AWSClusterConfiguration

Version: deckhouse.io/v1

Describes the configuration of a cloud cluster in AWS.

Used by the cloud provider if a cluster’s control plane is hosted in the cloud.

Run the following command to change the configuration in a running cluster:

kubectl -n d8-system exec -ti deploy/deckhouse -- deckhouse-controller edit provider-cluster-configuration

Example:

apiVersion: deckhouse.io/v1
kind: AWSClusterConfiguration
layout: WithoutNAT
sshPublicKey: "<SSH_PUBLIC_KEY>"
nodeNetworkCIDR: 172.16.0.0/22
vpcNetworkCIDR: 172.16.0.0/16
masterNodeGroup:
  replicas: 1
  instanceClass:
    instanceType: m5.xlarge
    ami: ami-08b6d44b4f6f7b279
    diskType: gp3
nodeGroups:
- name: worker
  nodeTemplate:
    labels:
      node-role.kubernetes.io/worker: ''
  replicas: 2
  instanceClass:
    instanceType: t2.medium
    ami: ami-0caef02b518350c8b
  additionalTags:
    backup: srv1
provider:
  providerAccessKeyId: "<AWS_ACCESS_KEY>"
  providerSecretAccessKey: "<AWS_SECRET_ACCESS_KEY>"
  region: eu-central-1
tags:
  team: rangers
  • additionalRolePoliciesarray of strings

    List containing an additional policies for IAM roles.

    • Additional policies would be attached to default IAM role policies.
    • Parameter is optional. If ommitted, only default IAM role policies are used.

    Default IAM role policies are:

    - "ec2:DescribeTags"
- "ec2:DescribeInstances"
    • Element of the arraystring

      Pattern: ^(\w+):(\w+)$

  • apiVersionstring

    Required value

    Allowed values: deckhouse.io/v1, deckhouse.io/v1alpha1

  • existingVPCIDstring

    ID of the existing VPC to use for deploying.

    • A mandatory parameter if the vpcNetworkCIDR is omitted.
    • Caution! If there is an Internet Gateway in the target VPC, the deployment of the basic infrastructure will fail with an error. Currently, an Internet Gateway cannot be adopted.
  • kindstring

    Required value

    Allowed values: AWSClusterConfiguration

  • layoutstring

    Required value

    The way resources are located in the cloud.

    Read more about possible provider layouts.

    Note, that the Standard layout is deprecated.

    Allowed values: WithoutNAT, WithNAT, Standard

  • masterNodeGroupobject

    Required value

    Parameters of the master’s NodeGroup.

    Caution! After changing the parameters of the section, you need to run dhctl converge for the changes to take effect.

    • masterNodeGroup.additionalTagsobject

      The additional tags to attach to the instances created (in addition to those specified in the cloud provider configuration).

      Example:

      project: cms-production
severity: critical
    • masterNodeGroup.instanceClassobject

      Required value

      Partial contents of the fields of the AWSInstanceClass.

      • masterNodeGroup.instanceClass.additionalSecurityGroupsarray of strings

        The additional security groups to add to provisioned instances of the specific InstanceClass.

      • masterNodeGroup.instanceClass.amistring

        Required value

        The Amazon Machine Image (AMI ID) to use in provisioned instances.

        Here is how you can find the required AMI (each region has its own set of AMIs):

        aws ec2 --region <REGION> describe-images \
--filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-2020*' | \
jq '.Images[].ImageId'

        Example:

        ami: ami-040a1551f9c9d11ad
      • masterNodeGroup.instanceClass.diskSizeGbinteger

        Instance disk size in gigabytes.

        Example:

        diskSizeGb: 20
      • masterNodeGroup.instanceClass.diskTypestring

        Instance EBS disk type.

        Allowed values: gp3, gp2, io2, io1, st1, sc1

        Example:

        diskType: gp2
      • masterNodeGroup.instanceClass.instanceTypestring

        Required value

        Instance type of AWS instance.

        Caution! Ensure that this type is present in all zones specified in the zones parameter.

        Example:

        instanceType: t3.large
    • masterNodeGroup.replicasinteger

      Required value

      The number of master nodes to create. It is important to have an odd number of masters to ensure a quorum.

      Allowed values: 1 <= X

    • masterNodeGroup.zonesarray of strings

      Not required value.

      A limited set of zones in which master nodes can be created.

  • nodeGroupsarray of objects

    An array of additional NodeGroups for creating static nodes (e.g., for dedicated front nodes or gateways).

    • nodeGroups.additionalTagsobject

      The additional tags to attach to the instances created (in addition to those specified in the cloud provider configuration).

      Example:

      project: cms-production
severity: critical
    • nodeGroups.instanceClassobject

      Required value

      Partial contents of the fields of the AWSInstanceClass.

      • nodeGroups.instanceClass.additionalSecurityGroupsarray of strings

        The additional security groups to add to provisioned instances of the specific InstanceClass.

      • nodeGroups.instanceClass.amistring

        Required value

        The Amazon Machine Image (AMI ID) to use in provisioned instances.

        Here is how you can find the required AMI (each region has its own set of AMIs):

        aws ec2 --region <REGION> describe-images \
--filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-2020*' | \
jq '.Images[].ImageId'

        Example:

        ami: ami-040a1551f9c9d11ad
      • nodeGroups.instanceClass.diskSizeGbinteger

        Instance disk size in gigabytes.

        Example:

        diskSizeGb: 20
      • nodeGroups.instanceClass.diskTypestring

        Instance EBS disk type.

        Allowed values: gp3, gp2, io2, io1, st1, sc1

        Example:

        diskType: gp2
      • nodeGroups.instanceClass.instanceTypestring

        Required value

        Instance type of AWS instance.

        Caution! Ensure that this type is present in all zones specified in the zones parameter.

        Example:

        instanceType: t3.large
    • nodeGroups.namestring

      Required value

      The name of the NodeGroup. It is used to generate the node name.

    • nodeGroups.nodeTemplate

      Parameters of Node objects in Kubernetes to add after registering the node.

      • nodeGroups.nodeTemplate.annotationsobject

        The same as the metadata.annotations standard field.

        Example:

        annotations:
  ai.fleet.com/discombobulate: "true"
      • nodeGroups.nodeTemplate.labelsobject

        A list of labels to attach to cluster resources.

        The same as the metadata.labels standard field.

        Note that you have to re-create all the machines to add new tags if tags were modified in the running cluster.

        Example:

        labels:
  environment: production
  app: warp-drive-ai
      • nodeGroups.nodeTemplate.taintsarray of objects

        The same as the .spec.taints field of the Node object.

        Caution! Only the effect, key, values fields are available.

        Example:

        taints:
- effect: NoExecute
  key: ship-class
  value: frigate
        • nodeGroups.nodeTemplate.taints.effectstring

          Allowed values: NoSchedule, PreferNoSchedule, NoExecute

        • nodeGroups.nodeTemplate.taints.keystring
        • nodeGroups.nodeTemplate.taints.valuestring
    • nodeGroups.replicasinteger

      Required value

      The number of nodes.

    • nodeGroups.zonesarray of strings

      Not required value.

      A limited set of zones in which master nodes can be created.

  • nodeNetworkCIDRstring

    A subnet to use for cluster nodes.

    • The IP range must overlap or match the VPC address range.
    • The IP range will be evenly split into subnets, one per Availability Zone in your region.
    • An optional but recommended parameter. By default, it corresponds to the whole range of VPC addresses.

    If a new VPC is created along with a new cluster and no vpcNetworkCIDR is provided, then the range from nodeNetworkCIDR is used for the VPC. Thus, the entire VPC is allocated for the cluster networks, and you will not be able to add other resources to this VPC.

    The nodeNetworkCIDR range is distributed between subnets depending on the number of availability zones in the selected region. For example: if nodeNetworkCIDR: "10.241.1.0/20" and there are three availability zones in the region, subnets will be created with the /22 mask.

    Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

  • peeredVPCsarray of strings

    A list of AWS VPC IDs to peer with the cluster network.

    The service account must have access to all the VPCs listed. You have to configure the peering connection manually if no access is available.

  • providerobject

    Required value

    Contains settings to connect to the AWS API.

    • provider.providerAccessKeyIdstring

      Required value

      Access key ID.

    • provider.providerSecretAccessKeystring

      Required value

      Access key secret.

    • provider.regionstring

      Required value

      The name of the AWS region where instances will be provisioned.

  • sshAllowListarray of strings

    A list of CIDR’s allowed to connect to nodes via ssh.

    By default, 0.0.0.0/0.

  • sshPublicKeystring

    Required value

    A public key for accessing nodes.

  • standardDeprecatedobject

    Layout is deprecated.

    • tagsobject

      Not required value.

      A dictionary of tags to create on all resources that support this feature.

      You have to re-create all the machines to add new tags if tags were modified in the running cluster.

    • vpcNetworkCIDRstring

      A subnet to use in the VPC being created.

      A mandatory parameter if the existingVPCID parameter is omitted.

      Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$

    • withNATobject
      • withNAT.bastionInstanceobject
        • withNAT.bastionInstance.instanceClassobject

          Required value

          Partial contents of the fields of the AWSInstanceClass.

          • withNAT.bastionInstance.instanceClass.additionalSecurityGroupsarray of strings

            The additional security groups to add to provisioned instance of the specific InstanceClass.

          • withNAT.bastionInstance.instanceClass.amistring

            Required value

            The Amazon Machine Image (AMI ID) to use in provisioned instance.

            Here is how you can find the required AMI (each region has its own set of AMIs):

            aws ec2 --region <REGION> describe-images \
--filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-2020*' | \
jq '.Images[].ImageId'

            Example:

            ami: ami-040a1551f9c9d11ad
          • withNAT.bastionInstance.instanceClass.diskSizeGbinteger

            Instance disk size in gigabytes.

            Example:

            diskSizeGb: 20
          • withNAT.bastionInstance.instanceClass.diskTypestring

            Instance EBS disk type.

            Allowed values: gp3, gp2, io2, io1, st1, sc1

            Example:

            diskType: gp2
          • withNAT.bastionInstance.instanceClass.instanceTypestring

            Required value

            Instance type of AWS instance.

            Caution! Ensure that this type is present in selected zone.

            Example:

            instanceType: t3.large
        • withNAT.bastionInstance.zonestring

          The zone in which the bastion instance will be created.

          By default, the first available zone in the region or the first from the list of the global parameter zones will be used.

    • withoutNATobject
      • zonesarray of strings

        The globally restricted set of zones that this cloud provider works with.