: cni-bin-dir
|
|
431
|
-
terminationGracePeriodSeconds: 10
|
|
432
|
-
tolerations:
|
|
433
|
-
- operator: Exists
|
|
434
|
-
securityContext: {}
|
|
435
|
-
containers:
|
|
436
|
-
- name: aws-node
|
|
437
|
-
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.16.0
|
|
438
|
-
ports:
|
|
439
|
-
- containerPort: 61678
|
|
440
|
-
name: metrics
|
|
441
|
-
livenessProbe:
|
|
442
|
-
exec:
|
|
443
|
-
command:
|
|
444
|
-
- /app/grpc-health-probe
|
|
445
|
-
- -addr=:50051
|
|
446
|
-
- -connect-timeout=5s
|
|
447
|
-
- -rpc-timeout=5s
|
|
448
|
-
initialDelaySeconds: 60
|
|
449
|
-
timeoutSeconds: 10
|
|
450
|
-
readinessProbe:
|
|
451
|
-
exec:
|
|
452
|
-
command:
|
|
453
|
-
- /app/grpc-health-probe
|
|
454
|
-
- -addr=:50051
|
|
455
|
-
- -connect-timeout=5s
|
|
456
|
-
- -rpc-timeout=5s
|
|
457
|
-
initialDelaySeconds: 1
|
|
458
|
-
timeoutSeconds: 10
|
|
459
|
-
env:
|
|
460
|
-
- name: ADDITIONAL_ENI_TAGS
|
|
461
|
-
value: "{}"
|
|
462
|
-
# - name: AWS_VPC_CNI_NODE_PORT_SUPPORT
|
|
463
|
-
# value: "true"
|
|
464
|
-
# - name: AWS_VPC_ENI_MTU
|
|
465
|
-
# value: "9001"
|
|
466
|
-
# - name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
|
|
467
|
-
# value: "false"
|
|
468
|
-
# - name: AWS_VPC_K8S_CNI_EXTERNALSNAT
|
|
469
|
-
# value: "false"
|
|
470
|
-
# - name: AWS_VPC_K8S_CNI_LOGLEVEL
|
|
471
|
-
# value: "DEBUG"
|
|
472
|
-
# - name: AWS_VPC_K8S_CNI_LOG_FILE
|
|
473
|
-
# value: "/host/var/log/aws-routed-eni/ipamd.log"
|
|
474
|
-
- name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
|
|
475
|
-
value: "prng"
|
|
476
|
-
# - name: AWS_VPC_K8S_CNI_VETHPREFIX
|
|
477
|
-
# value: "eni"
|
|
478
|
-
# - name: AWS_VPC_K8S_PLUGIN_LOG_FILE
|
|
479
|
-
# value: "/var/log/aws-routed-eni/plugin.log"
|
|
480
|
-
# - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
|
|
481
|
-
# value: "DEBUG"
|
|
482
|
-
- name: DISABLE_INTROSPECTION
|
|
483
|
-
value: "false"
|
|
484
|
-
- name: DISABLE_METRICS
|
|
485
|
-
value: "false"
|
|
486
|
-
- name: DISABLE_NETWORK_RESOURCE_PROVISIONING
|
|
487
|
-
value: "false"
|
|
488
|
-
- name: ENABLE_IPv4
|
|
489
|
-
value: "true"
|
|
490
|
-
# - name: ENABLE_IPv6
|
|
491
|
-
# value: "false"
|
|
492
|
-
# - name: ENABLE_POD_ENI
|
|
493
|
-
# value: "false"
|
|
494
|
-
# - name: ENABLE_PREFIX_DELEGATION
|
|
495
|
-
# value: "false"
|
|
496
|
-
- name: VPC_CNI_VERSION
|
|
497
|
-
value: "v1.16.0"
|
|
498
|
-
# - name: WARM_ENI_TARGET
|
|
499
|
-
# value: "1"
|
|
500
|
-
- name: WARM_PREFIX_TARGET
|
|
501
|
-
value: "1"
|
|
502
|
-
- name: MY_NODE_NAME
|
|
503
|
-
valueFrom:
|
|
504
|
-
fieldRef:
|
|
505
|
-
apiVersion: v1
|
|
506
|
-
fieldPath: spec.nodeName
|
|
507
|
-
- name: MY_POD_NAME
|
|
508
|
-
valueFrom:
|
|
509
|
-
fieldRef:
|
|
510
|
-
apiVersion: v1
|
|
511
|
-
fieldPath: metadata.name
|
|
512
|
-
resources:
|
|
513
|
-
requests:
|
|
514
|
-
cpu: 25m
|
|
515
|
-
securityContext:
|
|
516
|
-
capabilities:
|
|
517
|
-
add:
|
|
518
|
-
- NET_ADMIN
|
|
519
|
-
- NET_RAW
|
|
520
|
-
volumeMounts:
|
|
521
|
-
- mountPath: /host/opt/cni/bin
|
|
522
|
-
name: cni-bin-dir
|
|
523
|
-
- mountPath: /host/etc/cni/net.d
|
|
524
|
-
name: cni-net-dir
|
|
525
|
-
- mountPath: /host/var/log/aws-routed-eni
|
|
526
|
-
name: log-dir
|
|
527
|
-
- mountPath: /var/run/aws-node
|
|
528
|
-
name: run-dir
|
|
529
|
-
- mountPath: /run/xtables.lock
|
|
530
|
-
name: xtables-lock
|
|
531
|
-
- name: aws-eks-nodeagent
|
|
532
|
-
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7
|
|
533
|
-
env:
|
|
534
|
-
- name: MY_NODE_NAME
|
|
535
|
-
valueFrom:
|
|
536
|
-
fieldRef:
|
|
537
|
-
apiVersion: v1
|
|
538
|
-
fieldPath: spec.nodeName
|
|
539
|
-
args:
|
|
540
|
-
- --enable-ipv6=false
|
|
541
|
-
- --enable-network-policy=false
|
|
542
|
-
- --enable-cloudwatch-logs=false
|
|
543
|
-
- --enable-policy-event-logs=false
|
|
544
|
-
- --metrics-bind-addr=:8162
|
|
545
|
-
- --health-probe-bind-addr=:8163
|
|
546
|
-
- --conntrack-cache-cleanup-period=300
|
|
547
|
-
resources:
|
|
548
|
-
requests:
|
|
549
|
-
cpu: 25m
|
|
550
|
-
securityContext:
|
|
551
|
-
capabilities:
|
|
552
|
-
add:
|
|
553
|
-
- NET_ADMIN
|
|
554
|
-
privileged: true
|
|
555
|
-
volumeMounts:
|
|
556
|
-
- mountPath: /host/opt/cni/bin
|
|
557
|
-
name: cni-bin-dir
|
|
558
|
-
- mountPath: /sys/fs/bpf
|
|
559
|
-
name: bpf-pin-path
|
|
560
|
-
- mountPath: /var/log/aws-routed-eni
|
|
561
|
-
name: log-dir
|
|
562
|
-
- mountPath: /var/run/aws-node
|
|
563
|
-
name: run-dir
|
|
564
|
-
volumes:
|
|
565
|
-
- name: bpf-pin-path
|
|
566
|
-
hostPath:
|
|
567
|
-
path: /sys/fs/bpf
|
|
568
|
-
- name: cni-bin-dir
|
|
569
|
-
hostPath:
|
|
570
|
-
path: /opt/cni/bin
|
|
571
|
-
- name: cni-net-dir
|
|
572
|
-
hostPath:
|
|
573
|
-
path: /etc/cni/net.d
|
|
574
|
-
- name: log-dir
|
|
575
|
-
hostPath:
|
|
576
|
-
path: /var/log/aws-routed-eni
|
|
577
|
-
type: DirectoryOrCreate
|
|
578
|
-
- name: run-dir
|
|
579
|
-
hostPath:
|
|
580
|
-
path: /var/run/aws-node
|
|
581
|
-
type: DirectoryOrCreate
|
|
582
|
-
- name: xtables-lock
|
|
583
|
-
hostPath:
|
|
584
|
-
path: /run/xtables.lock
|
|
585
|
-
affinity:
|
|
586
|
-
nodeAffinity:
|
|
587
|
-
requiredDuringSchedulingIgnoredDuringExecution:
|
|
588
|
-
nodeSelectorTerms:
|
|
589
|
-
- matchExpressions:
|
|
590
|
-
- key: kubernetes.io/os
|
|
591
|
-
operator: In
|
|
592
|
-
values:
|
|
593
|
-
- linux
|
|
594
|
-
- key: kubernetes.io/arch
|
|
595
|
-
operator: In
|
|
596
|
-
values:
|
|
597
|
-
- amd64
|
|
598
|
-
- arm64
|
|
599
|
-
- key: eks.amazonaws.com/compute-type
|
|
600
|
-
operator: NotIn
|
|
601
|
-
values:
|
|
602
|
-
- fargate
|