AWSClusterConfiguration
Version: deckhouse.io/v1
Describes the configuration of a cloud cluster in AWS.
Used by the cloud provider if a cluster’s control plane is hosted in the cloud.
Run the following command to change the configuration in a running cluster:
kubectl -n d8-system exec -ti svc/deckhouse-leader -c deckhouse -- deckhouse-controller edit provider-cluster-configuration
Example:
apiVersion: deckhouse.io/v1
kind: AWSClusterConfiguration
layout: WithoutNAT
sshPublicKey: "<SSH_PUBLIC_KEY>"
nodeNetworkCIDR: 172.16.0.0/22
vpcNetworkCIDR: 172.16.0.0/16
masterNodeGroup:
replicas: 1
instanceClass:
instanceType: m5.xlarge
ami: ami-08b6d44b4f6f7b279
diskType: gp3
nodeGroups:
- name: worker
nodeTemplate:
labels:
node-role.kubernetes.io/worker: ''
replicas: 2
instanceClass:
instanceType: t2.medium
ami: ami-0caef02b518350c8b
additionalTags:
backup: srv1
provider:
providerAccessKeyId: "<AWS_ACCESS_KEY>"
providerSecretAccessKey: "<AWS_SECRET_ACCESS_KEY>"
region: eu-central-1
tags:
team: rangers
- array of strings
A list containing additional policy actions for IAM roles.
- Additional policy actions would be attached to the default IAM role policy actions.
- Parameter is optional. If omitted, only default IAM role policy actions are used.
- Example of policy actions:
ecr:ListImages
,s3:GetObject
, etc.
Default IAM role policies actions contain the following roles:
ec2:DescribeTags
ec2:DescribeInstances
- string
Required value
The way resources are located in the cloud.
Read more about possible provider layouts.
Note, that the
Standard
layout is deprecated.Allowed values:
WithoutNAT
,WithNAT
,Standard
- object
Required value
Parameters of the master’s NodeGroup.
Caution! After changing the parameters of the section, you need to run
dhctl converge
for the changes to take effect.- object
The additional tags to attach to the instances created (in addition to those specified in the cloud provider configuration).
Example:
additionalTags: project: cms-production severity: critical
- string
Required value
The Amazon Machine Image (AMI ID) to use in provisioned instances.
Here is how you can find the required AMI (each region has its own set of AMIs):
aws ec2 --region <REGION> describe-images \ --filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-2020*' | \ jq '.Images[].ImageId'
Example:
ami: ami-040a1551f9c9d11ad
- array of objects
An array of additional NodeGroups for creating static nodes (e.g., for dedicated front nodes or gateways).
- object
The additional tags to attach to the instances created (in addition to those specified in the cloud provider configuration).
Example:
project: cms-production severity: critical
- string
Required value
The Amazon Machine Image (AMI ID) to use in provisioned instances.
Here is how you can find the required AMI (each region has its own set of AMIs):
aws ec2 --region <REGION> describe-images \ --filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-2020*' | \ jq '.Images[].ImageId'
Example:
ami: ami-040a1551f9c9d11ad
- object
The same as the
metadata.annotations
standard field.Example:
annotations: ai.fleet.com/discombobulate: "true"
- object
A list of labels to attach to cluster resources.
The same as the
metadata.labels
standard field.Note that you have to re-create all the machines to add new tags if tags were modified in the running cluster.
Example:
labels: environment: production app: warp-drive-ai
- array of objects
The same as the
.spec.taints
field of the Node object.Caution! Only the
effect
,key
,values
fields are available.Example:
taints: - effect: NoExecute key: ship-class value: frigate
- string
A subnet to use for cluster nodes:
- The IP range must overlap or match the VPC address range.
- The IP range will be evenly split into subnets, one per Availability Zone in your region.
- An optional but recommended parameter. By default, it corresponds to the whole range of VPC addresses.
If a new VPC is created along with a new cluster and no
vpcNetworkCIDR
is provided, then the range fromnodeNetworkCIDR
is used for the VPC. Thus, the entire VPC is allocated for the cluster networks, and you will not be able to add other resources to this VPC.The
nodeNetworkCIDR
range is distributed between subnets depending on the number of availability zones in the selected region. For example, ifnodeNetworkCIDR: "10.241.1.0/20"
and there are three availability zones in the region, subnets will be created with the/22
mask.Pattern:
^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$
- array of strings
A list of AWS VPC IDs to peer with the cluster network.
The service account must have access to all the VPCs listed. You have to configure the peering connection manually if no access is available.
- object
Not required value.
A dictionary of tags to create on all resources that support this feature.
You have to re-create all the machines to add new tags if tags were modified in the running cluster.
- string
Required value
The Amazon Machine Image (AMI ID) to use in provisioned instance.
Here is how you can find the required AMI (each region has its own set of AMIs):
aws ec2 --region <REGION> describe-images \ --filters 'Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-2020*' | \ jq '.Images[].ImageId'
Example:
ami: ami-040a1551f9c9d11ad