apiVersion: v1 kind: Namespace metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-system --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capas-system/capas-serving-cert controller-gen.kubebuilder.io/version: v0.17.1 labels: cluster.x-k8s.io/provider: infrastructure-aws-snow cluster.x-k8s.io/v1beta1: v1beta1 name: awssnowclusters.infrastructure.cluster.x-k8s.io spec: conversion: strategy: Webhook webhook: clientConfig: caBundle: Cg== service: name: capas-webhook-service namespace: capas-system path: /convert conversionReviewVersions: - v1beta1 group: infrastructure.cluster.x-k8s.io names: kind: AWSSnowCluster listKind: AWSSnowClusterList plural: awssnowclusters singular: awssnowcluster scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: description: AWSSnowCluster is the Schema for the awssnowclusters API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: AWSSnowClusterSpec defines the desired state of AWSSnowCluster properties: controlPlaneEndpoint: description: ControlPlaneEndpoint represents the endpoint used to communicate with the control plane. properties: host: description: The hostname on which the API server is serving. type: string port: description: The port on which the API server is serving. format: int32 type: integer required: - host - port type: object identityRef: description: IdentityRef is a reference to a identity to be used when reconciling this cluster properties: kind: description: Kind of the identity. enum: - Secret type: string name: description: Name of the identity. minLength: 1 type: string required: - kind - name type: object imageLookupBaseOS: description: |- ImageLookupBaseOS is the name of the base operating system used to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupBaseOS. type: string imageLookupFormat: description: |- ImageLookupFormat is the AMI naming format to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capas-ami-{{.BaseOS}}-.?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ type: string imageLookupOrg: description: |- ImageLookupOrg is the AWS Organization ID to look up machine images when a machine does not specify an AMI. When set, this will be used for all cluster machines unless a machine specifies a different ImageLookupOrg. type: string physicalNetworkConnectorType: description: PhysicalNetworkConnectorType is the physical network connector type to use for creating direct network interfaces. Valid values are a physical network connector type (SFP_PLUS or QSFP), or omitted (cluster-api selects a valid physical network interface, default is SFP_PLUS) enum: - SFP_PLUS - QSFP - RJ45 type: string region: description: The AWS Region the cluster lives in. type: string sshKeyName: description: SSHKeyName is the name of the ssh key to attach to the bastion host. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) type: string type: object status: description: AWSSnowClusterStatus defines the observed state of AWSSnowCluster properties: conditions: description: Bastion *Instance `json:"bastion,omitempty"` items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- A human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: description: status of the condition, one of True, False, Unknown. type: string type: description: |- type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime - status - type type: object type: array failureDomains: additionalProperties: description: |- FailureDomainSpec is the Schema for Cluster API failure domains. It allows controllers to understand how many failure domains a cluster can optionally span across. properties: attributes: additionalProperties: type: string description: attributes is a free form map of attributes an infrastructure provider might use or require. type: object controlPlane: description: controlPlane determines if this failure domain is suitable for use by control plane machines. type: boolean type: object description: Network Network `json:"network,omitempty"` type: object ready: default: false type: boolean required: - ready type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capas-system/capas-serving-cert controller-gen.kubebuilder.io/version: v0.17.1 labels: cluster.x-k8s.io/provider: infrastructure-aws-snow cluster.x-k8s.io/v1beta1: v1beta1 clusterctl.cluster.x-k8s.io/move-hierarchy: "" name: awssnowippools.infrastructure.cluster.x-k8s.io spec: conversion: strategy: Webhook webhook: clientConfig: caBundle: Cg== service: name: capas-webhook-service namespace: capas-system path: /convert conversionReviewVersions: - v1beta1 group: infrastructure.cluster.x-k8s.io names: kind: AWSSnowIPPool listKind: AWSSnowIPPoolList plural: awssnowippools singular: awssnowippool scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: description: AWSSnowIPPool is the Schema for the awssnowippools API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: AWSSnowIPPoolSpec defines the desired state of AWSSnowIPPool properties: pools: description: IPPools defines a range of ip addresses for static IP configurations. items: description: IPPool is the configuration of static ip, it provides a range of ip addresses properties: gateway: description: Gateway is the gateway of this subnet. Used for routing purpose type: string ipEnd: description: IPEnd is the end ip address of an ip range type: string ipStart: description: IPStart is the start ip address of an ip range type: string subnet: description: Subnet is customers' network subnet, we can use it to determine whether an ip is in this subnet type: string type: object type: array type: object status: description: AWSSnowIPPoolStatus defines the observed state of AWSSnowIPPool type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capas-system/capas-serving-cert controller-gen.kubebuilder.io/version: v0.17.1 labels: cluster.x-k8s.io/provider: infrastructure-aws-snow cluster.x-k8s.io/v1beta1: v1beta1 name: awssnowmachines.infrastructure.cluster.x-k8s.io spec: conversion: strategy: Webhook webhook: clientConfig: caBundle: Cg== service: name: capas-webhook-service namespace: capas-system path: /convert conversionReviewVersions: - v1beta1 group: infrastructure.cluster.x-k8s.io names: kind: AWSSnowMachine listKind: AWSSnowMachineList plural: awssnowmachines singular: awssnowmachine scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: description: AWSSnowMachine is the Schema for the awssnowmachines API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string deviceIP: type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: |- AWSSnowMachineSpec defines the desired state of AWSSnowMachine. Below struct is a full copy of AWSSnowMachineSpec. Fields not needed for now are commented out with TODO added in comments. properties: additionalSecurityGroups: description: |- AdditionalSecurityGroups is an array of references to security groups that should be applied to the instance. These security groups would be set in addition to any security groups defined at the cluster level or in the actuator. It is possible to specify either IDs of Filters. Using Filters will cause additional requests to AWS API and if tags change the attached security groups might change too. items: description: |- AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error. properties: arn: description: ARN of resource type: string filters: description: |- Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html items: description: Filter is a filter used to identify an AWS resource properties: name: description: Name of the filter. Filter names are case-sensitive. type: string values: description: Values includes one or more filter values. Filter values are case-sensitive. items: type: string type: array required: - name - values type: object type: array id: description: ID of resource type: string type: object type: array ami: description: AMI is the reference to the AMI from which to create the machine instance. properties: arn: description: ARN of resource type: string filters: description: |- Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html items: description: Filter is a filter used to identify an AWS resource properties: name: description: Name of the filter. Filter names are case-sensitive. type: string values: description: Values includes one or more filter values. Filter values are case-sensitive. items: type: string type: array required: - name - values type: object type: array id: description: ID of resource type: string type: object cloudInit: description: |- CloudInit defines options related to the bootstrapping systems where CloudInit is used. properties: insecureSkipSecretsManager: description: |- InsecureSkipSecretsManager, when set to true will not use AWS Secrets Manager or AWS Systems Manager Parameter Store to ensure privacy of userdata. By default, a cloud-init boothook shell script is prepended to download the userdata from Secrets Manager and additionally delete the secret. type: boolean secretCount: description: SecretCount is the number of secrets used to form the complete secret format: int32 type: integer secretPrefix: description: |- SecretPrefix is the prefix for the secret name. This is stored temporarily, and deleted when the machine registers as a node against the workload cluster. type: string type: object containersVolume: description: Configuration options for the containers data storage volumes. properties: deviceName: description: Device name type: string size: description: |- Size specifies size (in Gi) of the storage device. Must be greater than the image snapshot size or 8 (whichever is greater). format: int64 minimum: 8 type: integer type: description: Type is the type of the volume (sbp1 for capacity-optimized HDD, sbg1 performance-optimized SSD, default is sbp1) enum: - sbp1 - sbg1 type: string required: - size type: object devices: description: Devices is a device ip list which is assigned by customer to provision machines items: type: string minItems: 1 type: array failureDomain: description: |- FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API. For this infrastructure provider, the ID is equivalent to an AWS Availability Zone. If multiple subnets are matched for the availability zone, the first one returned is picked. type: string iamInstanceProfile: description: IAMInstanceProfile is a name of an IAM instance profile to assign to the instance type: string imageLookupBaseOS: description: |- ImageLookupBaseOS is the name of the base operating system to use for image lookup the AMI is not set. type: string imageLookupFormat: description: |- ImageLookupFormat is the AMI naming format to look up the image for this machine It will be ignored if an explicit AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capas-ami-{{.BaseOS}}-.?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ type: string imageLookupOrg: description: ImageLookupOrg is the AWS Organization ID to use for image lookup if AMI is not set. type: string instanceID: description: InstanceID is the EC2 instance ID for this machine. type: string instanceType: description: 'InstanceType is the type of instance to create. Example: m4.xlarge' type: string network: description: Network is the DNI and ip address settings for this machine properties: directNetworkInterfaces: description: DirectNetworkInterfaces is a DNI configuration list what customers want items: description: AWSSnowDirectNetworkInterface is configuration of DNIs specified by customers. properties: dhcp: description: |- DHCP shows whether we assign ip using DHCP for this DNI If DHCP is true, CAPAS will allocate ip address to this DNI using DHCP type: boolean index: description: Index is the index number of DNI, usually starts from 1 which can clarify DNIs in the list maximum: 8 minimum: 1 type: integer ipPool: description: |- IPPool is an ip pool which provides a range of ip addresses If IPPool is not nil, we will allocate an ip address from this pool to this DNI properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic primary: description: Primary indicates whether the DNI is primary or not type: boolean vlanID: description: VlanID is the vlan ID assigned by the user to this DNI format: int32 maximum: 4095 minimum: 0 type: integer type: object maxItems: 8 minItems: 1 type: array required: - directNetworkInterfaces type: object networkInterfaces: description: |- NetworkInterfaces is a list of ENIs to associate with the instance. A maximum of 2 may be specified. items: type: string maxItems: 2 type: array nonRootVolumes: description: Configuration options for the non root storage volumes. items: description: Volume encapsulates the configuration options for the storage device properties: deviceName: description: Device name type: string size: description: |- Size specifies size (in Gi) of the storage device. Must be greater than the image snapshot size or 8 (whichever is greater). format: int64 minimum: 8 type: integer type: description: Type is the type of the volume (sbp1 for capacity-optimized HDD, sbg1 performance-optimized SSD, default is sbp1) enum: - sbp1 - sbg1 type: string required: - size type: object type: array osFamily: description: OSFamily is the OS flavor which is used as the node instance OS, currently support ubuntu and bottlerocket enum: - ubuntu - bottlerocket type: string physicalNetworkConnectorType: description: PhysicalNetworkConnectorType is the physical network connector type to use for creating direct network interfaces. Valid values are a physical network connector type (SFP_PLUS or QSFP), or omitted (cluster-api selects a valid physical network interface, default is SFP_PLUS) enum: - SFP_PLUS - QSFP - RJ45 type: string primaryPublicIP: description: PrimaryPublicIP is the primary public ip of machine type: string providerID: description: ProviderID is the unique identifier as specified by the cloud provider. type: string publicIP: description: |- PublicIP specifies whether the instance should get a public IP. Precedence for this setting is as follows: 1. This field if set 2. Cluster/flavor setting 3. Subnet default type: boolean rootVolume: description: RootVolume encapsulates the configuration options for the root volume properties: deviceName: description: Device name type: string size: description: |- Size specifies size (in Gi) of the storage device. Must be greater than the image snapshot size or 8 (whichever is greater). format: int64 minimum: 8 type: integer type: description: Type is the type of the volume (sbp1 for capacity-optimized HDD, sbg1 performance-optimized SSD, default is sbp1) enum: - sbp1 - sbg1 type: string required: - size type: object sshKeyName: description: SSHKeyName is the name of the ssh key to attach to the instance. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) type: string subnet: description: |- Subnet is a reference to the subnet to use for this instance. If not specified, the cluster subnet will be used. properties: arn: description: ARN of resource type: string filters: description: |- Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html items: description: Filter is a filter used to identify an AWS resource properties: name: description: Name of the filter. Filter names are case-sensitive. type: string values: description: Values includes one or more filter values. Filter values are case-sensitive. items: type: string type: array required: - name - values type: object type: array id: description: ID of resource type: string type: object uncompressedUserData: description: |- UncompressedUserData specify whether the user data is gzip-compressed before it is sent to ec2 instance. cloud-init has built-in support for gzip-compressed user data user data stored in aws secret manager is always gzip-compressed. type: boolean required: - network type: object status: description: AWSSnowMachineStatus defines the observed state of AWSSnowMachine properties: addresses: description: Addresses contains the AWS instance associated addresses. items: description: MachineAddress contains information for the node's address. properties: address: description: The machine address. type: string type: description: Machine address type, one of Hostname, ExternalIP, InternalIP, ExternalDNS or InternalDNS. type: string required: - address - type type: object type: array conditions: description: Conditions defines current service state of the AWSSnowMachine. items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- A human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may be empty. type: string severity: description: |- severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: description: status of the condition, one of True, False, Unknown. type: string type: description: |- type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime - status - type type: object type: array failureMessage: description: |- FailureMessage will be set in the event that there is a terminal problem reconciling the Machine and will contain a more verbose string suitable for logging and human consumption. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. type: string failureReason: description: |- FailureReason will be set in the event that there is a terminal problem reconciling the Machine and will contain a succinct value suitable for machine interpretation. This field should not be set for transitive errors that a controller faces that are expected to be fixed automatically over time (like service outages), but instead indicate that something is fundamentally wrong with the Machine's spec or the configuration of the controller, and that manual intervention is required. Examples of terminal errors would be invalid combinations of settings in the spec, values that are unsupported by the controller, or the responsible controller itself being critically misconfigured. Any transient errors that occur during the reconciliation of Machines can be added as events to the Machine object and/or logged in the controller's output. type: string instanceState: description: InstanceState is the state of the AWS instance for this machine. type: string ready: description: Ready is true when the provider resource is ready. type: boolean type: object type: object served: true storage: true subresources: status: {} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: capas-system/capas-serving-cert controller-gen.kubebuilder.io/version: v0.17.1 labels: cluster.x-k8s.io/provider: infrastructure-aws-snow cluster.x-k8s.io/v1beta1: v1beta1 name: awssnowmachinetemplates.infrastructure.cluster.x-k8s.io spec: conversion: strategy: Webhook webhook: clientConfig: caBundle: Cg== service: name: capas-webhook-service namespace: capas-system path: /convert conversionReviewVersions: - v1beta1 group: infrastructure.cluster.x-k8s.io names: categories: - cluster-api kind: AWSSnowMachineTemplate listKind: AWSSnowMachineTemplateList plural: awssnowmachinetemplates shortNames: - awssmt singular: awssnowmachinetemplate scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: description: AWSSnowMachineTemplate is the Schema for the awssnowmachinetemplates API properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: AWSSnowMachineTemplateSpec defines the desired state of AWSSnowMachineTemplate properties: template: description: AWSSnowMachineTemplateResource describes the data needed to create am AWSSnowMachine from a template properties: spec: description: Spec is the specification of the desired behavior of the machine. properties: additionalSecurityGroups: description: |- AdditionalSecurityGroups is an array of references to security groups that should be applied to the instance. These security groups would be set in addition to any security groups defined at the cluster level or in the actuator. It is possible to specify either IDs of Filters. Using Filters will cause additional requests to AWS API and if tags change the attached security groups might change too. items: description: |- AWSResourceReference is a reference to a specific AWS resource by ID, ARN, or filters. Only one of ID, ARN or Filters may be specified. Specifying more than one will result in a validation error. properties: arn: description: ARN of resource type: string filters: description: |- Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html items: description: Filter is a filter used to identify an AWS resource properties: name: description: Name of the filter. Filter names are case-sensitive. type: string values: description: Values includes one or more filter values. Filter values are case-sensitive. items: type: string type: array required: - name - values type: object type: array id: description: ID of resource type: string type: object type: array ami: description: AMI is the reference to the AMI from which to create the machine instance. properties: arn: description: ARN of resource type: string filters: description: |- Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html items: description: Filter is a filter used to identify an AWS resource properties: name: description: Name of the filter. Filter names are case-sensitive. type: string values: description: Values includes one or more filter values. Filter values are case-sensitive. items: type: string type: array required: - name - values type: object type: array id: description: ID of resource type: string type: object cloudInit: description: |- CloudInit defines options related to the bootstrapping systems where CloudInit is used. properties: insecureSkipSecretsManager: description: |- InsecureSkipSecretsManager, when set to true will not use AWS Secrets Manager or AWS Systems Manager Parameter Store to ensure privacy of userdata. By default, a cloud-init boothook shell script is prepended to download the userdata from Secrets Manager and additionally delete the secret. type: boolean secretCount: description: SecretCount is the number of secrets used to form the complete secret format: int32 type: integer secretPrefix: description: |- SecretPrefix is the prefix for the secret name. This is stored temporarily, and deleted when the machine registers as a node against the workload cluster. type: string type: object containersVolume: description: Configuration options for the containers data storage volumes. properties: deviceName: description: Device name type: string size: description: |- Size specifies size (in Gi) of the storage device. Must be greater than the image snapshot size or 8 (whichever is greater). format: int64 minimum: 8 type: integer type: description: Type is the type of the volume (sbp1 for capacity-optimized HDD, sbg1 performance-optimized SSD, default is sbp1) enum: - sbp1 - sbg1 type: string required: - size type: object devices: description: Devices is a device ip list which is assigned by customer to provision machines items: type: string minItems: 1 type: array failureDomain: description: |- FailureDomain is the failure domain unique identifier this Machine should be attached to, as defined in Cluster API. For this infrastructure provider, the ID is equivalent to an AWS Availability Zone. If multiple subnets are matched for the availability zone, the first one returned is picked. type: string iamInstanceProfile: description: IAMInstanceProfile is a name of an IAM instance profile to assign to the instance type: string imageLookupBaseOS: description: |- ImageLookupBaseOS is the name of the base operating system to use for image lookup the AMI is not set. type: string imageLookupFormat: description: |- ImageLookupFormat is the AMI naming format to look up the image for this machine It will be ignored if an explicit AMI is set. Supports substitutions for {{.BaseOS}} and {{.K8sVersion}} with the base OS and kubernetes version, respectively. The BaseOS will be the value in ImageLookupBaseOS or ubuntu (the default), and the kubernetes version as defined by the packages produced by kubernetes/release without v as a prefix: 1.13.0, 1.12.5-mybuild.1, or 1.17.3. For example, the default image format of capas-ami-{{.BaseOS}}-.?{{.K8sVersion}}-* will end up searching for AMIs that match the pattern capa-ami-ubuntu-?1.18.0-* for a Machine that is targeting kubernetes v1.18.0 and the ubuntu base OS. See also: https://golang.org/pkg/text/template/ type: string imageLookupOrg: description: ImageLookupOrg is the AWS Organization ID to use for image lookup if AMI is not set. type: string instanceID: description: InstanceID is the EC2 instance ID for this machine. type: string instanceType: description: 'InstanceType is the type of instance to create. Example: m4.xlarge' type: string network: description: Network is the DNI and ip address settings for this machine properties: directNetworkInterfaces: description: DirectNetworkInterfaces is a DNI configuration list what customers want items: description: AWSSnowDirectNetworkInterface is configuration of DNIs specified by customers. properties: dhcp: description: |- DHCP shows whether we assign ip using DHCP for this DNI If DHCP is true, CAPAS will allocate ip address to this DNI using DHCP type: boolean index: description: Index is the index number of DNI, usually starts from 1 which can clarify DNIs in the list maximum: 8 minimum: 1 type: integer ipPool: description: |- IPPool is an ip pool which provides a range of ip addresses If IPPool is not nil, we will allocate an ip address from this pool to this DNI properties: apiVersion: description: API version of the referent. type: string fieldPath: description: |- If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. type: string kind: description: |- Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string name: description: |- Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string namespace: description: |- Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ type: string resourceVersion: description: |- Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency type: string uid: description: |- UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids type: string type: object x-kubernetes-map-type: atomic primary: description: Primary indicates whether the DNI is primary or not type: boolean vlanID: description: VlanID is the vlan ID assigned by the user to this DNI format: int32 maximum: 4095 minimum: 0 type: integer type: object maxItems: 8 minItems: 1 type: array required: - directNetworkInterfaces type: object networkInterfaces: description: |- NetworkInterfaces is a list of ENIs to associate with the instance. A maximum of 2 may be specified. items: type: string maxItems: 2 type: array nonRootVolumes: description: Configuration options for the non root storage volumes. items: description: Volume encapsulates the configuration options for the storage device properties: deviceName: description: Device name type: string size: description: |- Size specifies size (in Gi) of the storage device. Must be greater than the image snapshot size or 8 (whichever is greater). format: int64 minimum: 8 type: integer type: description: Type is the type of the volume (sbp1 for capacity-optimized HDD, sbg1 performance-optimized SSD, default is sbp1) enum: - sbp1 - sbg1 type: string required: - size type: object type: array osFamily: description: OSFamily is the OS flavor which is used as the node instance OS, currently support ubuntu and bottlerocket enum: - ubuntu - bottlerocket type: string physicalNetworkConnectorType: description: PhysicalNetworkConnectorType is the physical network connector type to use for creating direct network interfaces. Valid values are a physical network connector type (SFP_PLUS or QSFP), or omitted (cluster-api selects a valid physical network interface, default is SFP_PLUS) enum: - SFP_PLUS - QSFP - RJ45 type: string primaryPublicIP: description: PrimaryPublicIP is the primary public ip of machine type: string providerID: description: ProviderID is the unique identifier as specified by the cloud provider. type: string publicIP: description: |- PublicIP specifies whether the instance should get a public IP. Precedence for this setting is as follows: 1. This field if set 2. Cluster/flavor setting 3. Subnet default type: boolean rootVolume: description: RootVolume encapsulates the configuration options for the root volume properties: deviceName: description: Device name type: string size: description: |- Size specifies size (in Gi) of the storage device. Must be greater than the image snapshot size or 8 (whichever is greater). format: int64 minimum: 8 type: integer type: description: Type is the type of the volume (sbp1 for capacity-optimized HDD, sbg1 performance-optimized SSD, default is sbp1) enum: - sbp1 - sbg1 type: string required: - size type: object sshKeyName: description: SSHKeyName is the name of the ssh key to attach to the instance. Valid values are empty string (do not use SSH keys), a valid SSH key name, or omitted (use the default SSH key name) type: string subnet: description: |- Subnet is a reference to the subnet to use for this instance. If not specified, the cluster subnet will be used. properties: arn: description: ARN of resource type: string filters: description: |- Filters is a set of key/value pairs used to identify a resource They are applied according to the rules defined by the AWS API: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Filtering.html items: description: Filter is a filter used to identify an AWS resource properties: name: description: Name of the filter. Filter names are case-sensitive. type: string values: description: Values includes one or more filter values. Filter values are case-sensitive. items: type: string type: array required: - name - values type: object type: array id: description: ID of resource type: string type: object uncompressedUserData: description: |- UncompressedUserData specify whether the user data is gzip-compressed before it is sent to ec2 instance. cloud-init has built-in support for gzip-compressed user data user data stored in aws secret manager is always gzip-compressed. type: boolean required: - network type: object required: - spec type: object required: - template type: object type: object served: true storage: true --- apiVersion: v1 kind: ServiceAccount metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-controller-manager namespace: capas-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-leader-election-role namespace: capas-system rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-manager-role rules: - apiGroups: - "" resources: - events verbs: - create - get - list - patch - update - watch - apiGroups: - "" resources: - namespaces - secrets verbs: - get - list - watch - apiGroups: - cluster.x-k8s.io resources: - clusters - clusters/status - machines - machines/status verbs: - get - list - watch - apiGroups: - infrastructure.cluster.x-k8s.io resources: - awssnowclusters - awssnowippools - awssnowmachines verbs: - create - delete - get - list - patch - update - watch - apiGroups: - infrastructure.cluster.x-k8s.io resources: - awssnowclusters/finalizers verbs: - update - apiGroups: - infrastructure.cluster.x-k8s.io resources: - awssnowclusters/status - awssnowmachines/status verbs: - get - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-leader-election-rolebinding namespace: capas-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: capas-leader-election-role subjects: - kind: ServiceAccount name: capas-controller-manager namespace: capas-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: capas-manager-role subjects: - kind: ServiceAccount name: capas-controller-manager namespace: capas-system --- apiVersion: v1 data: controller_manager_config.yaml: | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 kind: ControllerManagerConfig health: healthProbeBindAddress: :8081 metrics: bindAddress: 127.0.0.1:8080 webhook: port: 9443 leaderElection: leaderElect: true resourceName: controller-leader-elect-capas kind: ConfigMap metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-manager-config namespace: capas-system --- apiVersion: v1 data: ca-bundle: ${AWS_B64ENCODED_CA_BUNDLES} credentials: ${AWS_B64ENCODED_CREDENTIALS} kind: Secret metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-manager-bootstrap-credentials namespace: capas-system type: Opaque --- apiVersion: v1 kind: Service metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-webhook-service namespace: capas-system spec: ports: - port: 443 targetPort: webhook-server selector: cluster.x-k8s.io/provider: infrastructure-aws-snow --- apiVersion: apps/v1 kind: Deployment metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow control-plane: controller-manager name: capas-controller-manager namespace: capas-system spec: replicas: 1 selector: matchLabels: cluster.x-k8s.io/provider: infrastructure-aws-snow control-plane: controller-manager template: metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow control-plane: controller-manager spec: containers: - args: - --leader-elect command: - /manager env: - name: AWS_SHARED_CREDENTIALS_FILE value: /home/.aws/credentials - name: AWS_CA_BUNDLE value: /home/.aws/ca-bundle image: ${SNOW_CONTROLLER_IMAGE} imagePullPolicy: IfNotPresent livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 100m memory: 30Mi requests: cpu: 100m memory: 20Mi securityContext: allowPrivilegeEscalation: false volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true - mountPath: /home/.aws name: ca-bundle serviceAccountName: capas-controller-manager terminationGracePeriodSeconds: 10 tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master - effect: NoSchedule key: node-role.kubernetes.io/control-plane volumes: - name: cert secret: defaultMode: 420 secretName: capas-webhook-service-cert - name: credentials secret: secretName: capas-manager-bootstrap-credentials - name: ca-bundle secret: secretName: capas-manager-bootstrap-credentials --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-serving-cert namespace: capas-system spec: dnsNames: - capas-webhook-service.capas-system.svc - capas-webhook-service.capas-system.svc.cluster.local issuerRef: kind: Issuer name: capas-selfsigned-issuer secretName: capas-webhook-service-cert --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-selfsigned-issuer namespace: capas-system spec: selfSigned: {} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capas-system/capas-serving-cert labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-mutating-webhook-configuration webhooks: - admissionReviewVersions: - v1beta1 clientConfig: service: name: capas-webhook-service namespace: capas-system path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-awssnowcluster failurePolicy: Fail matchPolicy: Equivalent name: default.awssnowcluster.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - awssnowclusters sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: service: name: capas-webhook-service namespace: capas-system path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-awssnowmachine failurePolicy: Fail name: mutation.awssnowmachine.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - awssnowmachines sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: capas-system/capas-serving-cert labels: cluster.x-k8s.io/provider: infrastructure-aws-snow name: capas-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1beta1 clientConfig: service: name: capas-webhook-service namespace: capas-system path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-awssnowcluster failurePolicy: Fail matchPolicy: Equivalent name: validation.awssnowcluster.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - awssnowclusters sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: service: name: capas-webhook-service namespace: capas-system path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-awssnowippool failurePolicy: Fail matchPolicy: Equivalent name: validation.awssnowippool.infrastructure.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - awssnowippools sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: service: name: capas-webhook-service namespace: capas-system path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-awssnowmachine failurePolicy: Fail matchPolicy: Equivalent name: validation.awssnowmachine.infrastructure.cluster.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - awssnowmachines sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: service: name: capas-webhook-service namespace: capas-system path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-awssnowmachinetemplate failurePolicy: Fail matchPolicy: Equivalent name: validation.awssnowmachinetemplate.infrastructure.x-k8s.io rules: - apiGroups: - infrastructure.cluster.x-k8s.io apiVersions: - v1beta1 operations: - CREATE - UPDATE resources: - awssnowmachinetemplates sideEffects: None