MeirP-3/cluster-spec.yaml

## cluster-spec.yaml
apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
  name: example.cluster.com
spec:
  additionalPolicies:
    master: |
      [
        {
          "Effect": "Allow",
          "Action": ["sts:AssumeRole"],
          "Resource": "*"
        }
      ]
    node: |
      [
        {
          "Effect": "Allow",
          "Action": ["sts:AssumeRole"],
          "Resource": "*"
        }
      ]
  addons:
  - manifest: ambassador
  - manifest: s3://some-bucket/kops/example.cluster.com/addons/example-cluster-addons.yaml
  api:
    loadBalancer:
      type: Public
  authentication:
    aws: {}
  authorization:
    rbac: {}
  channel: stable
  cloudLabels:
    env: test
  cloudProvider: aws
  configBase: s3://some-bucket/kops/example.cluster.com
  dnsZone: example.cluster.com
  etcdClusters:
  - etcdMembers:
    - encryptedVolume: true
      instanceGroup: master-us-east-1f
      name: a
    name: main
    version: 3.3.10
  - etcdMembers:
    - encryptedVolume: true
      instanceGroup: master-us-east-1f
      name: a
    name: events
    version: 3.3.10
  iam:
    allowContainerRegistry: true
    legacy: false
  kubeAPIServer:
    auditLogMaxAge: 10
    auditLogMaxBackups: 1
    auditLogMaxSize: 100
    auditLogPath: /var/log/kube-apiserver-audit.log
    auditPolicyFile: /srv/kubernetes/assets/audit-policy
  kubeDNS:
    provider: CoreDNS
  kubelet:
    anonymousAuth: false
    authenticationTokenWebhook: true
    authorizationMode: Webhook
    resolvConf: /run/systemd/resolve/resolv.conf
  kubernetesApiAccess:
  - 0.0.0.0/0
  kubernetesVersion: v1.14.2
  masterInternalName: api.internal.example.cluster.com
  masterPublicName: api.example.cluster.com
  networkCIDR: 10.40.0.0/16
  networking:
    amazonvpc: {}
  nonMasqueradeCIDR: 100.64.0.0/10
  sshAccess:
  - 109.67.204.114/32
  subnets:
  - cidr: 10.40.32.0/19
    name: us-east-1f
    type: Private
    zone: us-east-1f
  - cidr: 10.40.0.0/22
    name: utility-us-east-1f
    type: Utility
    zone: us-east-1f
  topology:
    bastion:
      bastionPublicName: bastion.example.cluster.com
    dns:
      type: Public
    masters: private
    nodes: private
  updatePolicy: external
	apiVersion: kops.k8s.io/v1alpha2
	kind: Cluster
	metadata:
	name: example.cluster.com
	spec:
	additionalPolicies:
	master: \|
	[
	{
	"Effect": "Allow",
	"Action": ["sts:AssumeRole"],
	"Resource": "*"
	}
	]
	node: \|
	[
	{
	"Effect": "Allow",
	"Action": ["sts:AssumeRole"],
	"Resource": "*"
	}
	]
	addons:
	- manifest: ambassador
	- manifest: s3://some-bucket/kops/example.cluster.com/addons/example-cluster-addons.yaml
	api:
	loadBalancer:
	type: Public
	authentication:
	aws: {}
	authorization:
	rbac: {}
	channel: stable
	cloudLabels:
	env: test
	cloudProvider: aws
	configBase: s3://some-bucket/kops/example.cluster.com
	dnsZone: example.cluster.com
	etcdClusters:
	- etcdMembers:
	- encryptedVolume: true
	instanceGroup: master-us-east-1f
	name: a
	name: main
	version: 3.3.10
	- etcdMembers:
	- encryptedVolume: true
	instanceGroup: master-us-east-1f
	name: a
	name: events
	version: 3.3.10
	iam:
	allowContainerRegistry: true
	legacy: false
	kubeAPIServer:
	auditLogMaxAge: 10
	auditLogMaxBackups: 1
	auditLogMaxSize: 100
	auditLogPath: /var/log/kube-apiserver-audit.log
	auditPolicyFile: /srv/kubernetes/assets/audit-policy
	kubeDNS:
	provider: CoreDNS
	kubelet:
	anonymousAuth: false
	authenticationTokenWebhook: true
	authorizationMode: Webhook
	resolvConf: /run/systemd/resolve/resolv.conf
	kubernetesApiAccess:
	- 0.0.0.0/0
	kubernetesVersion: v1.14.2
	masterInternalName: api.internal.example.cluster.com
	masterPublicName: api.example.cluster.com
	networkCIDR: 10.40.0.0/16
	networking:
	amazonvpc: {}
	nonMasqueradeCIDR: 100.64.0.0/10
	sshAccess:
	- 109.67.204.114/32
	subnets:
	- cidr: 10.40.32.0/19
	name: us-east-1f
	type: Private
	zone: us-east-1f
	- cidr: 10.40.0.0/22
	name: utility-us-east-1f
	type: Utility
	zone: us-east-1f
	topology:
	bastion:
	bastionPublicName: bastion.example.cluster.com
	dns:
	type: Public
	masters: private
	nodes: private
	updatePolicy: external