--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.17.2 name: clusters.anywhere.eks.amazonaws.com spec: group: anywhere.eks.amazonaws.com names: kind: Cluster listKind: ClusterList plural: clusters singular: cluster scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: Cluster is the Schema for the clusters API. properties: apiVersion: description: |- APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: description: |- Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: ClusterSpec defines the desired state of Cluster. properties: bundlesRef: description: |- BundlesRef contains a reference to the Bundles containing the desired dependencies for the cluster. DEPRECATED: Use EksaVersion instead. properties: apiVersion: description: APIVersion refers to the Bundles APIVersion type: string name: description: Name refers to the name of the Bundles object in the cluster type: string namespace: description: Namespace refers to the Bundles's namespace type: string required: - apiVersion - name - namespace type: object clusterNetwork: properties: cni: description: Deprecated. Use CNIConfig type: string cniConfig: description: CNIConfig specifies the CNI plugin to be installed in the cluster properties: cilium: description: CiliumConfig contains configuration specific to the Cilium CNI. properties: egressMasqueradeInterfaces: description: EgressMasquaradeInterfaces determines which network interfaces are used for masquerading. Accepted values are a valid interface name or interface prefix. type: string ipv4NativeRoutingCIDR: description: |- IPv4NativeRoutingCIDR specifies the CIDR to use when RoutingMode is set to direct. When specified, Cilium assumes networking for this CIDR is preconfigured and hands traffic destined for that range to the Linux network stack without applying any SNAT. If this is not set autoDirectNodeRoutes will be set to true type: string ipv6NativeRoutingCIDR: description: |- IPv6NativeRoutingCIDR specifies the IPv6 CIDR to use when RoutingMode is set to direct. When specified, Cilium assumes networking for this CIDR is preconfigured and hands traffic destined for that range to the Linux network stack without applying any SNAT. If this is not set autoDirectNodeRoutes will be set to true type: string policyEnforcementMode: description: PolicyEnforcementMode determines communication allowed between pods. Accepted values are default, always, never. type: string routingMode: description: |- RoutingMode indicates the routing tunnel mode to use for Cilium. Accepted values are overlay (geneve tunnel with overlay) or direct (tunneling disabled with direct routing) Defaults to overlay. type: string skipUpgrade: description: |- SkipUpgrade indicicates that Cilium maintenance should be skipped during upgrades. This can be used when operators wish to self manage the Cilium installation. type: boolean type: object kindnetd: description: KindnetdConfig contains configuration specific to the Kindnetd CNI. type: object type: object dns: properties: resolvConf: description: ResolvConf refers to the DNS resolver configuration properties: path: description: Path defines the path to the file that contains the DNS resolver configuration type: string type: object type: object nodes: properties: cidrMaskSize: description: CIDRMaskSize defines the mask size for node cidr in the cluster, default for ipv4 is 24. This is an optional field type: integer type: object pods: description: |- Comma-separated list of CIDR blocks to use for pod and service subnets. Defaults to 192.168.0.0/16 for pod subnet. properties: cidrBlocks: items: type: string type: array type: object services: properties: cidrBlocks: items: type: string type: array type: object type: object controlPlaneConfiguration: properties: apiServerExtraArgs: additionalProperties: type: string description: APIServerExtraArgs defines the flags to configure for the API server. type: object certSans: description: |- CertSANs is a slice of domain names or IPs to be added as Subject Name Alternatives of the Kube API Servers Certificate. items: type: string type: array count: description: Count defines the number of desired control plane nodes. Defaults to 1. type: integer endpoint: description: Endpoint defines the host ip and port to use for the control plane. properties: host: description: Host defines the ip that you want to use to connect to the control plane type: string required: - host type: object kubeletConfiguration: description: KubeletConfiguration is a struct that exposes the Kubelet settings for the user to set on control plane nodes. type: object x-kubernetes-preserve-unknown-fields: true labels: additionalProperties: type: string description: Labels define the labels to assign to the node type: object machineGroupRef: description: MachineGroupRef defines the machine group configuration for the control plane. properties: kind: type: string name: type: string type: object machineHealthCheck: description: MachineHealthCheck is a control-plane level override for the timeouts and maxUnhealthy specified in the top-level MHC configuration. If not configured, the defaults in the top-level MHC configuration are used. properties: maxUnhealthy: anyOf: - type: integer - type: string description: MaxUnhealthy is used to configure the maximum number of unhealthy machines in machine health checks. This setting applies to both control plane and worker machines. If the number of unhealthy machines exceeds the limit set by maxUnhealthy, further remediation will not be performed. If not configured, the default value is set to "100%" for controlplane machines and "40%" for worker machines. x-kubernetes-int-or-string: true nodeStartupTimeout: description: NodeStartupTimeout is used to configure the node startup timeout in machine health checks. It determines how long a MachineHealthCheck should wait for a Node to join the cluster, before considering a Machine unhealthy. If not configured, the default value is set to "10m0s" (10 minutes) for all providers. For Tinkerbell provider the default is "20m0s". type: string unhealthyMachineTimeout: description: UnhealthyMachineTimeout is used to configure the unhealthy machine timeout in machine health checks. If any unhealthy conditions are met for the amount of time specified as the timeout, the machines are considered unhealthy. If not configured, the default value is set to "5m0s" (5 minutes). type: string type: object skipLoadBalancerDeployment: description: |- SkipLoadBalancerDeployment skip deploying control plane load balancer. Make sure your infrastructure can handle control plane load balancing when you set this field to true. type: boolean taints: description: Taints define the set of taints to be applied on control plane nodes items: description: |- The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. properties: effect: description: |- Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: Required. The taint key to be applied to a node. type: string timeAdded: description: |- TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. format: date-time type: string value: description: The taint value corresponding to the taint key. type: string required: - effect - key type: object type: array upgradeRolloutStrategy: description: |- UpgradeRolloutStrategy determines the rollout strategy to use for rolling upgrades and related parameters/knobs properties: rollingUpdate: description: ControlPlaneRollingUpdateParams is API for rolling update strategy knobs. properties: maxSurge: type: integer required: - maxSurge type: object type: description: UpgradeRolloutStrategyType defines the types of upgrade rollout strategies. type: string type: object type: object datacenterRef: properties: kind: type: string name: type: string type: object eksaVersion: description: EksaVersion is the semver identifying the release of eks-a used to populate the cluster components. type: string etcdEncryption: items: description: EtcdEncryption defines the configuration for ETCD encryption. properties: providers: items: description: |- EtcdEncryptionProvider defines the configuration for ETCD encryption providers. Currently only KMS provider is supported. properties: kms: description: KMS defines the configuration for KMS Encryption provider. properties: cachesize: description: |- CacheSize defines the maximum number of encrypted objects to be cached in memory. The default value is 1000. You can set this to a negative value to disable caching. format: int32 type: integer name: description: Name defines the name of KMS plugin to be used. type: string socketListenAddress: description: SocketListenAddress defines a UNIX socket address that the KMS provider listens on. type: string timeout: description: Timeout for kube-apiserver to wait for KMS plugin. Default is 3s. type: string required: - name - socketListenAddress type: object required: - kms type: object type: array resources: description: Resources defines a list of objects and custom resources definitions that should be encrypted. items: type: string type: array required: - providers - resources type: object type: array externalEtcdConfiguration: description: ExternalEtcdConfiguration defines the configuration options for using unstacked etcd topology. properties: count: type: integer machineGroupRef: description: MachineGroupRef defines the machine group configuration for the etcd machines. properties: kind: type: string name: type: string type: object type: object gitOpsRef: properties: kind: type: string name: type: string type: object identityProviderRefs: items: properties: kind: type: string name: type: string type: object type: array kubernetesVersion: type: string licenseToken: type: string machineHealthCheck: description: |- MachineHealthCheck allows to configure timeouts for machine health checks. Machine Health Checks are responsible for remediating unhealthy Machines. Configuring these values will decide how long to wait to remediate unhealthy machine or determine health of nodes' machines. properties: maxUnhealthy: anyOf: - type: integer - type: string description: MaxUnhealthy is used to configure the maximum number of unhealthy machines in machine health checks. This setting applies to both control plane and worker machines. If the number of unhealthy machines exceeds the limit set by maxUnhealthy, further remediation will not be performed. If not configured, the default value is set to "100%" for controlplane machines and "40%" for worker machines. x-kubernetes-int-or-string: true nodeStartupTimeout: description: NodeStartupTimeout is used to configure the node startup timeout in machine health checks. It determines how long a MachineHealthCheck should wait for a Node to join the cluster, before considering a Machine unhealthy. If not configured, the default value is set to "10m0s" (10 minutes) for all providers. For Tinkerbell provider the default is "20m0s". type: string unhealthyMachineTimeout: description: UnhealthyMachineTimeout is used to configure the unhealthy machine timeout in machine health checks. If any unhealthy conditions are met for the amount of time specified as the timeout, the machines are considered unhealthy. If not configured, the default value is set to "5m0s" (5 minutes). type: string type: object managementCluster: properties: name: type: string type: object packages: description: PackageConfiguration for installing EKS Anywhere curated packages. properties: controller: description: Controller package controller configuration properties: digest: description: Digest package controller digest type: string disableWebhooks: description: DisableWebhooks on package controller type: boolean env: description: Env of package controller in the format `key=value` items: type: string type: array repository: description: Repository package controller repository type: string resources: description: Resources of package controller properties: limits: description: ImageResource resources for container image. properties: cpu: description: CPU image cpu type: string memory: description: Memory image memory type: string type: object requests: description: Requests for image resources properties: cpu: description: CPU image cpu type: string memory: description: Memory image memory type: string type: object type: object tag: description: Tag package controller tag type: string type: object cronjob: description: Cronjob for ecr token refresher properties: digest: description: Digest ecr token refresher digest type: string disable: description: Disable on cron job type: boolean repository: description: Repository ecr token refresher repository type: string tag: description: Tag ecr token refresher tag type: string type: object disable: description: Disable package controller on cluster type: boolean type: object podIamConfig: properties: serviceAccountIssuer: type: string required: - serviceAccountIssuer type: object proxyConfiguration: properties: httpProxy: type: string httpsProxy: type: string noProxy: items: type: string type: array type: object registryMirrorConfiguration: description: RegistryMirrorConfiguration defines the settings for image registry mirror. properties: authenticate: description: Authenticate defines if registry requires authentication type: boolean caCertContent: description: CACertContent defines the contents registry mirror CA certificate type: string endpoint: description: Endpoint defines the registry mirror endpoint to use for pulling images type: string insecureSkipVerify: description: |- InsecureSkipVerify skips the registry certificate verification. Only use this solution for isolated testing or in a tightly controlled, air-gapped environment. type: boolean ociNamespaces: description: |- OCINamespaces defines the mapping from an upstream registry to a local namespace where upstream artifacts are placed into items: description: OCINamespace represents an entity in a local reigstry to group related images. properties: namespace: description: Namespace refers to the name of a namespace in the local registry type: string registry: description: Registry refers to the name of the upstream registry type: string required: - namespace - registry type: object type: array port: description: Port defines the port exposed for registry mirror endpoint type: string type: object workerNodeGroupConfigurations: items: properties: autoscalingConfiguration: description: AutoScalingConfiguration defines the auto scaling configuration properties: maxCount: description: MaxCount defines the maximum number of nodes for the associated resource group. type: integer minCount: description: MinCount defines the minimum number of nodes for the associated resource group. type: integer type: object count: description: Count defines the number of desired worker nodes. Defaults to 1. type: integer failureDomains: description: FailureDomains is the optional list of failure domains to distribute worker nodes across the infrastructure. items: type: string type: array kubeletConfiguration: description: KubeletConfiguration is a struct that exposes the Kubelet settings for the user to set on worker nodes. type: object x-kubernetes-preserve-unknown-fields: true kubernetesVersion: description: KubernetesVersion defines the version for worker nodes. If not set, the top level spec kubernetesVersion will be used. type: string labels: additionalProperties: type: string description: Labels define the labels to assign to the node type: object machineGroupRef: description: MachineGroupRef defines the machine group configuration for the worker nodes. properties: kind: type: string name: type: string type: object machineHealthCheck: description: MachineHealthCheck is a worker node level override for the timeouts and maxUnhealthy specified in the top-level MHC configuration. If not configured, the defaults in the top-level MHC configuration are used. properties: maxUnhealthy: anyOf: - type: integer - type: string description: MaxUnhealthy is used to configure the maximum number of unhealthy machines in machine health checks. This setting applies to both control plane and worker machines. If the number of unhealthy machines exceeds the limit set by maxUnhealthy, further remediation will not be performed. If not configured, the default value is set to "100%" for controlplane machines and "40%" for worker machines. x-kubernetes-int-or-string: true nodeStartupTimeout: description: NodeStartupTimeout is used to configure the node startup timeout in machine health checks. It determines how long a MachineHealthCheck should wait for a Node to join the cluster, before considering a Machine unhealthy. If not configured, the default value is set to "10m0s" (10 minutes) for all providers. For Tinkerbell provider the default is "20m0s". type: string unhealthyMachineTimeout: description: UnhealthyMachineTimeout is used to configure the unhealthy machine timeout in machine health checks. If any unhealthy conditions are met for the amount of time specified as the timeout, the machines are considered unhealthy. If not configured, the default value is set to "5m0s" (5 minutes). type: string type: object name: description: Name refers to the name of the worker node group type: string taints: description: Taints define the set of taints to be applied on worker nodes items: description: |- The node this Taint is attached to has the "effect" on any pod that does not tolerate the Taint. properties: effect: description: |- Required. The effect of the taint on pods that do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule and NoExecute. type: string key: description: Required. The taint key to be applied to a node. type: string timeAdded: description: |- TimeAdded represents the time at which the taint was added. It is only written for NoExecute taints. format: date-time type: string value: description: The taint value corresponding to the taint key. type: string required: - effect - key type: object type: array upgradeRolloutStrategy: description: |- UpgradeRolloutStrategy determines the rollout strategy to use for rolling upgrades and related parameters/knobs properties: rollingUpdate: description: WorkerNodesRollingUpdateParams is API for rolling update strategy knobs. properties: maxSurge: type: integer maxUnavailable: type: integer required: - maxSurge - maxUnavailable type: object type: description: UpgradeRolloutStrategyType defines the types of upgrade rollout strategies. type: string type: object type: object type: array type: object status: description: ClusterStatus defines the observed state of Cluster. properties: childrenReconciledGeneration: description: |- ChildrenReconciledGeneration represents the sum of the .metadata.generation for all the linked objects for the cluster, observed the last time the cluster was successfully reconciled. NOTE: This field was added for internal use and we do not provide guarantees to its behavior if changed externally. Its meaning and implementation are subject to change in the future. format: int64 type: integer conditions: items: description: Condition defines an observation of a Cluster API resource operational state. properties: lastTransitionTime: description: |- Last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. format: date-time type: string message: description: |- A human readable message indicating details about the transition. This field may be empty. type: string reason: description: |- The reason for the condition's last transition in CamelCase. The specific API may choose whether or not this field is considered a guaranteed API. This field may not be empty. type: string severity: description: |- Severity provides an explicit classification of Reason code, so the users or machines can immediately understand the current situation and act accordingly. The Severity field MUST be set only when Status=False. type: string status: description: Status of the condition, one of True, False, Unknown. type: string type: description: |- Type of condition in CamelCase or in foo.example.com/CamelCase. Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. type: string required: - lastTransitionTime - status - type type: object type: array eksdReleaseRef: description: EksdReleaseRef defines the properties of the EKS-D object on the cluster properties: apiVersion: description: ApiVersion refers to the EKS-D API version type: string kind: description: Kind refers to the Release kind for the EKS-D object type: string name: description: Name refers to the name of the EKS-D object on the cluster type: string namespace: description: Namespace refers to the namespace for the EKS-D release resources type: string required: - apiVersion - kind - name - namespace type: object failureMessage: description: Descriptive message about a fatal problem while reconciling a cluster type: string failureReason: description: |- Machine readable value about a terminal problem while reconciling the cluster set at the same time as failureMessage type: string observedGeneration: description: ObservedGeneration is the latest generation observed by the controller. format: int64 type: integer reconciledGeneration: description: |- ReconciledGeneration represents the .metadata.generation the last time the cluster was successfully reconciled. It is the latest generation observed by the controller. NOTE: This field was added for internal use and we do not provide guarantees to its behavior if changed externally. Its meaning and implementation are subject to change in the future. format: int64 type: integer type: object type: object served: true storage: true subresources: status: {}