Skip to content

Instantly share code, notes, and snippets.

@MeirP-3

MeirP-3/cluster.yaml

Created June 8, 2022 14:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save MeirP-3/386e40f0659839799e3819c8acc37598 to your computer and use it in GitHub Desktop.
Save MeirP-3/386e40f0659839799e3819c8acc37598 to your computer and use it in GitHub Desktop.
Download ZIP
cluster.yaml
Raw
cluster.yaml
apiVersion: kops.k8s.io/v1alpha2
kind: Cluster
metadata:
name: example.com
spec:
DisableSubnetTags: true
additionalPolicies:
master: |
[
{
"Effect": "Allow",
"Action": ["sts:AssumeRole"],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets",
"route53:GetHostedZone"
],
"Resource": [
"arn:aws:route53:::hostedzone/<hosted-zone-id>"
]
}
]
node: |
[
{
"Effect": "Allow",
"Action": ["sts:AssumeRole"],
"Resource": "*"
}
]
api:
loadBalancer:
class: Classic
type: Internal
useForInternalApi: true
authentication:
aws: {}
authorization:
rbac: {}
certManager:
enabled: true
managed: false
channel: stable
cloudConfig:
awsEBSCSIDriver:
enabled: true
manageStorageClasses: false
cloudControllerManager:
cloudProvider: aws
cloudLabels:
env: dev
cloudProvider: aws
clusterAutoscaler:
awsUseStaticInstanceList: false
balanceSimilarNodeGroups: true
enabled: true
expander: random
image: k8s.gcr.io/autoscaling/cluster-autoscaler:v1.21.2
newPodScaleUpDelay: 0s
scaleDownDelayAfterAdd: 10m0s
scaleDownUtilizationThreshold: "0.5"
skipNodesWithLocalStorage: false
skipNodesWithSystemPods: true
configBase: s3://bucket-name/kops/example.com
dnsZone: example.com
etcdClusters:
- etcdMembers:
- encryptedVolume: true
instanceGroup: master-us-east-1b
name: a
- encryptedVolume: true
instanceGroup: master-us-east-1c
name: b
- encryptedVolume: true
instanceGroup: master-us-east-1f
name: c
name: main
version: 3.3.10
- etcdMembers:
- encryptedVolume: true
instanceGroup: master-us-east-1b
name: a
- encryptedVolume: true
instanceGroup: master-us-east-1c
name: b
- encryptedVolume: true
instanceGroup: master-us-east-1f
name: c
name: events
version: 3.3.10
iam:
allowContainerRegistry: true
legacy: false
useServiceAccountExternalPermissions: true
kubeAPIServer:
auditLogMaxAge: 10
auditLogMaxBackups: 1
auditLogMaxSize: 100
auditLogPath: /var/log/kube-apiserver-audit.log
auditPolicyFile: /srv/kubernetes/kube-apiserver/audit-policy-config.yaml
kubeControllerManager:
featureGates:
CSIMigration: "true"
CSIMigrationAWS: "true"
kubeDNS:
provider: CoreDNS
kubeProxy:
metricsBindAddress: 0.0.0.0:10249
kubelet:
anonymousAuth: false
authenticationTokenWebhook: true
authorizationMode: Webhook
featureGates:
CSIMigration: "true"
CSIMigrationAWS: "true"
resolvConf: /run/systemd/resolve/resolv.conf
runtimeRequestTimeout: 10m0s
kubernetesApiAccess:
- 0.0.0.0/0
kubernetesVersion: 1.23.6
masterInternalName: api.example.com
masterPublicName: api.example.com
networkCIDR: <CIDR>
networkID: <vpc-id>
networking:
amazonvpc: {}
nonMasqueradeCIDR: <CIDR>
serviceAccountIssuerDiscovery:
discoveryStore: s3://<discovery-store-bucket-name>
enableAWSOIDCProvider: true
snapshotController:
enabled: false
sshAccess:
- 0.0.0.0/0
subnets:
- cidr: <CIDR>
id: <subnet-id>
name: us-east-1b
type: Private
zone: us-east-1b
- cidr: <CIDR>
id: <subnet-id>
name: us-east-1c
type: Private
zone: us-east-1c
- cidr: <CIDR>
id: <subnet-id>
name: us-east-1f
type: Private
zone: us-east-1f
- cidr: <CIDR>
id: <subnet-id>
name: utility-us-east-1b
type: Utility
zone: us-east-1b
- cidr: <CIDR>
id: <subnet-id>
name: utility-us-east-1c
type: Utility
zone: us-east-1c
- cidr: <CIDR>
id: <subnet-id>
name: utility-us-east-1f
type: Utility
zone: us-east-1f
topology:
dns:
type: Public
masters: private
nodes: private
updatePolicy: external
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment