Skip to content

Instantly share code, notes, and snippets.

@mattsdni

mattsdni/k8s-cluster.json

Created May 21, 2018 16:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mattsdni/8d34e40346946eb3b3a9351c8366c365 to your computer and use it in GitHub Desktop.
Save mattsdni/8d34e40346946eb3b3a9351c8366c365 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
k8s-cluster.json
{
"Resources": {
"AWSAutoScalingAutoScalingGroupmasteruseast1amastersmyfirstclusterk8slocal": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AutoScalingGroupName": "master-us-east-1a.masters.myfirstcluster.k8s.local",
"LaunchConfigurationName": {
"Ref": "AWSAutoScalingLaunchConfigurationmasteruseast1amastersmyfirstclusterk8slocal"
},
"MaxSize": 1,
"MinSize": 1,
"VPCZoneIdentifier": [
{
"Ref": "AWSEC2Subnetuseast1amyfirstclusterk8slocal"
}
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local",
"PropagateAtLaunch": true
},
{
"Key": "Name",
"Value": "master-us-east-1a.masters.myfirstcluster.k8s.local",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup",
"Value": "master-us-east-1a",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/role/master",
"Value": "1",
"PropagateAtLaunch": true
}
],
"MetricsCollection": [
{
"Granularity": "1Minute",
"Metrics": [
"GroupDesiredCapacity",
"GroupInServiceInstances",
"GroupMaxSize",
"GroupMinSize",
"GroupPendingInstances",
"GroupStandbyInstances",
"GroupTerminatingInstances",
"GroupTotalInstances"
]
}
],
"LoadBalancerNames": [
{
"Ref": "AWSElasticLoadBalancingLoadBalancerapimyfirstclusterk8slocal"
}
]
}
},
"AWSAutoScalingAutoScalingGroupnodesmyfirstclusterk8slocal": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"AutoScalingGroupName": "nodes.myfirstcluster.k8s.local",
"LaunchConfigurationName": {
"Ref": "AWSAutoScalingLaunchConfigurationnodesmyfirstclusterk8slocal"
},
"MaxSize": 2,
"MinSize": 2,
"VPCZoneIdentifier": [
{
"Ref": "AWSEC2Subnetuseast1amyfirstclusterk8slocal"
}
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local",
"PropagateAtLaunch": true
},
{
"Key": "Name",
"Value": "nodes.myfirstcluster.k8s.local",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup",
"Value": "nodes",
"PropagateAtLaunch": true
},
{
"Key": "k8s.io/role/node",
"Value": "1",
"PropagateAtLaunch": true
}
],
"MetricsCollection": [
{
"Granularity": "1Minute",
"Metrics": [
"GroupDesiredCapacity",
"GroupInServiceInstances",
"GroupMaxSize",
"GroupMinSize",
"GroupPendingInstances",
"GroupStandbyInstances",
"GroupTerminatingInstances",
"GroupTotalInstances"
]
}
]
}
},
"AWSAutoScalingLaunchConfigurationmasteruseast1amastersmyfirstclusterk8slocal": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": true,
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp2",
"VolumeSize": 64,
"DeleteOnTermination": true
}
},
{
"DeviceName": "/dev/sdc",
"VirtualName": "ephemeral0"
}
],
"IamInstanceProfile": {
"Ref": "AWSIAMInstanceProfilemastersmyfirstclusterk8slocal"
},
"ImageId": "ami-b0c6ccca",
"InstanceType": "m3.medium",
"KeyName": "kubernetes.myfirstcluster.k8s.local-4a:a5:78:91:d8:a1:5c:cd:10:40:1d:be:1a:fd:c4:4c",
"SecurityGroups": [
{
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
}
],
"UserData": "IyEvYmluL2Jhc2gKIyBDb3B5cmlnaHQgMjAxNiBUaGUgS3ViZXJuZXRlcyBBdXRob3JzIEFsbCByaWdodHMgcmVzZXJ2ZWQuCiMKIyBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKIyB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiMgWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0CiMKIyAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCiMKIyBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCiMgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKIyBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KIyBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCiMgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuCgpzZXQgLW8gZXJyZXhpdApzZXQgLW8gbm91bnNldApzZXQgLW8gcGlwZWZhaWwKCk5PREVVUF9VUkw9aHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS45LjAvbGludXgvYW1kNjQvbm9kZXVwCk5PREVVUF9IQVNIPTU0ZWNhZTY2YTJiNGUxNDA5YjM2ZmMwMGI1NTBmMjUwMWFmZWRiZmMKCgpleHBvcnQgQVdTX1JFR0lPTj11cy13ZXN0LTEKCgoKCgoKZnVuY3Rpb24gZW5zdXJlLWluc3RhbGwtZGlyKCkgewogIElOU1RBTExfRElSPSIvdmFyL2NhY2hlL2t1YmVybmV0ZXMtaW5zdGFsbCIKICAjIE9uIENvbnRhaW5lck9TLCB3ZSBpbnN0YWxsIHRvIC92YXIvbGliL3Rvb2xib3ggaW5zdGFsbCAoYmVjYXVzZSBvZiBub2V4ZWMpCiAgaWYgW1sgLWQgL3Zhci9saWIvdG9vbGJveCBdXTsgdGhlbgogICAgSU5TVEFMTF9ESVI9Ii92YXIvbGliL3Rvb2xib3gva3ViZXJuZXRlcy1pbnN0YWxsIgogIGZpCiAgbWtkaXIgLXAgJHtJTlNUQUxMX0RJUn0KICBjZCAke0lOU1RBTExfRElSfQp9CgojIFJldHJ5IGEgZG93bmxvYWQgdW50aWwgd2UgZ2V0IGl0LiBUYWtlcyBhIGhhc2ggYW5kIGEgc2V0IG9mIFVSTHMuCiMKIyAkMSBpcyB0aGUgc2hhMSBvZiB0aGUgVVJMLiBDYW4gYmUgIiIgaWYgdGhlIHNoYTEgaXMgdW5rbm93bi4KIyAkMisgYXJlIHRoZSBVUkxzIHRvIGRvd25sb2FkLgpkb3dubG9hZC1vci1idXN0KCkgewogIGxvY2FsIC1yIGhhc2g9IiQxIgogIHNoaWZ0IDEKCiAgdXJscz0oICQqICkKICB3aGlsZSB0cnVlOyBkbwogICAgZm9yIHVybCBpbiAiJHt1cmxzW0BdfSI7IGRvCiAgICAgIGxvY2FsIGZpbGU9IiR7dXJsIyMqL30iCiAgICAgIHJtIC1mICIke2ZpbGV9IgoKICAgICAgaWYgW1sgJCh3aGljaCBjdXJsKSBdXTsgdGhlbgogICAgICAgIGlmICEgY3VybCAtZiAtLWlwdjQgLUxvICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dCAyMCAtLXJldHJ5IDYgLS1yZXRyeS1kZWxheSAxMCAiJHt1cmx9IjsgdGhlbgogICAgICAgICAgZWNobyAiPT0gRmFpbGVkIHRvIGN1cmwgJHt1cmx9LiBSZXRyeWluZy4gPT0iCiAgICAgICAgICBicmVhawogICAgICAgIGZpCiAgICAgIGVsaWYgW1sgJCh3aGljaCB3Z2V0ICkgXV07IHRoZW4KICAgICAgICBpZiAhIHdnZXQgLS1pbmV0NC1vbmx5IC1PICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dD0yMCAtLXRyaWVzPTYgLS13YWl0PTEwICIke3VybH0iOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBGYWlsZWQgdG8gd2dldCAke3VybH0uIFJldHJ5aW5nLiA9PSIKICAgICAgICAgIGJyZWFrCiAgICAgICAgZmkKICAgICAgZWxzZQogICAgICAgIGVjaG8gIj09IENvdWxkIG5vdCBmaW5kIGN1cmwgb3Igd2dldC4gUmV0cnlpbmcuID09IgogICAgICAgIGJyZWFrCiAgICAgIGZpCgogICAgICBpZiBbWyAtbiAiJHtoYXNofSIgXV0gJiYgISB2YWxpZGF0ZS1oYXNoICIke2ZpbGV9IiAiJHtoYXNofSI7IHRoZW4KICAgICAgICBlY2hvICI9PSBIYXNoIHZhbGlkYXRpb24gb2YgJHt1cmx9IGZhaWxlZC4gUmV0cnlpbmcuID09IgogICAgICBlbHNlCiAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBEb3dubG9hZGVkICR7dXJsfSAoU0hBMSA9ICR7aGFzaH0pID09IgogICAgICAgIGVsc2UKICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9ID09IgogICAgICAgIGZpCiAgICAgICAgcmV0dXJuCiAgICAgIGZpCiAgICBkb25lCgogICAgZWNobyAiQWxsIGRvd25sb2FkcyBmYWlsZWQ7IHNsZWVwaW5nIGJlZm9yZSByZXRyeWluZyIKICAgIHNsZWVwIDYwCiAgZG9uZQp9Cgp2YWxpZGF0ZS1oYXNoKCkgewogIGxvY2FsIC1yIGZpbGU9IiQxIgogIGxvY2FsIC1yIGV4cGVjdGVkPSIkMiIKICBsb2NhbCBhY3R1YWwKCiAgYWN0dWFsPSQoc2hhMXN1bSAke2ZpbGV9IHwgYXdrICd7IHByaW50ICQxIH0nKSB8fCB0cnVlCiAgaWYgW1sgIiR7YWN0dWFsfSIgIT0gIiR7ZXhwZWN0ZWR9IiBdXTsgdGhlbgogICAgZWNobyAiPT0gJHtmaWxlfSBjb3JydXB0ZWQsIHNoYTEgJHthY3R1YWx9IGRvZXNuJ3QgbWF0Y2ggZXhwZWN0ZWQgJHtleHBlY3RlZH0gPT0iCiAgICByZXR1cm4gMQogIGZpCn0KCmZ1bmN0aW9uIHNwbGl0LWNvbW1hcygpIHsKICBlY2hvICQxIHwgdHIgIiwiICJcbiIKfQoKZnVuY3Rpb24gdHJ5LWRvd25sb2FkLXJlbGVhc2UoKSB7CiAgIyBUT0RPKHptZXJseW5uKTogTm93IHdlIFJFQUxMWSBoYXZlIG5vIGV4Y3VzZSBub3QgdG8gZG8gdGhlIHJlYm9vdAogICMgb3B0aW1pemF0aW9uLgoKICBsb2NhbCAtciBub2RldXBfdXJscz0oICQoc3BsaXQtY29tbWFzICIke05PREVVUF9VUkx9IikgKQogIGxvY2FsIC1yIG5vZGV1cF9maWxlbmFtZT0iJHtub2RldXBfdXJsc1swXSMjKi99IgogIGlmIFtbIC1uICIke05PREVVUF9IQVNIOi19IiBdXTsgdGhlbgogICAgbG9jYWwgLXIgbm9kZXVwX2hhc2g9IiR7Tk9ERVVQX0hBU0h9IgogIGVsc2UKICAjIFRPRE86IFJlbW92ZT8KICAgIGVjaG8gIkRvd25sb2FkaW5nIHNoYTEgKG5vdCBmb3VuZCBpbiBlbnYpIgogICAgZG93bmxvYWQtb3ItYnVzdCAiIiAiJHtub2RldXBfdXJsc1tAXS8lLy5zaGExfSIKICAgIGxvY2FsIC1yIG5vZGV1cF9oYXNoPSQoY2F0ICIke25vZGV1cF9maWxlbmFtZX0uc2hhMSIpCiAgZmkKCiAgZWNobyAiRG93bmxvYWRpbmcgbm9kZXVwICgke25vZGV1cF91cmxzW0BdfSkiCiAgZG93bmxvYWQtb3ItYnVzdCAiJHtub2RldXBfaGFzaH0iICIke25vZGV1cF91cmxzW0BdfSIKCiAgY2htb2QgK3ggbm9kZXVwCn0KCmZ1bmN0aW9uIGRvd25sb2FkLXJlbGVhc2UoKSB7CiAgIyBJbiBjYXNlIG9mIGZhaWx1cmUgY2hlY2tpbmcgaW50ZWdyaXR5IG9mIHJlbGVhc2UsIHJldHJ5LgogIHVudGlsIHRyeS1kb3dubG9hZC1yZWxlYXNlOyBkbwogICAgc2xlZXAgMTUKICAgIGVjaG8gIkNvdWxkbid0IGRvd25sb2FkIHJlbGVhc2UuIFJldHJ5aW5nLi4uIgogIGRvbmUKCiAgZWNobyAiUnVubmluZyBub2RldXAiCiAgIyBXZSBjYW4ndCBydW4gaW4gdGhlIGZvcmVncm91bmQgYmVjYXVzZSBvZiBodHRwczovL2dpdGh1Yi5jb20vZG9ja2VyL2RvY2tlci9pc3N1ZXMvMjM3OTMKICAoIGNkICR7SU5TVEFMTF9ESVJ9OyAuL25vZGV1cCAtLWluc3RhbGwtc3lzdGVtZC11bml0IC0tY29uZj0ke0lOU1RBTExfRElSfS9rdWJlX2Vudi55YW1sIC0tdj04ICApCn0KCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwoKL2Jpbi9zeXN0ZW1kLW1hY2hpbmUtaWQtc2V0dXAgfHwgZWNobyAiZmFpbGVkIHRvIHNldCB1cCBlbnN1cmUgbWFjaGluZS1pZCBjb25maWd1cmVkIgoKZWNobyAiPT0gbm9kZXVwIG5vZGUgY29uZmlnIHN0YXJ0aW5nID09IgplbnN1cmUtaW5zdGFsbC1kaXIKCmNhdCA+IGNsdXN0ZXJfc3BlYy55YW1sIDw8ICdfX0VPRl9DTFVTVEVSX1NQRUMnCmNsb3VkQ29uZmlnOiBudWxsCmRvY2tlcjoKICBicmlkZ2U6ICIiCiAgaXBNYXNxOiBmYWxzZQogIGlwVGFibGVzOiBmYWxzZQogIGxvZ0RyaXZlcjoganNvbi1maWxlCiAgbG9nTGV2ZWw6IHdhcm4KICBsb2dPcHQ6CiAgLSBtYXgtc2l6ZT0xMG0KICAtIG1heC1maWxlPTUKICBzdG9yYWdlOiBvdmVybGF5LGF1ZnMKICB2ZXJzaW9uOiAxNy4wMy4yCmVuY3J5cHRpb25Db25maWc6IG51bGwKZXRjZENsdXN0ZXJzOgogIGV2ZW50czoKICAgIGltYWdlOiBnY3IuaW8vZ29vZ2xlX2NvbnRhaW5lcnMvZXRjZDoyLjIuMQogICAgdmVyc2lvbjogMi4yLjEKICBtYWluOgogICAgaW1hZ2U6IGdjci5pby9nb29nbGVfY29udGFpbmVycy9ldGNkOjIuMi4xCiAgICB2ZXJzaW9uOiAyLjIuMQprdWJlQVBJU2VydmVyOgogIGFkZHJlc3M6IDEyNy4wLjAuMQogIGFkbWlzc2lvbkNvbnRyb2w6CiAgLSBJbml0aWFsaXplcnMKICAtIE5hbWVzcGFjZUxpZmVjeWNsZQogIC0gTGltaXRSYW5nZXIKICAtIFNlcnZpY2VBY2NvdW50CiAgLSBQZXJzaXN0ZW50Vm9sdW1lTGFiZWwKICAtIERlZmF1bHRTdG9yYWdlQ2xhc3MKICAtIERlZmF1bHRUb2xlcmF0aW9uU2Vjb25kcwogIC0gTXV0YXRpbmdBZG1pc3Npb25XZWJob29rCiAgLSBWYWxpZGF0aW5nQWRtaXNzaW9uV2ViaG9vawogIC0gTm9kZVJlc3RyaWN0aW9uCiAgLSBSZXNvdXJjZVF1b3RhCiAgYWxsb3dQcml2aWxlZ2VkOiB0cnVlCiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBhcGlTZXJ2ZXJDb3VudDogMQogIGF1dGhvcml6YXRpb25Nb2RlOiBSQkFDCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgZXRjZFF1b3J1bVJlYWQ6IGZhbHNlCiAgZXRjZFNlcnZlcnM6CiAgLSBodHRwOi8vMTI3LjAuMC4xOjQwMDEKICBldGNkU2VydmVyc092ZXJyaWRlczoKICAtIC9ldmVudHMjaHR0cDovLzEyNy4wLjAuMTo0MDAyCiAgaW1hZ2U6IGdjci5pby9nb29nbGVfY29udGFpbmVycy9rdWJlLWFwaXNlcnZlcjp2MS45LjMKICBpbnNlY3VyZVBvcnQ6IDgwODAKICBrdWJlbGV0UHJlZmVycmVkQWRkcmVzc1R5cGVzOgogIC0gSW50ZXJuYWxJUAogIC0gSG9zdG5hbWUKICAtIEV4dGVybmFsSVAKICBsb2dMZXZlbDogMgogIHJlcXVlc3RoZWFkZXJBbGxvd2VkTmFtZXM6CiAgLSBhZ2dyZWdhdG9yCiAgcmVxdWVzdGhlYWRlckV4dHJhSGVhZGVyUHJlZml4ZXM6CiAgLSBYLVJlbW90ZS1FeHRyYS0KICByZXF1ZXN0aGVhZGVyR3JvdXBIZWFkZXJzOgogIC0gWC1SZW1vdGUtR3JvdXAKICByZXF1ZXN0aGVhZGVyVXNlcm5hbWVIZWFkZXJzOgogIC0gWC1SZW1vdGUtVXNlcgogIHNlY3VyZVBvcnQ6IDQ0MwogIHNlcnZpY2VDbHVzdGVySVBSYW5nZTogMTAwLjY0LjAuMC8xMwogIHN0b3JhZ2VCYWNrZW5kOiBldGNkMgprdWJlQ29udHJvbGxlck1hbmFnZXI6CiAgYWxsb2NhdGVOb2RlQ0lEUnM6IHRydWUKICBhdHRhY2hEZXRhY2hSZWNvbmNpbGVTeW5jUGVyaW9kOiAxbTBzCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckNJRFI6IDEwMC45Ni4wLjAvMTEKICBjbHVzdGVyTmFtZTogbXlmaXJzdGNsdXN0ZXIuazhzLmxvY2FsCiAgY29uZmlndXJlQ2xvdWRSb3V0ZXM6IHRydWUKICBpbWFnZTogZ2NyLmlvL2dvb2dsZV9jb250YWluZXJzL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjkuMwogIGxlYWRlckVsZWN0aW9uOgogICAgbGVhZGVyRWxlY3Q6IHRydWUKICBsb2dMZXZlbDogMgogIHVzZVNlcnZpY2VBY2NvdW50Q3JlZGVudGlhbHM6IHRydWUKa3ViZVByb3h5OgogIGNsdXN0ZXJDSURSOiAxMDAuOTYuMC4wLzExCiAgY3B1UmVxdWVzdDogMTAwbQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGltYWdlOiBnY3IuaW8vZ29vZ2xlX2NvbnRhaW5lcnMva3ViZS1wcm94eTp2MS45LjMKICBsb2dMZXZlbDogMgprdWJlU2NoZWR1bGVyOgogIGltYWdlOiBnY3IuaW8vZ29vZ2xlX2NvbnRhaW5lcnMva3ViZS1zY2hlZHVsZXI6djEuOS4zCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCmt1YmVsZXQ6CiAgYWxsb3dQcml2aWxlZ2VkOiB0cnVlCiAgY2dyb3VwUm9vdDogLwogIGNsb3VkUHJvdmlkZXI6IGF3cwogIGNsdXN0ZXJETlM6IDEwMC42NC4wLjEwCiAgY2x1c3RlckRvbWFpbjogY2x1c3Rlci5sb2NhbAogIGVuYWJsZURlYnVnZ2luZ0hhbmRsZXJzOiB0cnVlCiAgZXZpY3Rpb25IYXJkOiBtZW1vcnkuYXZhaWxhYmxlPDEwME1pLG5vZGVmcy5hdmFpbGFibGU8MTAlLG5vZGVmcy5pbm9kZXNGcmVlPDUlLGltYWdlZnMuYXZhaWxhYmxlPDEwJSxpbWFnZWZzLmlub2Rlc0ZyZWU8NSUKICBmZWF0dXJlR2F0ZXM6CiAgICBFeHBlcmltZW50YWxDcml0aWNhbFBvZEFubm90YXRpb246ICJ0cnVlIgogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5NVFU6IDkwMDEKICBuZXR3b3JrUGx1Z2luTmFtZToga3ViZW5ldAogIG5vbk1hc3F1ZXJhZGVDSURSOiAxMDAuNjQuMC4wLzEwCiAgcG9kSW5mcmFDb250YWluZXJJbWFnZTogZ2NyLmlvL2dvb2dsZV9jb250YWluZXJzL3BhdXNlLWFtZDY0OjMuMAogIHBvZE1hbmlmZXN0UGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwptYXN0ZXJLdWJlbGV0OgogIGFsbG93UHJpdmlsZWdlZDogdHJ1ZQogIGNncm91cFJvb3Q6IC8KICBjbG91ZFByb3ZpZGVyOiBhd3MKICBjbHVzdGVyRE5TOiAxMDAuNjQuMC4xMAogIGNsdXN0ZXJEb21haW46IGNsdXN0ZXIubG9jYWwKICBlbmFibGVEZWJ1Z2dpbmdIYW5kbGVyczogdHJ1ZQogIGV2aWN0aW9uSGFyZDogbWVtb3J5LmF2YWlsYWJsZTwxMDBNaSxub2RlZnMuYXZhaWxhYmxlPDEwJSxub2RlZnMuaW5vZGVzRnJlZTw1JSxpbWFnZWZzLmF2YWlsYWJsZTwxMCUsaW1hZ2Vmcy5pbm9kZXNGcmVlPDUlCiAgZmVhdHVyZUdhdGVzOgogICAgRXhwZXJpbWVudGFsQ3JpdGljYWxQb2RBbm5vdGF0aW9uOiAidHJ1ZSIKICBob3N0bmFtZU92ZXJyaWRlOiAnQGF3cycKICBrdWJlY29uZmlnUGF0aDogL3Zhci9saWIva3ViZWxldC9rdWJlY29uZmlnCiAgbG9nTGV2ZWw6IDIKICBuZXR3b3JrUGx1Z2luTVRVOiA5MDAxCiAgbmV0d29ya1BsdWdpbk5hbWU6IGt1YmVuZXQKICBub25NYXNxdWVyYWRlQ0lEUjogMTAwLjY0LjAuMC8xMAogIHBvZEluZnJhQ29udGFpbmVySW1hZ2U6IGdjci5pby9nb29nbGVfY29udGFpbmVycy9wYXVzZS1hbWQ2NDozLjAKICBwb2RNYW5pZmVzdFBhdGg6IC9ldGMva3ViZXJuZXRlcy9tYW5pZmVzdHMKICByZWdpc3RlclNjaGVkdWxhYmxlOiBmYWxzZQoKX19FT0ZfQ0xVU1RFUl9TUEVDCgpjYXQgPiBpZ19zcGVjLnlhbWwgPDwgJ19fRU9GX0lHX1NQRUMnCmt1YmVsZXQ6IG51bGwKbm9kZUxhYmVsczoKICBrb3BzLms4cy5pby9pbnN0YW5jZWdyb3VwOiBtYXN0ZXItdXMtZWFzdC0xYQpzdXNwZW5kUHJvY2Vzc2VzOiBudWxsCnRhaW50czogbnVsbAoKX19FT0ZfSUdfU1BFQwoKY2F0ID4ga3ViZV9lbnYueWFtbCA8PCAnX19FT0ZfS1VCRV9FTlYnCkFzc2V0czoKLSBlZjk3OWEwMGJhMmY3YmY0ZWU1MDIzZTgyZjk0Y2VkMmQ5NGMxNzI2QGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS45LjMvYmluL2xpbnV4L2FtZDY0L2t1YmVsZXQKLSBhMjdkODA4ZWIwMTFkYmVlYTg3NmZlNTMyNjM0OWVkMTY3YTdlZDI4QGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS45LjMvYmluL2xpbnV4L2FtZDY0L2t1YmVjdGwKLSBkNTk1ZDNkZWQ2NDk5YTY0ZThkYWMwMjQ2NmUyZjVmMmNlMjU3YzlmQGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvbmV0d29yay1wbHVnaW5zL2NuaS1wbHVnaW5zLWFtZDY0LXYwLjYuMC50Z3oKLSBjNmYzMTAyMTRmNjg3YjZjMmYzMmU4MWMyYTQ5MjM1MTgyOTUwYmUzQGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuOS4wL2xpbnV4L2FtZDY0L3V0aWxzLnRhci5negpDbHVzdGVyTmFtZTogbXlmaXJzdGNsdXN0ZXIuazhzLmxvY2FsCkNvbmZpZ0Jhc2U6IHMzOi8vd29vby1leGFtcGxlLWNvbS1zdGF0ZS1zdG9yZS9teWZpcnN0Y2x1c3Rlci5rOHMubG9jYWwKSW5zdGFuY2VHcm91cE5hbWU6IG1hc3Rlci11cy1lYXN0LTFhClRhZ3M6Ci0gX2F1dG9tYXRpY191cGdyYWRlcwotIF9hd3MKLSBfa3ViZXJuZXRlc19tYXN0ZXIKY2hhbm5lbHM6Ci0gczM6Ly93b29vLWV4YW1wbGUtY29tLXN0YXRlLXN0b3JlL215Zmlyc3RjbHVzdGVyLms4cy5sb2NhbC9hZGRvbnMvYm9vdHN0cmFwLWNoYW5uZWwueWFtbApwcm90b2t1YmVJbWFnZToKICBoYXNoOiA0YmJmY2M2ZGYxYzFjMDk1M2JkMDUzMjExM2E3NGI3YWUyMWUwZGVkCiAgbmFtZTogcHJvdG9rdWJlOjEuOS4wCiAgc291cmNlOiBodHRwczovL2t1YmV1cHYyLnMzLmFtYXpvbmF3cy5jb20va29wcy8xLjkuMC9pbWFnZXMvcHJvdG9rdWJlLnRhci5negoKX19FT0ZfS1VCRV9FTlYKCmRvd25sb2FkLXJlbGVhc2UKZWNobyAiPT0gbm9kZXVwIG5vZGUgY29uZmlnIGRvbmUgPT0iCg==",
"InstanceMonitoring": false
}
},
"AWSAutoScalingLaunchConfigurationnodesmyfirstclusterk8slocal": {
"Type": "AWS::AutoScaling::LaunchConfiguration",
"Properties": {
"AssociatePublicIpAddress": true,
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"VolumeType": "gp2",
"VolumeSize": 128,
"DeleteOnTermination": true
}
}
],
"IamInstanceProfile": {
"Ref": "AWSIAMInstanceProfilenodesmyfirstclusterk8slocal"
},
"ImageId": "ami-b0c6ccca",
"InstanceType": "t2.medium",
"KeyName": "kubernetes.myfirstcluster.k8s.local-4a:a5:78:91:d8:a1:5c:cd:10:40:1d:be:1a:fd:c4:4c",
"SecurityGroups": [
{
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal"
}
],
"UserData": "IyEvYmluL2Jhc2gKIyBDb3B5cmlnaHQgMjAxNiBUaGUgS3ViZXJuZXRlcyBBdXRob3JzIEFsbCByaWdodHMgcmVzZXJ2ZWQuCiMKIyBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKIyB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiMgWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0CiMKIyAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCiMKIyBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCiMgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKIyBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KIyBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCiMgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuCgpzZXQgLW8gZXJyZXhpdApzZXQgLW8gbm91bnNldApzZXQgLW8gcGlwZWZhaWwKCk5PREVVUF9VUkw9aHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS45LjAvbGludXgvYW1kNjQvbm9kZXVwCk5PREVVUF9IQVNIPTU0ZWNhZTY2YTJiNGUxNDA5YjM2ZmMwMGI1NTBmMjUwMWFmZWRiZmMKCgpleHBvcnQgQVdTX1JFR0lPTj11cy13ZXN0LTEKCgoKCgoKZnVuY3Rpb24gZW5zdXJlLWluc3RhbGwtZGlyKCkgewogIElOU1RBTExfRElSPSIvdmFyL2NhY2hlL2t1YmVybmV0ZXMtaW5zdGFsbCIKICAjIE9uIENvbnRhaW5lck9TLCB3ZSBpbnN0YWxsIHRvIC92YXIvbGliL3Rvb2xib3ggaW5zdGFsbCAoYmVjYXVzZSBvZiBub2V4ZWMpCiAgaWYgW1sgLWQgL3Zhci9saWIvdG9vbGJveCBdXTsgdGhlbgogICAgSU5TVEFMTF9ESVI9Ii92YXIvbGliL3Rvb2xib3gva3ViZXJuZXRlcy1pbnN0YWxsIgogIGZpCiAgbWtkaXIgLXAgJHtJTlNUQUxMX0RJUn0KICBjZCAke0lOU1RBTExfRElSfQp9CgojIFJldHJ5IGEgZG93bmxvYWQgdW50aWwgd2UgZ2V0IGl0LiBUYWtlcyBhIGhhc2ggYW5kIGEgc2V0IG9mIFVSTHMuCiMKIyAkMSBpcyB0aGUgc2hhMSBvZiB0aGUgVVJMLiBDYW4gYmUgIiIgaWYgdGhlIHNoYTEgaXMgdW5rbm93bi4KIyAkMisgYXJlIHRoZSBVUkxzIHRvIGRvd25sb2FkLgpkb3dubG9hZC1vci1idXN0KCkgewogIGxvY2FsIC1yIGhhc2g9IiQxIgogIHNoaWZ0IDEKCiAgdXJscz0oICQqICkKICB3aGlsZSB0cnVlOyBkbwogICAgZm9yIHVybCBpbiAiJHt1cmxzW0BdfSI7IGRvCiAgICAgIGxvY2FsIGZpbGU9IiR7dXJsIyMqL30iCiAgICAgIHJtIC1mICIke2ZpbGV9IgoKICAgICAgaWYgW1sgJCh3aGljaCBjdXJsKSBdXTsgdGhlbgogICAgICAgIGlmICEgY3VybCAtZiAtLWlwdjQgLUxvICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dCAyMCAtLXJldHJ5IDYgLS1yZXRyeS1kZWxheSAxMCAiJHt1cmx9IjsgdGhlbgogICAgICAgICAgZWNobyAiPT0gRmFpbGVkIHRvIGN1cmwgJHt1cmx9LiBSZXRyeWluZy4gPT0iCiAgICAgICAgICBicmVhawogICAgICAgIGZpCiAgICAgIGVsaWYgW1sgJCh3aGljaCB3Z2V0ICkgXV07IHRoZW4KICAgICAgICBpZiAhIHdnZXQgLS1pbmV0NC1vbmx5IC1PICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dD0yMCAtLXRyaWVzPTYgLS13YWl0PTEwICIke3VybH0iOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBGYWlsZWQgdG8gd2dldCAke3VybH0uIFJldHJ5aW5nLiA9PSIKICAgICAgICAgIGJyZWFrCiAgICAgICAgZmkKICAgICAgZWxzZQogICAgICAgIGVjaG8gIj09IENvdWxkIG5vdCBmaW5kIGN1cmwgb3Igd2dldC4gUmV0cnlpbmcuID09IgogICAgICAgIGJyZWFrCiAgICAgIGZpCgogICAgICBpZiBbWyAtbiAiJHtoYXNofSIgXV0gJiYgISB2YWxpZGF0ZS1oYXNoICIke2ZpbGV9IiAiJHtoYXNofSI7IHRoZW4KICAgICAgICBlY2hvICI9PSBIYXNoIHZhbGlkYXRpb24gb2YgJHt1cmx9IGZhaWxlZC4gUmV0cnlpbmcuID09IgogICAgICBlbHNlCiAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBEb3dubG9hZGVkICR7dXJsfSAoU0hBMSA9ICR7aGFzaH0pID09IgogICAgICAgIGVsc2UKICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9ID09IgogICAgICAgIGZpCiAgICAgICAgcmV0dXJuCiAgICAgIGZpCiAgICBkb25lCgogICAgZWNobyAiQWxsIGRvd25sb2FkcyBmYWlsZWQ7IHNsZWVwaW5nIGJlZm9yZSByZXRyeWluZyIKICAgIHNsZWVwIDYwCiAgZG9uZQp9Cgp2YWxpZGF0ZS1oYXNoKCkgewogIGxvY2FsIC1yIGZpbGU9IiQxIgogIGxvY2FsIC1yIGV4cGVjdGVkPSIkMiIKICBsb2NhbCBhY3R1YWwKCiAgYWN0dWFsPSQoc2hhMXN1bSAke2ZpbGV9IHwgYXdrICd7IHByaW50ICQxIH0nKSB8fCB0cnVlCiAgaWYgW1sgIiR7YWN0dWFsfSIgIT0gIiR7ZXhwZWN0ZWR9IiBdXTsgdGhlbgogICAgZWNobyAiPT0gJHtmaWxlfSBjb3JydXB0ZWQsIHNoYTEgJHthY3R1YWx9IGRvZXNuJ3QgbWF0Y2ggZXhwZWN0ZWQgJHtleHBlY3RlZH0gPT0iCiAgICByZXR1cm4gMQogIGZpCn0KCmZ1bmN0aW9uIHNwbGl0LWNvbW1hcygpIHsKICBlY2hvICQxIHwgdHIgIiwiICJcbiIKfQoKZnVuY3Rpb24gdHJ5LWRvd25sb2FkLXJlbGVhc2UoKSB7CiAgIyBUT0RPKHptZXJseW5uKTogTm93IHdlIFJFQUxMWSBoYXZlIG5vIGV4Y3VzZSBub3QgdG8gZG8gdGhlIHJlYm9vdAogICMgb3B0aW1pemF0aW9uLgoKICBsb2NhbCAtciBub2RldXBfdXJscz0oICQoc3BsaXQtY29tbWFzICIke05PREVVUF9VUkx9IikgKQogIGxvY2FsIC1yIG5vZGV1cF9maWxlbmFtZT0iJHtub2RldXBfdXJsc1swXSMjKi99IgogIGlmIFtbIC1uICIke05PREVVUF9IQVNIOi19IiBdXTsgdGhlbgogICAgbG9jYWwgLXIgbm9kZXVwX2hhc2g9IiR7Tk9ERVVQX0hBU0h9IgogIGVsc2UKICAjIFRPRE86IFJlbW92ZT8KICAgIGVjaG8gIkRvd25sb2FkaW5nIHNoYTEgKG5vdCBmb3VuZCBpbiBlbnYpIgogICAgZG93bmxvYWQtb3ItYnVzdCAiIiAiJHtub2RldXBfdXJsc1tAXS8lLy5zaGExfSIKICAgIGxvY2FsIC1yIG5vZGV1cF9oYXNoPSQoY2F0ICIke25vZGV1cF9maWxlbmFtZX0uc2hhMSIpCiAgZmkKCiAgZWNobyAiRG93bmxvYWRpbmcgbm9kZXVwICgke25vZGV1cF91cmxzW0BdfSkiCiAgZG93bmxvYWQtb3ItYnVzdCAiJHtub2RldXBfaGFzaH0iICIke25vZGV1cF91cmxzW0BdfSIKCiAgY2htb2QgK3ggbm9kZXVwCn0KCmZ1bmN0aW9uIGRvd25sb2FkLXJlbGVhc2UoKSB7CiAgIyBJbiBjYXNlIG9mIGZhaWx1cmUgY2hlY2tpbmcgaW50ZWdyaXR5IG9mIHJlbGVhc2UsIHJldHJ5LgogIHVudGlsIHRyeS1kb3dubG9hZC1yZWxlYXNlOyBkbwogICAgc2xlZXAgMTUKICAgIGVjaG8gIkNvdWxkbid0IGRvd25sb2FkIHJlbGVhc2UuIFJldHJ5aW5nLi4uIgogIGRvbmUKCiAgZWNobyAiUnVubmluZyBub2RldXAiCiAgIyBXZSBjYW4ndCBydW4gaW4gdGhlIGZvcmVncm91bmQgYmVjYXVzZSBvZiBodHRwczovL2dpdGh1Yi5jb20vZG9ja2VyL2RvY2tlci9pc3N1ZXMvMjM3OTMKICAoIGNkICR7SU5TVEFMTF9ESVJ9OyAuL25vZGV1cCAtLWluc3RhbGwtc3lzdGVtZC11bml0IC0tY29uZj0ke0lOU1RBTExfRElSfS9rdWJlX2Vudi55YW1sIC0tdj04ICApCn0KCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwoKL2Jpbi9zeXN0ZW1kLW1hY2hpbmUtaWQtc2V0dXAgfHwgZWNobyAiZmFpbGVkIHRvIHNldCB1cCBlbnN1cmUgbWFjaGluZS1pZCBjb25maWd1cmVkIgoKZWNobyAiPT0gbm9kZXVwIG5vZGUgY29uZmlnIHN0YXJ0aW5nID09IgplbnN1cmUtaW5zdGFsbC1kaXIKCmNhdCA+IGNsdXN0ZXJfc3BlYy55YW1sIDw8ICdfX0VPRl9DTFVTVEVSX1NQRUMnCmNsb3VkQ29uZmlnOiBudWxsCmRvY2tlcjoKICBicmlkZ2U6ICIiCiAgaXBNYXNxOiBmYWxzZQogIGlwVGFibGVzOiBmYWxzZQogIGxvZ0RyaXZlcjoganNvbi1maWxlCiAgbG9nTGV2ZWw6IHdhcm4KICBsb2dPcHQ6CiAgLSBtYXgtc2l6ZT0xMG0KICAtIG1heC1maWxlPTUKICBzdG9yYWdlOiBvdmVybGF5LGF1ZnMKICB2ZXJzaW9uOiAxNy4wMy4yCmt1YmVQcm94eToKICBjbHVzdGVyQ0lEUjogMTAwLjk2LjAuMC8xMQogIGNwdVJlcXVlc3Q6IDEwMG0KICBob3N0bmFtZU92ZXJyaWRlOiAnQGF3cycKICBpbWFnZTogZ2NyLmlvL2dvb2dsZV9jb250YWluZXJzL2t1YmUtcHJveHk6djEuOS4zCiAgbG9nTGV2ZWw6IDIKa3ViZWxldDoKICBhbGxvd1ByaXZpbGVnZWQ6IHRydWUKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGZlYXR1cmVHYXRlczoKICAgIEV4cGVyaW1lbnRhbENyaXRpY2FsUG9kQW5ub3RhdGlvbjogInRydWUiCiAgaG9zdG5hbWVPdmVycmlkZTogJ0Bhd3MnCiAga3ViZWNvbmZpZ1BhdGg6IC92YXIvbGliL2t1YmVsZXQva3ViZWNvbmZpZwogIGxvZ0xldmVsOiAyCiAgbmV0d29ya1BsdWdpbk1UVTogOTAwMQogIG5ldHdvcmtQbHVnaW5OYW1lOiBrdWJlbmV0CiAgbm9uTWFzcXVlcmFkZUNJRFI6IDEwMC42NC4wLjAvMTAKICBwb2RJbmZyYUNvbnRhaW5lckltYWdlOiBnY3IuaW8vZ29vZ2xlX2NvbnRhaW5lcnMvcGF1c2UtYW1kNjQ6My4wCiAgcG9kTWFuaWZlc3RQYXRoOiAvZXRjL2t1YmVybmV0ZXMvbWFuaWZlc3RzCgpfX0VPRl9DTFVTVEVSX1NQRUMKCmNhdCA+IGlnX3NwZWMueWFtbCA8PCAnX19FT0ZfSUdfU1BFQycKa3ViZWxldDogbnVsbApub2RlTGFiZWxzOgogIGtvcHMuazhzLmlvL2luc3RhbmNlZ3JvdXA6IG5vZGVzCnN1c3BlbmRQcm9jZXNzZXM6IG51bGwKdGFpbnRzOiBudWxsCgpfX0VPRl9JR19TUEVDCgpjYXQgPiBrdWJlX2Vudi55YW1sIDw8ICdfX0VPRl9LVUJFX0VOVicKQXNzZXRzOgotIGVmOTc5YTAwYmEyZjdiZjRlZTUwMjNlODJmOTRjZWQyZDk0YzE3MjZAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjkuMy9iaW4vbGludXgvYW1kNjQva3ViZWxldAotIGEyN2Q4MDhlYjAxMWRiZWVhODc2ZmU1MzI2MzQ5ZWQxNjdhN2VkMjhAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjkuMy9iaW4vbGludXgvYW1kNjQva3ViZWN0bAotIGQ1OTVkM2RlZDY0OTlhNjRlOGRhYzAyNDY2ZTJmNWYyY2UyNTdjOWZAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9uZXR3b3JrLXBsdWdpbnMvY25pLXBsdWdpbnMtYW1kNjQtdjAuNi4wLnRnegotIGM2ZjMxMDIxNGY2ODdiNmMyZjMyZTgxYzJhNDkyMzUxODI5NTBiZTNAaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS45LjAvbGludXgvYW1kNjQvdXRpbHMudGFyLmd6CkNsdXN0ZXJOYW1lOiBteWZpcnN0Y2x1c3Rlci5rOHMubG9jYWwKQ29uZmlnQmFzZTogczM6Ly93b29vLWV4YW1wbGUtY29tLXN0YXRlLXN0b3JlL215Zmlyc3RjbHVzdGVyLms4cy5sb2NhbApJbnN0YW5jZUdyb3VwTmFtZTogbm9kZXMKVGFnczoKLSBfYXV0b21hdGljX3VwZ3JhZGVzCi0gX2F3cwpjaGFubmVsczoKLSBzMzovL3dvb28tZXhhbXBsZS1jb20tc3RhdGUtc3RvcmUvbXlmaXJzdGNsdXN0ZXIuazhzLmxvY2FsL2FkZG9ucy9ib290c3RyYXAtY2hhbm5lbC55YW1sCnByb3Rva3ViZUltYWdlOgogIGhhc2g6IDRiYmZjYzZkZjFjMWMwOTUzYmQwNTMyMTEzYTc0YjdhZTIxZTBkZWQKICBuYW1lOiBwcm90b2t1YmU6MS45LjAKICBzb3VyY2U6IGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuOS4wL2ltYWdlcy9wcm90b2t1YmUudGFyLmd6CgpfX0VPRl9LVUJFX0VOVgoKZG93bmxvYWQtcmVsZWFzZQplY2hvICI9PSBub2RldXAgbm9kZSBjb25maWcgZG9uZSA9PSIK",
"InstanceMonitoring": false
}
},
"AWSEC2DHCPOptionsmyfirstclusterk8slocal": {
"Type": "AWS::EC2::DHCPOptions",
"Properties": {
"DomainName": "ec2.internal",
"DomainNameServers": [
"AmazonProvidedDNS"
],
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local",
"Value": "owned"
}
]
}
},
"AWSEC2InternetGatewaymyfirstclusterk8slocal": {
"Type": "AWS::EC2::InternetGateway",
"Properties": {
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local",
"Value": "owned"
}
]
}
},
"AWSEC2Route00000": {
"Type": "AWS::EC2::Route",
"Properties": {
"RouteTableId": {
"Ref": "AWSEC2RouteTablemyfirstclusterk8slocal"
},
"DestinationCidrBlock": "0.0.0.0/0",
"GatewayId": {
"Ref": "AWSEC2InternetGatewaymyfirstclusterk8slocal"
}
}
},
"AWSEC2RouteTablemyfirstclusterk8slocal": {
"Type": "AWS::EC2::RouteTable",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmyfirstclusterk8slocal"
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local",
"Value": "owned"
},
{
"Key": "kubernetes.io/kops/role",
"Value": "public"
}
]
}
},
"AWSEC2SecurityGroupEgressapielbegress": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupapielbmyfirstclusterk8slocal"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressmasteregress": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupEgressnodeegress": {
"Type": "AWS::EC2::SecurityGroupEgress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngressallmastertomaster": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressallmastertonode": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngressallnodetonode": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal"
},
"FromPort": 0,
"ToPort": 0,
"IpProtocol": "-1"
}
},
"AWSEC2SecurityGroupIngresshttpsapielb00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupapielbmyfirstclusterk8slocal"
},
"FromPort": 443,
"ToPort": 443,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresshttpselbtomaster": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupapielbmyfirstclusterk8slocal"
},
"FromPort": 443,
"ToPort": 443,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodetomastertcp12379": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal"
},
"FromPort": 1,
"ToPort": 2379,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal"
},
"FromPort": 2382,
"ToPort": 4000,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal"
},
"FromPort": 4003,
"ToPort": 65535,
"IpProtocol": "tcp"
}
},
"AWSEC2SecurityGroupIngressnodetomasterudp165535": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
},
"SourceSecurityGroupId": {
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal"
},
"FromPort": 1,
"ToPort": 65535,
"IpProtocol": "udp"
}
},
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupIngresssshexternaltonode00000": {
"Type": "AWS::EC2::SecurityGroupIngress",
"Properties": {
"GroupId": {
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal"
},
"FromPort": 22,
"ToPort": 22,
"IpProtocol": "tcp",
"CidrIp": "0.0.0.0/0"
}
},
"AWSEC2SecurityGroupapielbmyfirstclusterk8slocal": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmyfirstclusterk8slocal"
},
"GroupDescription": "Security group for api ELB",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "api-elb.myfirstcluster.k8s.local"
},
{
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local",
"Value": "owned"
}
]
}
},
"AWSEC2SecurityGroupmastersmyfirstclusterk8slocal": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmyfirstclusterk8slocal"
},
"GroupDescription": "Security group for masters",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "masters.myfirstcluster.k8s.local"
},
{
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local",
"Value": "owned"
}
]
}
},
"AWSEC2SecurityGroupnodesmyfirstclusterk8slocal": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmyfirstclusterk8slocal"
},
"GroupDescription": "Security group for nodes",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "nodes.myfirstcluster.k8s.local"
},
{
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local",
"Value": "owned"
}
]
}
},
"AWSEC2SubnetRouteTableAssociationuseast1amyfirstclusterk8slocal": {
"Type": "AWS::EC2::SubnetRouteTableAssociation",
"Properties": {
"SubnetId": {
"Ref": "AWSEC2Subnetuseast1amyfirstclusterk8slocal"
},
"RouteTableId": {
"Ref": "AWSEC2RouteTablemyfirstclusterk8slocal"
}
}
},
"AWSEC2Subnetuseast1amyfirstclusterk8slocal": {
"Type": "AWS::EC2::Subnet",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmyfirstclusterk8slocal"
},
"CidrBlock": "172.20.32.0/19",
"AvailabilityZone": "us-east-1a",
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "us-east-1a.myfirstcluster.k8s.local"
},
{
"Key": "SubnetType",
"Value": "Public"
},
{
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local",
"Value": "owned"
},
{
"Key": "kubernetes.io/role/elb",
"Value": "1"
}
]
}
},
"AWSEC2VPCDHCPOptionsAssociationmyfirstclusterk8slocal": {
"Type": "AWS::EC2::VPCDHCPOptionsAssociation",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmyfirstclusterk8slocal"
},
"DhcpOptionsId": {
"Ref": "AWSEC2DHCPOptionsmyfirstclusterk8slocal"
}
}
},
"AWSEC2VPCGatewayAttachmentmyfirstclusterk8slocal": {
"Type": "AWS::EC2::VPCGatewayAttachment",
"Properties": {
"VpcId": {
"Ref": "AWSEC2VPCmyfirstclusterk8slocal"
},
"InternetGatewayId": {
"Ref": "AWSEC2InternetGatewaymyfirstclusterk8slocal"
}
}
},
"AWSEC2VPCmyfirstclusterk8slocal": {
"Type": "AWS::EC2::VPC",
"Properties": {
"CidrBlock": "172.20.0.0/16",
"EnableDnsHostnames": true,
"EnableDnsSupport": true,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local",
"Value": "owned"
}
]
}
},
"AWSEC2Volumeaetcdeventsmyfirstclusterk8slocal": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-east-1a",
"Size": 20,
"VolumeType": "gp2",
"Encrypted": false,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "a.etcd-events.myfirstcluster.k8s.local"
},
{
"Key": "k8s.io/etcd/events",
"Value": "a/a"
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local",
"Value": "owned"
}
]
}
},
"AWSEC2Volumeaetcdmainmyfirstclusterk8slocal": {
"Type": "AWS::EC2::Volume",
"Properties": {
"AvailabilityZone": "us-east-1a",
"Size": 20,
"VolumeType": "gp2",
"Encrypted": false,
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "a.etcd-main.myfirstcluster.k8s.local"
},
{
"Key": "k8s.io/etcd/main",
"Value": "a/a"
},
{
"Key": "k8s.io/role/master",
"Value": "1"
},
{
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local",
"Value": "owned"
}
]
}
},
"AWSElasticLoadBalancingLoadBalancerapimyfirstclusterk8slocal": {
"Type": "AWS::ElasticLoadBalancing::LoadBalancer",
"Properties": {
"LoadBalancerName": "api-myfirstcluster-k8s-lo-hqulii",
"Listeners": [
{
"InstancePort": 443,
"InstanceProtocol": "TCP",
"LoadBalancerPort": 443,
"Protocol": "TCP"
}
],
"SecurityGroups": [
{
"Ref": "AWSEC2SecurityGroupapielbmyfirstclusterk8slocal"
}
],
"Subnets": [
{
"Ref": "AWSEC2Subnetuseast1amyfirstclusterk8slocal"
}
],
"HealthCheck": {
"Target": "SSL:443",
"HealthyThreshold": 2,
"UnhealthyThreshold": 2,
"Interval": 10,
"Timeout": 5
},
"ConnectionSettings": {
"IdleTimeout": 300
},
"Tags": [
{
"Key": "KubernetesCluster",
"Value": "myfirstcluster.k8s.local"
},
{
"Key": "Name",
"Value": "api.myfirstcluster.k8s.local"
}
]
}
},
"AWSIAMInstanceProfilemastersmyfirstclusterk8slocal": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Roles": [
{
"Ref": "AWSIAMRolemastersmyfirstclusterk8slocal"
}
]
}
},
"AWSIAMInstanceProfilenodesmyfirstclusterk8slocal": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Roles": [
{
"Ref": "AWSIAMRolenodesmyfirstclusterk8slocal"
}
]
}
},
"AWSIAMPolicymastersmyfirstclusterk8slocal": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "masters.myfirstcluster.k8s.local",
"Roles": [
{
"Ref": "AWSIAMRolemastersmyfirstclusterk8slocal"
}
],
"PolicyDocument": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRegions",
"ec2:DescribeRouteTables",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVolumes"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsK8sEC2MasterPermsDescribeResources"
},
{
"Action": [
"ec2:CreateSecurityGroup",
"ec2:CreateTags",
"ec2:CreateVolume",
"ec2:ModifyInstanceAttribute"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsK8sEC2MasterPermsAllResources"
},
{
"Action": [
"ec2:AttachVolume",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:CreateRoute",
"ec2:DeleteRoute",
"ec2:DeleteSecurityGroup",
"ec2:DeleteVolume",
"ec2:DetachVolume",
"ec2:RevokeSecurityGroupIngress"
],
"Condition": {
"StringEquals": {
"ec2:ResourceTag/KubernetesCluster": "myfirstcluster.k8s.local"
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsK8sEC2MasterPermsTaggedResources"
},
{
"Action": [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"autoscaling:GetAsgForInstance"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsK8sASMasterPermsAllResources"
},
{
"Action": [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup"
],
"Condition": {
"StringEquals": {
"autoscaling:ResourceTag/KubernetesCluster": "myfirstcluster.k8s.local"
}
},
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsK8sASMasterPermsTaggedResources"
},
{
"Action": [
"elasticloadbalancing:AddTags",
"elasticloadbalancing:AttachLoadBalancerToSubnets",
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer",
"elasticloadbalancing:CreateLoadBalancer",
"elasticloadbalancing:CreateLoadBalancerPolicy",
"elasticloadbalancing:CreateLoadBalancerListeners",
"elasticloadbalancing:ConfigureHealthCheck",
"elasticloadbalancing:DeleteLoadBalancer",
"elasticloadbalancing:DeleteLoadBalancerListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeLoadBalancerAttributes",
"elasticloadbalancing:DetachLoadBalancerFromSubnets",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:ModifyLoadBalancerAttributes",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsK8sELBMasterPermsRestrictive"
},
{
"Action": [
"ec2:DescribeVpcs",
"elasticloadbalancing:AddTags",
"elasticloadbalancing:CreateListener",
"elasticloadbalancing:CreateTargetGroup",
"elasticloadbalancing:DeleteListener",
"elasticloadbalancing:DeleteTargetGroup",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancerPolicies",
"elasticloadbalancing:DescribeTargetGroups",
"elasticloadbalancing:DescribeTargetHealth",
"elasticloadbalancing:ModifyListener",
"elasticloadbalancing:ModifyTargetGroup",
"elasticloadbalancing:RegisterTargets",
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsK8sNLBMasterPermsRestrictive"
},
{
"Action": [
"iam:ListServerCertificates",
"iam:GetServerCertificate"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsMasterCertIAMPerms"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::wooo-example-com-state-store"
],
"Sid": "kopsK8sS3GetListBucket"
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/*",
"Sid": "kopsK8sS3MasterBucketFullGet"
},
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:BatchGetImage"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsK8sECR"
}
],
"Version": "2012-10-17"
}
}
},
"AWSIAMPolicynodesmyfirstclusterk8slocal": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyName": "nodes.myfirstcluster.k8s.local",
"Roles": [
{
"Ref": "AWSIAMRolenodesmyfirstclusterk8slocal"
}
],
"PolicyDocument": {
"Statement": [
{
"Action": [
"ec2:DescribeInstances",
"ec2:DescribeRegions"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsK8sEC2NodePerms"
},
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::wooo-example-com-state-store"
],
"Sid": "kopsK8sS3GetListBucket"
},
{
"Action": [
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/addons/*",
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/cluster.spec",
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/config",
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/instancegroup/*",
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/pki/issued/*",
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/pki/private/kube-proxy/*",
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/pki/private/kubelet/*",
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/pki/ssh/*",
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/secrets/dockerconfig"
],
"Sid": "kopsK8sS3NodeBucketSelectiveGet"
},
{
"Action": [
"ecr:GetAuthorizationToken",
"ecr:BatchCheckLayerAvailability",
"ecr:GetDownloadUrlForLayer",
"ecr:GetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:ListImages",
"ecr:BatchGetImage"
],
"Effect": "Allow",
"Resource": [
"*"
],
"Sid": "kopsK8sECR"
}
],
"Version": "2012-10-17"
}
}
},
"AWSIAMRolemastersmyfirstclusterk8slocal": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": "masters.myfirstcluster.k8s.local",
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
}
}
},
"AWSIAMRolenodesmyfirstclusterk8slocal": {
"Type": "AWS::IAM::Role",
"Properties": {
"RoleName": "nodes.myfirstcluster.k8s.local",
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
],
"Version": "2012-10-17"
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment