Cloud provider — AWS: provider configuration

AWSClusterConfiguration

Version: deckhouse.io/v1

Describes the configuration of a cloud cluster in AWS.

Used by the cloud provider if a cluster’s control plane is hosted in the cloud.

Run the following command to change the configuration in a running cluster:

kubectl -n d8-system exec -ti deploy/deckhouse -- deckhouse-controller edit provider-cluster-configuration

Example:

apiVersion: deckhouse.io/v1
kind: AWSClusterConfiguration
layout: WithoutNAT
sshPublicKey: "<SSH_PUBLIC_KEY>"
nodeNetworkCIDR: 172.16.0.0/22
vpcNetworkCIDR: 172.16.0.0/16
masterNodeGroup:
  replicas: 1
  instanceClass:
    instanceType: m5.xlarge
    ami: ami-08b6d44b4f6f7b279
    diskType: gp3
nodeGroups:
- name: worker
  nodeTemplate:
    labels:
      node-role.kubernetes.io/worker: ''
  replicas: 2
  instanceClass:
    instanceType: t2.medium
    ami: ami-0caef02b518350c8b
  additionalTags:
    backup: srv1
provider:
  providerAccessKeyId: "<AWS_ACCESS_KEY>"
  providerSecretAccessKey: "<AWS_SECRET_ACCESS_KEY>"
  region: eu-central-1
tags:
  team: rangers

additionalRolePoliciesarray of strings
A list containing additional policy actions for IAM roles.
- Additional policy actions would be attached to the default IAM role policy actions.
- Parameter is optional. If omitted, only default IAM role policy actions are used.
- Example of policy actions: ecr:ListImages, s3:GetObject, etc.
Default IAM role policies actions contain the following roles:
- ec2:DescribeTags
- ec2:DescribeInstances
- Element of the arraystring
  Pattern: ^([a-zA-Z0-9_\-]+):([a-zA-Z0-9_\-\*\?]+)$
apiVersionstring
Required value
Allowed values: deckhouse.io/v1, deckhouse.io/v1alpha1
existingVPCIDstring
ID of the existing VPC to use for deploying.
- A mandatory parameter if the vpcNetworkCIDR is omitted.
- Caution! If there is an Internet Gateway in the target VPC, the deployment of the basic infrastructure will fail with an error. Currently, an Internet Gateway cannot be adopted.
kindstring
Required value
Allowed values: AWSClusterConfiguration
layoutstring
Required value
The way resources are located in the cloud.

Read more about possible provider layouts.

Note, that the Standard layout is deprecated.

Allowed values: WithoutNAT, WithNAT, Standard
masterNodeGroupobject
Required value
Parameters of the master’s NodeGroup.

Caution! After changing the parameters of the section, you need to run dhctl converge for the changes to take effect.
- masterNodeGroup.additionalTagsobject
  The additional tags to attach to the instances created (in addition to those specified in the cloud provider configuration).
  
  Example:
```
additionalTags:
  project: cms-production
  severity: critical
```
- masterNodeGroup.instanceClassobject
  Required value
  Partial contents of the fields of the AWSInstanceClass.
  - masterNodeGroup.instanceClass.additionalSecurityGroupsarray of strings
    The additional security groups to add to provisioned instances of the specific InstanceClass.
  - masterNodeGroup.instanceClass.amistring
    Required value
    The Amazon Machine Image (AMI ID) to use in provisioned instances.
    
    Here is how you can find the required AMI (each region has its own set of AMIs):
    aws ec2 --region <REGION> describe-images \ --filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-2020*' | \ jq '.Images[].ImageId'
    Example:
    ami: ami-040a1551f9c9d11ad
  - masterNodeGroup.instanceClass.diskSizeGbinteger
    Instance disk size in gibibytes.
    
    Example:
    diskSizeGb: 20
  - masterNodeGroup.instanceClass.diskTypestring
    Instance EBS disk type.
    
    Allowed values: gp3, gp2, io2, io1, st1, sc1
    Example:
    diskType: gp2
  - masterNodeGroup.instanceClass.etcdDiskobject
    Default: {"sizeGb":20,"type":"gp3"}
    - masterNodeGroup.instanceClass.etcdDisk.sizeGbinteger
      Etcd disk size in gibibytes.
    - masterNodeGroup.instanceClass.etcdDisk.typestring
      Etcd disk type.
  - masterNodeGroup.instanceClass.instanceTypestring
    Required value
    Instance type of AWS instance.
    
    Caution! Ensure that this type is present in all zones specified in the zones parameter.
    
    Example:
    instanceType: t3.large
- masterNodeGroup.replicasinteger
  Required value
  The number of master nodes to create.
  
  It is important to have an odd number of masters to ensure a quorum.
  
  Allowed values: 1 <= X
- masterNodeGroup.zonesarray of strings
  Not required value.
  A limited set of zones in which master nodes can be created.
nodeGroupsarray of objects
An array of additional NodeGroups for creating static nodes (e.g., for dedicated front nodes or gateways).
- nodeGroups.additionalTagsobject
  The additional tags to attach to the instances created (in addition to those specified in the cloud provider configuration).
  
  Example:
```
project: cms-production
severity: critical
```
- nodeGroups.instanceClassobject
  Required value
  Partial contents of the fields of the AWSInstanceClass.
  - nodeGroups.instanceClass.additionalSecurityGroupsarray of strings
    The additional security groups to add to provisioned instances of the specific InstanceClass.
  - nodeGroups.instanceClass.amistring
    Required value
    The Amazon Machine Image (AMI ID) to use in provisioned instances.
    
    Here is how you can find the required AMI (each region has its own set of AMIs):
    aws ec2 --region <REGION> describe-images \ --filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-2020*' | \ jq '.Images[].ImageId'
    Example:
    ami: ami-040a1551f9c9d11ad
  - nodeGroups.instanceClass.diskSizeGbinteger
    Instance disk size in gibibytes.
    
    Example:
    diskSizeGb: 20
  - nodeGroups.instanceClass.diskTypestring
    Instance EBS disk type.
    
    Allowed values: gp3, gp2, io2, io1, st1, sc1
    Example:
    diskType: gp2
  - nodeGroups.instanceClass.instanceTypestring
    Required value
    Instance type of AWS instance.
    
    Caution! Ensure that this type is present in all zones specified in the zones parameter.
    
    Example:
    instanceType: t3.large
- nodeGroups.namestring
  Required value
  The name of the NodeGroup. It is used to generate the node name.
- nodeGroups.nodeTemplate
  Parameters of Node objects in Kubernetes to add after registering the node.
  - nodeGroups.nodeTemplate.annotationsobject
    The same as the metadata.annotations standard field.
    
    Example:
    annotations: ai.fleet.com/discombobulate: "true"
  - nodeGroups.nodeTemplate.labelsobject
    A list of labels to attach to cluster resources.
    
    The same as the metadata.labels standard field.
    
    Note that you have to re-create all the machines to add new tags if tags were modified in the running cluster.
    
    Example:
    labels: environment: production app: warp-drive-ai
  - nodeGroups.nodeTemplate.taintsarray of objects
    The same as the .spec.taints field of the Node object.
    
    Caution! Only the effect, key, values fields are available.
    
    Example:
    taints: - effect: NoExecute key: ship-class value: frigate
    - nodeGroups.nodeTemplate.taints.effectstring
      Allowed values: NoSchedule, PreferNoSchedule, NoExecute
    - nodeGroups.nodeTemplate.taints.keystring
    - nodeGroups.nodeTemplate.taints.valuestring
- nodeGroups.replicasinteger
  Required value
  The number of nodes.
- nodeGroups.zonesarray of strings
  Not required value.
  A limited set of zones in which master nodes can be created.
nodeNetworkCIDRstring
A subnet to use for cluster nodes:
- The IP range must overlap or match the VPC address range.
- The IP range will be evenly split into subnets, one per Availability Zone in your region.
- An optional but recommended parameter. By default, it corresponds to the whole range of VPC addresses.
If a new VPC is created along with a new cluster and no vpcNetworkCIDR is provided, then the range from nodeNetworkCIDR is used for the VPC. Thus, the entire VPC is allocated for the cluster networks, and you will not be able to add other resources to this VPC.

The nodeNetworkCIDR range is distributed between subnets depending on the number of availability zones in the selected region. For example, if nodeNetworkCIDR: "10.241.1.0/20" and there are three availability zones in the region, subnets will be created with the /22 mask.
Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$
peeredVPCsarray of strings
A list of AWS VPC IDs to peer with the cluster network.

The service account must have access to all the VPCs listed. You have to configure the peering connection manually if no access is available.
providerobject
Required value
Contains settings to connect to the AWS API.
- provider.providerAccessKeyIdstring
  Required value
  Access key ID.
- provider.providerSecretAccessKeystring
  Required value
  Access key secret.
- provider.regionstring
  Required value
  The name of the AWS region where instances will be provisioned.
sshAllowListarray of strings
A list of CIDR’s allowed to connect to nodes via SSH.

By default, 0.0.0.0/0.
sshPublicKeystring
Required value
A public key for accessing nodes.
standardDeprecatedobject
Layout is deprecated.
tagsobject
Not required value.
A dictionary of tags to create on all resources that support this feature.

You have to re-create all the machines to add new tags if tags were modified in the running cluster.
vpcNetworkCIDRstring
A subnet to use in the VPC being created.

A mandatory parameter if the existingVPCID parameter is omitted.

Pattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$
withNATobject
- withNAT.bastionInstanceobject
  - withNAT.bastionInstance.instanceClassobject
    Required value
    Partial contents of the fields of the AWSInstanceClass.
    - withNAT.bastionInstance.instanceClass.additionalSecurityGroupsarray of strings
      The additional security groups to add to provisioned instance of the specific InstanceClass.
    - withNAT.bastionInstance.instanceClass.amistring
      Required value
      The Amazon Machine Image (AMI ID) to use in provisioned instance.
      
      Here is how you can find the required AMI (each region has its own set of AMIs):
      
      aws ec2 --region <REGION> describe-images \ --filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-2020*' | \ jq '.Images[].ImageId'
      Example:
      ami: ami-040a1551f9c9d11ad
    - withNAT.bastionInstance.instanceClass.diskSizeGbinteger
      Instance disk size in gibibytes.
      
      Example:
      diskSizeGb: 20
    - withNAT.bastionInstance.instanceClass.diskTypestring
      Instance EBS disk type.
      
      Allowed values: gp3, gp2, io2, io1, st1, sc1
      Example:
      diskType: gp2
    - withNAT.bastionInstance.instanceClass.instanceTypestring
      Required value
      Instance type of AWS instance.
      
      Caution! Ensure that this type is present in selected zone.
      
      Example:
      instanceType: t3.large
  - withNAT.bastionInstance.zonestring
    The zone in which the bastion instance will be created.
    
    By default, the first available zone in the region or the first from the list of the global parameter zones will be used.
withoutNATobject
zonesarray of strings
The globally restricted set of zones that this cloud provider works with.

Cloud provider — AWS: provider configuration

AWSClusterConfiguration

Request trial access

Thank you

Error

Request callback

Thank you

Something went wrong

Book your sessions

Thank you

Error

Request demo

Thank you

Error

Get the PCI SSC Compliance Report

Thank you

Error