Created
May 21, 2018 16:27
-
-
Save mattsdni/8d34e40346946eb3b3a9351c8366c365 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"Resources": { | |
"AWSAutoScalingAutoScalingGroupmasteruseast1amastersmyfirstclusterk8slocal": { | |
"Type": "AWS::AutoScaling::AutoScalingGroup", | |
"Properties": { | |
"AutoScalingGroupName": "master-us-east-1a.masters.myfirstcluster.k8s.local", | |
"LaunchConfigurationName": { | |
"Ref": "AWSAutoScalingLaunchConfigurationmasteruseast1amastersmyfirstclusterk8slocal" | |
}, | |
"MaxSize": 1, | |
"MinSize": 1, | |
"VPCZoneIdentifier": [ | |
{ | |
"Ref": "AWSEC2Subnetuseast1amyfirstclusterk8slocal" | |
} | |
], | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local", | |
"PropagateAtLaunch": true | |
}, | |
{ | |
"Key": "Name", | |
"Value": "master-us-east-1a.masters.myfirstcluster.k8s.local", | |
"PropagateAtLaunch": true | |
}, | |
{ | |
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup", | |
"Value": "master-us-east-1a", | |
"PropagateAtLaunch": true | |
}, | |
{ | |
"Key": "k8s.io/role/master", | |
"Value": "1", | |
"PropagateAtLaunch": true | |
} | |
], | |
"MetricsCollection": [ | |
{ | |
"Granularity": "1Minute", | |
"Metrics": [ | |
"GroupDesiredCapacity", | |
"GroupInServiceInstances", | |
"GroupMaxSize", | |
"GroupMinSize", | |
"GroupPendingInstances", | |
"GroupStandbyInstances", | |
"GroupTerminatingInstances", | |
"GroupTotalInstances" | |
] | |
} | |
], | |
"LoadBalancerNames": [ | |
{ | |
"Ref": "AWSElasticLoadBalancingLoadBalancerapimyfirstclusterk8slocal" | |
} | |
] | |
} | |
}, | |
"AWSAutoScalingAutoScalingGroupnodesmyfirstclusterk8slocal": { | |
"Type": "AWS::AutoScaling::AutoScalingGroup", | |
"Properties": { | |
"AutoScalingGroupName": "nodes.myfirstcluster.k8s.local", | |
"LaunchConfigurationName": { | |
"Ref": "AWSAutoScalingLaunchConfigurationnodesmyfirstclusterk8slocal" | |
}, | |
"MaxSize": 2, | |
"MinSize": 2, | |
"VPCZoneIdentifier": [ | |
{ | |
"Ref": "AWSEC2Subnetuseast1amyfirstclusterk8slocal" | |
} | |
], | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local", | |
"PropagateAtLaunch": true | |
}, | |
{ | |
"Key": "Name", | |
"Value": "nodes.myfirstcluster.k8s.local", | |
"PropagateAtLaunch": true | |
}, | |
{ | |
"Key": "k8s.io/cluster-autoscaler/node-template/label/kops.k8s.io/instancegroup", | |
"Value": "nodes", | |
"PropagateAtLaunch": true | |
}, | |
{ | |
"Key": "k8s.io/role/node", | |
"Value": "1", | |
"PropagateAtLaunch": true | |
} | |
], | |
"MetricsCollection": [ | |
{ | |
"Granularity": "1Minute", | |
"Metrics": [ | |
"GroupDesiredCapacity", | |
"GroupInServiceInstances", | |
"GroupMaxSize", | |
"GroupMinSize", | |
"GroupPendingInstances", | |
"GroupStandbyInstances", | |
"GroupTerminatingInstances", | |
"GroupTotalInstances" | |
] | |
} | |
] | |
} | |
}, | |
"AWSAutoScalingLaunchConfigurationmasteruseast1amastersmyfirstclusterk8slocal": { | |
"Type": "AWS::AutoScaling::LaunchConfiguration", | |
"Properties": { | |
"AssociatePublicIpAddress": true, | |
"BlockDeviceMappings": [ | |
{ | |
"DeviceName": "/dev/xvda", | |
"Ebs": { | |
"VolumeType": "gp2", | |
"VolumeSize": 64, | |
"DeleteOnTermination": true | |
} | |
}, | |
{ | |
"DeviceName": "/dev/sdc", | |
"VirtualName": "ephemeral0" | |
} | |
], | |
"IamInstanceProfile": { | |
"Ref": "AWSIAMInstanceProfilemastersmyfirstclusterk8slocal" | |
}, | |
"ImageId": "ami-b0c6ccca", | |
"InstanceType": "m3.medium", | |
"KeyName": "kubernetes.myfirstcluster.k8s.local-4a:a5:78:91:d8:a1:5c:cd:10:40:1d:be:1a:fd:c4:4c", | |
"SecurityGroups": [ | |
{ | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
} | |
], | |
"UserData": "IyEvYmluL2Jhc2gKIyBDb3B5cmlnaHQgMjAxNiBUaGUgS3ViZXJuZXRlcyBBdXRob3JzIEFsbCByaWdodHMgcmVzZXJ2ZWQuCiMKIyBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKIyB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiMgWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0CiMKIyAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCiMKIyBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCiMgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKIyBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KIyBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCiMgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuCgpzZXQgLW8gZXJyZXhpdApzZXQgLW8gbm91bnNldApzZXQgLW8gcGlwZWZhaWwKCk5PREVVUF9VUkw9aHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS45LjAvbGludXgvYW1kNjQvbm9kZXVwCk5PREVVUF9IQVNIPTU0ZWNhZTY2YTJiNGUxNDA5YjM2ZmMwMGI1NTBmMjUwMWFmZWRiZmMKCgpleHBvcnQgQVdTX1JFR0lPTj11cy13ZXN0LTEKCgoKCgoKZnVuY3Rpb24gZW5zdXJlLWluc3RhbGwtZGlyKCkgewogIElOU1RBTExfRElSPSIvdmFyL2NhY2hlL2t1YmVybmV0ZXMtaW5zdGFsbCIKICAjIE9uIENvbnRhaW5lck9TLCB3ZSBpbnN0YWxsIHRvIC92YXIvbGliL3Rvb2xib3ggaW5zdGFsbCAoYmVjYXVzZSBvZiBub2V4ZWMpCiAgaWYgW1sgLWQgL3Zhci9saWIvdG9vbGJveCBdXTsgdGhlbgogICAgSU5TVEFMTF9ESVI9Ii92YXIvbGliL3Rvb2xib3gva3ViZXJuZXRlcy1pbnN0YWxsIgogIGZpCiAgbWtkaXIgLXAgJHtJTlNUQUxMX0RJUn0KICBjZCAke0lOU1RBTExfRElSfQp9CgojIFJldHJ5IGEgZG93bmxvYWQgdW50aWwgd2UgZ2V0IGl0LiBUYWtlcyBhIGhhc2ggYW5kIGEgc2V0IG9mIFVSTHMuCiMKIyAkMSBpcyB0aGUgc2hhMSBvZiB0aGUgVVJMLiBDYW4gYmUgIiIgaWYgdGhlIHNoYTEgaXMgdW5rbm93bi4KIyAkMisgYXJlIHRoZSBVUkxzIHRvIGRvd25sb2FkLgpkb3dubG9hZC1vci1idXN0KCkgewogIGxvY2FsIC1yIGhhc2g9IiQxIgogIHNoaWZ0IDEKCiAgdXJscz0oICQqICkKICB3aGlsZSB0cnVlOyBkbwogICAgZm9yIHVybCBpbiAiJHt1cmxzW0BdfSI7IGRvCiAgICAgIGxvY2FsIGZpbGU9IiR7dXJsIyMqL30iCiAgICAgIHJtIC1mICIke2ZpbGV9IgoKICAgICAgaWYgW1sgJCh3aGljaCBjdXJsKSBdXTsgdGhlbgogICAgICAgIGlmICEgY3VybCAtZiAtLWlwdjQgLUxvICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dCAyMCAtLXJldHJ5IDYgLS1yZXRyeS1kZWxheSAxMCAiJHt1cmx9IjsgdGhlbgogICAgICAgICAgZWNobyAiPT0gRmFpbGVkIHRvIGN1cmwgJHt1cmx9LiBSZXRyeWluZy4gPT0iCiAgICAgICAgICBicmVhawogICAgICAgIGZpCiAgICAgIGVsaWYgW1sgJCh3aGljaCB3Z2V0ICkgXV07IHRoZW4KICAgICAgICBpZiAhIHdnZXQgLS1pbmV0NC1vbmx5IC1PICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dD0yMCAtLXRyaWVzPTYgLS13YWl0PTEwICIke3VybH0iOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBGYWlsZWQgdG8gd2dldCAke3VybH0uIFJldHJ5aW5nLiA9PSIKICAgICAgICAgIGJyZWFrCiAgICAgICAgZmkKICAgICAgZWxzZQogICAgICAgIGVjaG8gIj09IENvdWxkIG5vdCBmaW5kIGN1cmwgb3Igd2dldC4gUmV0cnlpbmcuID09IgogICAgICAgIGJyZWFrCiAgICAgIGZpCgogICAgICBpZiBbWyAtbiAiJHtoYXNofSIgXV0gJiYgISB2YWxpZGF0ZS1oYXNoICIke2ZpbGV9IiAiJHtoYXNofSI7IHRoZW4KICAgICAgICBlY2hvICI9PSBIYXNoIHZhbGlkYXRpb24gb2YgJHt1cmx9IGZhaWxlZC4gUmV0cnlpbmcuID09IgogICAgICBlbHNlCiAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBEb3dubG9hZGVkICR7dXJsfSAoU0hBMSA9ICR7aGFzaH0pID09IgogICAgICAgIGVsc2UKICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9ID09IgogICAgICAgIGZpCiAgICAgICAgcmV0dXJuCiAgICAgIGZpCiAgICBkb25lCgogICAgZWNobyAiQWxsIGRvd25sb2FkcyBmYWlsZWQ7IHNsZWVwaW5nIGJlZm9yZSByZXRyeWluZyIKICAgIHNsZWVwIDYwCiAgZG9uZQp9Cgp2YWxpZGF0ZS1oYXNoKCkgewogIGxvY2FsIC1yIGZpbGU9IiQxIgogIGxvY2FsIC1yIGV4cGVjdGVkPSIkMiIKICBsb2NhbCBhY3R1YWwKCiAgYWN0dWFsPSQoc2hhMXN1bSAke2ZpbGV9IHwgYXdrICd7IHByaW50ICQxIH0nKSB8fCB0cnVlCiAgaWYgW1sgIiR7YWN0dWFsfSIgIT0gIiR7ZXhwZWN0ZWR9IiBdXTsgdGhlbgogICAgZWNobyAiPT0gJHtmaWxlfSBjb3JydXB0ZWQsIHNoYTEgJHthY3R1YWx9IGRvZXNuJ3QgbWF0Y2ggZXhwZWN0ZWQgJHtleHBlY3RlZH0gPT0iCiAgICByZXR1cm4gMQogIGZpCn0KCmZ1bmN0aW9uIHNwbGl0LWNvbW1hcygpIHsKICBlY2hvICQxIHwgdHIgIiwiICJcbiIKfQoKZnVuY3Rpb24gdHJ5LWRvd25sb2FkLXJlbGVhc2UoKSB7CiAgIyBUT0RPKHptZXJseW5uKTogTm93IHdlIFJFQUxMWSBoYXZlIG5vIGV4Y3VzZSBub3QgdG8gZG8gdGhlIHJlYm9vdAogICMgb3B0aW1pemF0aW9uLgoKICBsb2NhbCAtciBub2RldXBfdXJscz0oICQoc3BsaXQtY29tbWFzICIke05PREVVUF9VUkx9IikgKQogIGxvY2FsIC1yIG5vZGV1cF9maWxlbmFtZT0iJHtub2RldXBfdXJsc1swXSMjKi99IgogIGlmIFtbIC1uICIke05PREVVUF9IQVNIOi19IiBdXTsgdGhlbgogICAgbG9jYWwgLXIgbm9kZXVwX2hhc2g9IiR7Tk9ERVVQX0hBU0h9IgogIGVsc2UKICAjIFRPRE86IFJlbW92ZT8KICAgIGVjaG8gIkRvd25sb2FkaW5nIHNoYTEgKG5vdCBmb3VuZCBpbiBlbnYpIgogICAgZG93bmxvYWQtb3ItYnVzdCAiIiAiJHtub2RldXBfdXJsc1tAXS8lLy5zaGExfSIKICAgIGxvY2FsIC1yIG5vZGV1cF9oYXNoPSQoY2F0ICIke25vZGV1cF9maWxlbmFtZX0uc2hhMSIpCiAgZmkKCiAgZWNobyAiRG93bmxvYWRpbmcgbm9kZXVwICgke25vZGV1cF91cmxzW0BdfSkiCiAgZG93bmxvYWQtb3ItYnVzdCAiJHtub2RldXBfaGFzaH0iICIke25vZGV1cF91cmxzW0BdfSIKCiAgY2htb2QgK3ggbm9kZXVwCn0KCmZ1bmN0aW9uIGRvd25sb2FkLXJlbGVhc2UoKSB7CiAgIyBJbiBjYXNlIG9mIGZhaWx1cmUgY2hlY2tpbmcgaW50ZWdyaXR5IG9mIHJlbGVhc2UsIHJldHJ5LgogIHVudGlsIHRyeS1kb3dubG9hZC1yZWxlYXNlOyBkbwogICAgc2xlZXAgMTUKICAgIGVjaG8gIkNvdWxkbid0IGRvd25sb2FkIHJlbGVhc2UuIFJldHJ5aW5nLi4uIgogIGRvbmUKCiAgZWNobyAiUnVubmluZyBub2RldXAiCiAgIyBXZSBjYW4ndCBydW4gaW4gdGhlIGZvcmVncm91bmQgYmVjYXVzZSBvZiBodHRwczovL2dpdGh1Yi5jb20vZG9ja2VyL2RvY2tlci9pc3N1ZXMvMjM3OTMKICAoIGNkICR7SU5TVEFMTF9ESVJ9OyAuL25vZGV1cCAtLWluc3RhbGwtc3lzdGVtZC11bml0IC0tY29uZj0ke0lOU1RBTExfRElSfS9rdWJlX2Vudi55YW1sIC0tdj04ICApCn0KCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwoKL2Jpbi9zeXN0ZW1kLW1hY2hpbmUtaWQtc2V0dXAgfHwgZWNobyAiZmFpbGVkIHRvIHNldCB1cCBlbnN1cmUgbWFjaGluZS1pZCBjb25maWd1cmVkIgoKZWNobyAiPT0gbm9kZXVwIG5vZGUgY29uZmlnIHN0YXJ0aW5nID09IgplbnN1cmUtaW5zdGFsbC1kaXIKCmNhdCA+IGNsdXN0ZXJfc3BlYy55YW1sIDw8ICdfX0VPRl9DTFVTVEVSX1NQRUMnCmNsb3VkQ29uZmlnOiBudWxsCmRvY2tlcjoKICBicmlkZ2U6ICIiCiAgaXBNYXNxOiBmYWxzZQogIGlwVGFibGVzOiBmYWxzZQogIGxvZ0RyaXZlcjoganNvbi1maWxlCiAgbG9nTGV2ZWw6IHdhcm4KICBsb2dPcHQ6CiAgLSBtYXgtc2l6ZT0xMG0KICAtIG1heC1maWxlPTUKICBzdG9yYWdlOiBvdmVybGF5LGF1ZnMKICB2ZXJzaW9uOiAxNy4wMy4yCmVuY3J5cHRpb25Db25maWc6IG51bGwKZXRjZENsdXN0ZXJzOgogIGV2ZW50czoKICAgIGltYWdlOiBnY3IuaW8vZ29vZ2xlX2NvbnRhaW5lcnMvZXRjZDoyLjIuMQogICAgdmVyc2lvbjogMi4yLjEKICBtYWluOgogICAgaW1hZ2U6IGdjci5pby9nb29nbGVfY29udGFpbmVycy9ldGNkOjIuMi4xCiAgICB2ZXJzaW9uOiAyLjIuMQprdWJlQVBJU2VydmVyOgogIGFkZHJlc3M6IDEyNy4wLjAuMQogIGFkbWlzc2lvbkNvbnRyb2w6CiAgLSBJbml0aWFsaXplcnMKICAtIE5hbWVzcGFjZUxpZmVjeWNsZQogIC0gTGltaXRSYW5nZXIKICAtIFNlcnZpY2VBY2NvdW50CiAgLSBQZXJzaXN0ZW50Vm9sdW1lTGFiZWwKICAtIERlZmF1bHRTdG9yYWdlQ2xhc3MKICAtIERlZmF1bHRUb2xlcmF0aW9uU2Vjb25kcwogIC0gTXV0YXRpbmdBZG1pc3Npb25XZWJob29rCiAgLSBWYWxpZGF0aW5nQWRtaXNzaW9uV2ViaG9vawogIC0gTm9kZVJlc3RyaWN0aW9uCiAgLSBSZXNvdXJjZVF1b3RhCiAgYWxsb3dQcml2aWxlZ2VkOiB0cnVlCiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBhcGlTZXJ2ZXJDb3VudDogMQogIGF1dGhvcml6YXRpb25Nb2RlOiBSQkFDCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgZXRjZFF1b3J1bVJlYWQ6IGZhbHNlCiAgZXRjZFNlcnZlcnM6CiAgLSBodHRwOi8vMTI3LjAuMC4xOjQwMDEKICBldGNkU2VydmVyc092ZXJyaWRlczoKICAtIC9ldmVudHMjaHR0cDovLzEyNy4wLjAuMTo0MDAyCiAgaW1hZ2U6IGdjci5pby9nb29nbGVfY29udGFpbmVycy9rdWJlLWFwaXNlcnZlcjp2MS45LjMKICBpbnNlY3VyZVBvcnQ6IDgwODAKICBrdWJlbGV0UHJlZmVycmVkQWRkcmVzc1R5cGVzOgogIC0gSW50ZXJuYWxJUAogIC0gSG9zdG5hbWUKICAtIEV4dGVybmFsSVAKICBsb2dMZXZlbDogMgogIHJlcXVlc3RoZWFkZXJBbGxvd2VkTmFtZXM6CiAgLSBhZ2dyZWdhdG9yCiAgcmVxdWVzdGhlYWRlckV4dHJhSGVhZGVyUHJlZml4ZXM6CiAgLSBYLVJlbW90ZS1FeHRyYS0KICByZXF1ZXN0aGVhZGVyR3JvdXBIZWFkZXJzOgogIC0gWC1SZW1vdGUtR3JvdXAKICByZXF1ZXN0aGVhZGVyVXNlcm5hbWVIZWFkZXJzOgogIC0gWC1SZW1vdGUtVXNlcgogIHNlY3VyZVBvcnQ6IDQ0MwogIHNlcnZpY2VDbHVzdGVySVBSYW5nZTogMTAwLjY0LjAuMC8xMwogIHN0b3JhZ2VCYWNrZW5kOiBldGNkMgprdWJlQ29udHJvbGxlck1hbmFnZXI6CiAgYWxsb2NhdGVOb2RlQ0lEUnM6IHRydWUKICBhdHRhY2hEZXRhY2hSZWNvbmNpbGVTeW5jUGVyaW9kOiAxbTBzCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckNJRFI6IDEwMC45Ni4wLjAvMTEKICBjbHVzdGVyTmFtZTogbXlmaXJzdGNsdXN0ZXIuazhzLmxvY2FsCiAgY29uZmlndXJlQ2xvdWRSb3V0ZXM6IHRydWUKICBpbWFnZTogZ2NyLmlvL2dvb2dsZV9jb250YWluZXJzL2t1YmUtY29udHJvbGxlci1tYW5hZ2VyOnYxLjkuMwogIGxlYWRlckVsZWN0aW9uOgogICAgbGVhZGVyRWxlY3Q6IHRydWUKICBsb2dMZXZlbDogMgogIHVzZVNlcnZpY2VBY2NvdW50Q3JlZGVudGlhbHM6IHRydWUKa3ViZVByb3h5OgogIGNsdXN0ZXJDSURSOiAxMDAuOTYuMC4wLzExCiAgY3B1UmVxdWVzdDogMTAwbQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGltYWdlOiBnY3IuaW8vZ29vZ2xlX2NvbnRhaW5lcnMva3ViZS1wcm94eTp2MS45LjMKICBsb2dMZXZlbDogMgprdWJlU2NoZWR1bGVyOgogIGltYWdlOiBnY3IuaW8vZ29vZ2xlX2NvbnRhaW5lcnMva3ViZS1zY2hlZHVsZXI6djEuOS4zCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCmt1YmVsZXQ6CiAgYWxsb3dQcml2aWxlZ2VkOiB0cnVlCiAgY2dyb3VwUm9vdDogLwogIGNsb3VkUHJvdmlkZXI6IGF3cwogIGNsdXN0ZXJETlM6IDEwMC42NC4wLjEwCiAgY2x1c3RlckRvbWFpbjogY2x1c3Rlci5sb2NhbAogIGVuYWJsZURlYnVnZ2luZ0hhbmRsZXJzOiB0cnVlCiAgZXZpY3Rpb25IYXJkOiBtZW1vcnkuYXZhaWxhYmxlPDEwME1pLG5vZGVmcy5hdmFpbGFibGU8MTAlLG5vZGVmcy5pbm9kZXNGcmVlPDUlLGltYWdlZnMuYXZhaWxhYmxlPDEwJSxpbWFnZWZzLmlub2Rlc0ZyZWU8NSUKICBmZWF0dXJlR2F0ZXM6CiAgICBFeHBlcmltZW50YWxDcml0aWNhbFBvZEFubm90YXRpb246ICJ0cnVlIgogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5NVFU6IDkwMDEKICBuZXR3b3JrUGx1Z2luTmFtZToga3ViZW5ldAogIG5vbk1hc3F1ZXJhZGVDSURSOiAxMDAuNjQuMC4wLzEwCiAgcG9kSW5mcmFDb250YWluZXJJbWFnZTogZ2NyLmlvL2dvb2dsZV9jb250YWluZXJzL3BhdXNlLWFtZDY0OjMuMAogIHBvZE1hbmlmZXN0UGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwptYXN0ZXJLdWJlbGV0OgogIGFsbG93UHJpdmlsZWdlZDogdHJ1ZQogIGNncm91cFJvb3Q6IC8KICBjbG91ZFByb3ZpZGVyOiBhd3MKICBjbHVzdGVyRE5TOiAxMDAuNjQuMC4xMAogIGNsdXN0ZXJEb21haW46IGNsdXN0ZXIubG9jYWwKICBlbmFibGVEZWJ1Z2dpbmdIYW5kbGVyczogdHJ1ZQogIGV2aWN0aW9uSGFyZDogbWVtb3J5LmF2YWlsYWJsZTwxMDBNaSxub2RlZnMuYXZhaWxhYmxlPDEwJSxub2RlZnMuaW5vZGVzRnJlZTw1JSxpbWFnZWZzLmF2YWlsYWJsZTwxMCUsaW1hZ2Vmcy5pbm9kZXNGcmVlPDUlCiAgZmVhdHVyZUdhdGVzOgogICAgRXhwZXJpbWVudGFsQ3JpdGljYWxQb2RBbm5vdGF0aW9uOiAidHJ1ZSIKICBob3N0bmFtZU92ZXJyaWRlOiAnQGF3cycKICBrdWJlY29uZmlnUGF0aDogL3Zhci9saWIva3ViZWxldC9rdWJlY29uZmlnCiAgbG9nTGV2ZWw6IDIKICBuZXR3b3JrUGx1Z2luTVRVOiA5MDAxCiAgbmV0d29ya1BsdWdpbk5hbWU6IGt1YmVuZXQKICBub25NYXNxdWVyYWRlQ0lEUjogMTAwLjY0LjAuMC8xMAogIHBvZEluZnJhQ29udGFpbmVySW1hZ2U6IGdjci5pby9nb29nbGVfY29udGFpbmVycy9wYXVzZS1hbWQ2NDozLjAKICBwb2RNYW5pZmVzdFBhdGg6IC9ldGMva3ViZXJuZXRlcy9tYW5pZmVzdHMKICByZWdpc3RlclNjaGVkdWxhYmxlOiBmYWxzZQoKX19FT0ZfQ0xVU1RFUl9TUEVDCgpjYXQgPiBpZ19zcGVjLnlhbWwgPDwgJ19fRU9GX0lHX1NQRUMnCmt1YmVsZXQ6IG51bGwKbm9kZUxhYmVsczoKICBrb3BzLms4cy5pby9pbnN0YW5jZWdyb3VwOiBtYXN0ZXItdXMtZWFzdC0xYQpzdXNwZW5kUHJvY2Vzc2VzOiBudWxsCnRhaW50czogbnVsbAoKX19FT0ZfSUdfU1BFQwoKY2F0ID4ga3ViZV9lbnYueWFtbCA8PCAnX19FT0ZfS1VCRV9FTlYnCkFzc2V0czoKLSBlZjk3OWEwMGJhMmY3YmY0ZWU1MDIzZTgyZjk0Y2VkMmQ5NGMxNzI2QGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS45LjMvYmluL2xpbnV4L2FtZDY0L2t1YmVsZXQKLSBhMjdkODA4ZWIwMTFkYmVlYTg3NmZlNTMyNjM0OWVkMTY3YTdlZDI4QGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS45LjMvYmluL2xpbnV4L2FtZDY0L2t1YmVjdGwKLSBkNTk1ZDNkZWQ2NDk5YTY0ZThkYWMwMjQ2NmUyZjVmMmNlMjU3YzlmQGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvbmV0d29yay1wbHVnaW5zL2NuaS1wbHVnaW5zLWFtZDY0LXYwLjYuMC50Z3oKLSBjNmYzMTAyMTRmNjg3YjZjMmYzMmU4MWMyYTQ5MjM1MTgyOTUwYmUzQGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuOS4wL2xpbnV4L2FtZDY0L3V0aWxzLnRhci5negpDbHVzdGVyTmFtZTogbXlmaXJzdGNsdXN0ZXIuazhzLmxvY2FsCkNvbmZpZ0Jhc2U6IHMzOi8vd29vby1leGFtcGxlLWNvbS1zdGF0ZS1zdG9yZS9teWZpcnN0Y2x1c3Rlci5rOHMubG9jYWwKSW5zdGFuY2VHcm91cE5hbWU6IG1hc3Rlci11cy1lYXN0LTFhClRhZ3M6Ci0gX2F1dG9tYXRpY191cGdyYWRlcwotIF9hd3MKLSBfa3ViZXJuZXRlc19tYXN0ZXIKY2hhbm5lbHM6Ci0gczM6Ly93b29vLWV4YW1wbGUtY29tLXN0YXRlLXN0b3JlL215Zmlyc3RjbHVzdGVyLms4cy5sb2NhbC9hZGRvbnMvYm9vdHN0cmFwLWNoYW5uZWwueWFtbApwcm90b2t1YmVJbWFnZToKICBoYXNoOiA0YmJmY2M2ZGYxYzFjMDk1M2JkMDUzMjExM2E3NGI3YWUyMWUwZGVkCiAgbmFtZTogcHJvdG9rdWJlOjEuOS4wCiAgc291cmNlOiBodHRwczovL2t1YmV1cHYyLnMzLmFtYXpvbmF3cy5jb20va29wcy8xLjkuMC9pbWFnZXMvcHJvdG9rdWJlLnRhci5negoKX19FT0ZfS1VCRV9FTlYKCmRvd25sb2FkLXJlbGVhc2UKZWNobyAiPT0gbm9kZXVwIG5vZGUgY29uZmlnIGRvbmUgPT0iCg==", | |
"InstanceMonitoring": false | |
} | |
}, | |
"AWSAutoScalingLaunchConfigurationnodesmyfirstclusterk8slocal": { | |
"Type": "AWS::AutoScaling::LaunchConfiguration", | |
"Properties": { | |
"AssociatePublicIpAddress": true, | |
"BlockDeviceMappings": [ | |
{ | |
"DeviceName": "/dev/xvda", | |
"Ebs": { | |
"VolumeType": "gp2", | |
"VolumeSize": 128, | |
"DeleteOnTermination": true | |
} | |
} | |
], | |
"IamInstanceProfile": { | |
"Ref": "AWSIAMInstanceProfilenodesmyfirstclusterk8slocal" | |
}, | |
"ImageId": "ami-b0c6ccca", | |
"InstanceType": "t2.medium", | |
"KeyName": "kubernetes.myfirstcluster.k8s.local-4a:a5:78:91:d8:a1:5c:cd:10:40:1d:be:1a:fd:c4:4c", | |
"SecurityGroups": [ | |
{ | |
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal" | |
} | |
], | |
"UserData": "IyEvYmluL2Jhc2gKIyBDb3B5cmlnaHQgMjAxNiBUaGUgS3ViZXJuZXRlcyBBdXRob3JzIEFsbCByaWdodHMgcmVzZXJ2ZWQuCiMKIyBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKIyB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiMgWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0CiMKIyAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCiMKIyBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCiMgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKIyBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KIyBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCiMgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuCgpzZXQgLW8gZXJyZXhpdApzZXQgLW8gbm91bnNldApzZXQgLW8gcGlwZWZhaWwKCk5PREVVUF9VUkw9aHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS45LjAvbGludXgvYW1kNjQvbm9kZXVwCk5PREVVUF9IQVNIPTU0ZWNhZTY2YTJiNGUxNDA5YjM2ZmMwMGI1NTBmMjUwMWFmZWRiZmMKCgpleHBvcnQgQVdTX1JFR0lPTj11cy13ZXN0LTEKCgoKCgoKZnVuY3Rpb24gZW5zdXJlLWluc3RhbGwtZGlyKCkgewogIElOU1RBTExfRElSPSIvdmFyL2NhY2hlL2t1YmVybmV0ZXMtaW5zdGFsbCIKICAjIE9uIENvbnRhaW5lck9TLCB3ZSBpbnN0YWxsIHRvIC92YXIvbGliL3Rvb2xib3ggaW5zdGFsbCAoYmVjYXVzZSBvZiBub2V4ZWMpCiAgaWYgW1sgLWQgL3Zhci9saWIvdG9vbGJveCBdXTsgdGhlbgogICAgSU5TVEFMTF9ESVI9Ii92YXIvbGliL3Rvb2xib3gva3ViZXJuZXRlcy1pbnN0YWxsIgogIGZpCiAgbWtkaXIgLXAgJHtJTlNUQUxMX0RJUn0KICBjZCAke0lOU1RBTExfRElSfQp9CgojIFJldHJ5IGEgZG93bmxvYWQgdW50aWwgd2UgZ2V0IGl0LiBUYWtlcyBhIGhhc2ggYW5kIGEgc2V0IG9mIFVSTHMuCiMKIyAkMSBpcyB0aGUgc2hhMSBvZiB0aGUgVVJMLiBDYW4gYmUgIiIgaWYgdGhlIHNoYTEgaXMgdW5rbm93bi4KIyAkMisgYXJlIHRoZSBVUkxzIHRvIGRvd25sb2FkLgpkb3dubG9hZC1vci1idXN0KCkgewogIGxvY2FsIC1yIGhhc2g9IiQxIgogIHNoaWZ0IDEKCiAgdXJscz0oICQqICkKICB3aGlsZSB0cnVlOyBkbwogICAgZm9yIHVybCBpbiAiJHt1cmxzW0BdfSI7IGRvCiAgICAgIGxvY2FsIGZpbGU9IiR7dXJsIyMqL30iCiAgICAgIHJtIC1mICIke2ZpbGV9IgoKICAgICAgaWYgW1sgJCh3aGljaCBjdXJsKSBdXTsgdGhlbgogICAgICAgIGlmICEgY3VybCAtZiAtLWlwdjQgLUxvICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dCAyMCAtLXJldHJ5IDYgLS1yZXRyeS1kZWxheSAxMCAiJHt1cmx9IjsgdGhlbgogICAgICAgICAgZWNobyAiPT0gRmFpbGVkIHRvIGN1cmwgJHt1cmx9LiBSZXRyeWluZy4gPT0iCiAgICAgICAgICBicmVhawogICAgICAgIGZpCiAgICAgIGVsaWYgW1sgJCh3aGljaCB3Z2V0ICkgXV07IHRoZW4KICAgICAgICBpZiAhIHdnZXQgLS1pbmV0NC1vbmx5IC1PICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dD0yMCAtLXRyaWVzPTYgLS13YWl0PTEwICIke3VybH0iOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBGYWlsZWQgdG8gd2dldCAke3VybH0uIFJldHJ5aW5nLiA9PSIKICAgICAgICAgIGJyZWFrCiAgICAgICAgZmkKICAgICAgZWxzZQogICAgICAgIGVjaG8gIj09IENvdWxkIG5vdCBmaW5kIGN1cmwgb3Igd2dldC4gUmV0cnlpbmcuID09IgogICAgICAgIGJyZWFrCiAgICAgIGZpCgogICAgICBpZiBbWyAtbiAiJHtoYXNofSIgXV0gJiYgISB2YWxpZGF0ZS1oYXNoICIke2ZpbGV9IiAiJHtoYXNofSI7IHRoZW4KICAgICAgICBlY2hvICI9PSBIYXNoIHZhbGlkYXRpb24gb2YgJHt1cmx9IGZhaWxlZC4gUmV0cnlpbmcuID09IgogICAgICBlbHNlCiAgICAgICAgaWYgW1sgLW4gIiR7aGFzaH0iIF1dOyB0aGVuCiAgICAgICAgICBlY2hvICI9PSBEb3dubG9hZGVkICR7dXJsfSAoU0hBMSA9ICR7aGFzaH0pID09IgogICAgICAgIGVsc2UKICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkZWQgJHt1cmx9ID09IgogICAgICAgIGZpCiAgICAgICAgcmV0dXJuCiAgICAgIGZpCiAgICBkb25lCgogICAgZWNobyAiQWxsIGRvd25sb2FkcyBmYWlsZWQ7IHNsZWVwaW5nIGJlZm9yZSByZXRyeWluZyIKICAgIHNsZWVwIDYwCiAgZG9uZQp9Cgp2YWxpZGF0ZS1oYXNoKCkgewogIGxvY2FsIC1yIGZpbGU9IiQxIgogIGxvY2FsIC1yIGV4cGVjdGVkPSIkMiIKICBsb2NhbCBhY3R1YWwKCiAgYWN0dWFsPSQoc2hhMXN1bSAke2ZpbGV9IHwgYXdrICd7IHByaW50ICQxIH0nKSB8fCB0cnVlCiAgaWYgW1sgIiR7YWN0dWFsfSIgIT0gIiR7ZXhwZWN0ZWR9IiBdXTsgdGhlbgogICAgZWNobyAiPT0gJHtmaWxlfSBjb3JydXB0ZWQsIHNoYTEgJHthY3R1YWx9IGRvZXNuJ3QgbWF0Y2ggZXhwZWN0ZWQgJHtleHBlY3RlZH0gPT0iCiAgICByZXR1cm4gMQogIGZpCn0KCmZ1bmN0aW9uIHNwbGl0LWNvbW1hcygpIHsKICBlY2hvICQxIHwgdHIgIiwiICJcbiIKfQoKZnVuY3Rpb24gdHJ5LWRvd25sb2FkLXJlbGVhc2UoKSB7CiAgIyBUT0RPKHptZXJseW5uKTogTm93IHdlIFJFQUxMWSBoYXZlIG5vIGV4Y3VzZSBub3QgdG8gZG8gdGhlIHJlYm9vdAogICMgb3B0aW1pemF0aW9uLgoKICBsb2NhbCAtciBub2RldXBfdXJscz0oICQoc3BsaXQtY29tbWFzICIke05PREVVUF9VUkx9IikgKQogIGxvY2FsIC1yIG5vZGV1cF9maWxlbmFtZT0iJHtub2RldXBfdXJsc1swXSMjKi99IgogIGlmIFtbIC1uICIke05PREVVUF9IQVNIOi19IiBdXTsgdGhlbgogICAgbG9jYWwgLXIgbm9kZXVwX2hhc2g9IiR7Tk9ERVVQX0hBU0h9IgogIGVsc2UKICAjIFRPRE86IFJlbW92ZT8KICAgIGVjaG8gIkRvd25sb2FkaW5nIHNoYTEgKG5vdCBmb3VuZCBpbiBlbnYpIgogICAgZG93bmxvYWQtb3ItYnVzdCAiIiAiJHtub2RldXBfdXJsc1tAXS8lLy5zaGExfSIKICAgIGxvY2FsIC1yIG5vZGV1cF9oYXNoPSQoY2F0ICIke25vZGV1cF9maWxlbmFtZX0uc2hhMSIpCiAgZmkKCiAgZWNobyAiRG93bmxvYWRpbmcgbm9kZXVwICgke25vZGV1cF91cmxzW0BdfSkiCiAgZG93bmxvYWQtb3ItYnVzdCAiJHtub2RldXBfaGFzaH0iICIke25vZGV1cF91cmxzW0BdfSIKCiAgY2htb2QgK3ggbm9kZXVwCn0KCmZ1bmN0aW9uIGRvd25sb2FkLXJlbGVhc2UoKSB7CiAgIyBJbiBjYXNlIG9mIGZhaWx1cmUgY2hlY2tpbmcgaW50ZWdyaXR5IG9mIHJlbGVhc2UsIHJldHJ5LgogIHVudGlsIHRyeS1kb3dubG9hZC1yZWxlYXNlOyBkbwogICAgc2xlZXAgMTUKICAgIGVjaG8gIkNvdWxkbid0IGRvd25sb2FkIHJlbGVhc2UuIFJldHJ5aW5nLi4uIgogIGRvbmUKCiAgZWNobyAiUnVubmluZyBub2RldXAiCiAgIyBXZSBjYW4ndCBydW4gaW4gdGhlIGZvcmVncm91bmQgYmVjYXVzZSBvZiBodHRwczovL2dpdGh1Yi5jb20vZG9ja2VyL2RvY2tlci9pc3N1ZXMvMjM3OTMKICAoIGNkICR7SU5TVEFMTF9ESVJ9OyAuL25vZGV1cCAtLWluc3RhbGwtc3lzdGVtZC11bml0IC0tY29uZj0ke0lOU1RBTExfRElSfS9rdWJlX2Vudi55YW1sIC0tdj04ICApCn0KCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwoKL2Jpbi9zeXN0ZW1kLW1hY2hpbmUtaWQtc2V0dXAgfHwgZWNobyAiZmFpbGVkIHRvIHNldCB1cCBlbnN1cmUgbWFjaGluZS1pZCBjb25maWd1cmVkIgoKZWNobyAiPT0gbm9kZXVwIG5vZGUgY29uZmlnIHN0YXJ0aW5nID09IgplbnN1cmUtaW5zdGFsbC1kaXIKCmNhdCA+IGNsdXN0ZXJfc3BlYy55YW1sIDw8ICdfX0VPRl9DTFVTVEVSX1NQRUMnCmNsb3VkQ29uZmlnOiBudWxsCmRvY2tlcjoKICBicmlkZ2U6ICIiCiAgaXBNYXNxOiBmYWxzZQogIGlwVGFibGVzOiBmYWxzZQogIGxvZ0RyaXZlcjoganNvbi1maWxlCiAgbG9nTGV2ZWw6IHdhcm4KICBsb2dPcHQ6CiAgLSBtYXgtc2l6ZT0xMG0KICAtIG1heC1maWxlPTUKICBzdG9yYWdlOiBvdmVybGF5LGF1ZnMKICB2ZXJzaW9uOiAxNy4wMy4yCmt1YmVQcm94eToKICBjbHVzdGVyQ0lEUjogMTAwLjk2LjAuMC8xMQogIGNwdVJlcXVlc3Q6IDEwMG0KICBob3N0bmFtZU92ZXJyaWRlOiAnQGF3cycKICBpbWFnZTogZ2NyLmlvL2dvb2dsZV9jb250YWluZXJzL2t1YmUtcHJveHk6djEuOS4zCiAgbG9nTGV2ZWw6IDIKa3ViZWxldDoKICBhbGxvd1ByaXZpbGVnZWQ6IHRydWUKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGZlYXR1cmVHYXRlczoKICAgIEV4cGVyaW1lbnRhbENyaXRpY2FsUG9kQW5ub3RhdGlvbjogInRydWUiCiAgaG9zdG5hbWVPdmVycmlkZTogJ0Bhd3MnCiAga3ViZWNvbmZpZ1BhdGg6IC92YXIvbGliL2t1YmVsZXQva3ViZWNvbmZpZwogIGxvZ0xldmVsOiAyCiAgbmV0d29ya1BsdWdpbk1UVTogOTAwMQogIG5ldHdvcmtQbHVnaW5OYW1lOiBrdWJlbmV0CiAgbm9uTWFzcXVlcmFkZUNJRFI6IDEwMC42NC4wLjAvMTAKICBwb2RJbmZyYUNvbnRhaW5lckltYWdlOiBnY3IuaW8vZ29vZ2xlX2NvbnRhaW5lcnMvcGF1c2UtYW1kNjQ6My4wCiAgcG9kTWFuaWZlc3RQYXRoOiAvZXRjL2t1YmVybmV0ZXMvbWFuaWZlc3RzCgpfX0VPRl9DTFVTVEVSX1NQRUMKCmNhdCA+IGlnX3NwZWMueWFtbCA8PCAnX19FT0ZfSUdfU1BFQycKa3ViZWxldDogbnVsbApub2RlTGFiZWxzOgogIGtvcHMuazhzLmlvL2luc3RhbmNlZ3JvdXA6IG5vZGVzCnN1c3BlbmRQcm9jZXNzZXM6IG51bGwKdGFpbnRzOiBudWxsCgpfX0VPRl9JR19TUEVDCgpjYXQgPiBrdWJlX2Vudi55YW1sIDw8ICdfX0VPRl9LVUJFX0VOVicKQXNzZXRzOgotIGVmOTc5YTAwYmEyZjdiZjRlZTUwMjNlODJmOTRjZWQyZDk0YzE3MjZAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjkuMy9iaW4vbGludXgvYW1kNjQva3ViZWxldAotIGEyN2Q4MDhlYjAxMWRiZWVhODc2ZmU1MzI2MzQ5ZWQxNjdhN2VkMjhAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjkuMy9iaW4vbGludXgvYW1kNjQva3ViZWN0bAotIGQ1OTVkM2RlZDY0OTlhNjRlOGRhYzAyNDY2ZTJmNWYyY2UyNTdjOWZAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9uZXR3b3JrLXBsdWdpbnMvY25pLXBsdWdpbnMtYW1kNjQtdjAuNi4wLnRnegotIGM2ZjMxMDIxNGY2ODdiNmMyZjMyZTgxYzJhNDkyMzUxODI5NTBiZTNAaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS45LjAvbGludXgvYW1kNjQvdXRpbHMudGFyLmd6CkNsdXN0ZXJOYW1lOiBteWZpcnN0Y2x1c3Rlci5rOHMubG9jYWwKQ29uZmlnQmFzZTogczM6Ly93b29vLWV4YW1wbGUtY29tLXN0YXRlLXN0b3JlL215Zmlyc3RjbHVzdGVyLms4cy5sb2NhbApJbnN0YW5jZUdyb3VwTmFtZTogbm9kZXMKVGFnczoKLSBfYXV0b21hdGljX3VwZ3JhZGVzCi0gX2F3cwpjaGFubmVsczoKLSBzMzovL3dvb28tZXhhbXBsZS1jb20tc3RhdGUtc3RvcmUvbXlmaXJzdGNsdXN0ZXIuazhzLmxvY2FsL2FkZG9ucy9ib290c3RyYXAtY2hhbm5lbC55YW1sCnByb3Rva3ViZUltYWdlOgogIGhhc2g6IDRiYmZjYzZkZjFjMWMwOTUzYmQwNTMyMTEzYTc0YjdhZTIxZTBkZWQKICBuYW1lOiBwcm90b2t1YmU6MS45LjAKICBzb3VyY2U6IGh0dHBzOi8va3ViZXVwdjIuczMuYW1hem9uYXdzLmNvbS9rb3BzLzEuOS4wL2ltYWdlcy9wcm90b2t1YmUudGFyLmd6CgpfX0VPRl9LVUJFX0VOVgoKZG93bmxvYWQtcmVsZWFzZQplY2hvICI9PSBub2RldXAgbm9kZSBjb25maWcgZG9uZSA9PSIK", | |
"InstanceMonitoring": false | |
} | |
}, | |
"AWSEC2DHCPOptionsmyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::DHCPOptions", | |
"Properties": { | |
"DomainName": "ec2.internal", | |
"DomainNameServers": [ | |
"AmazonProvidedDNS" | |
], | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local", | |
"Value": "owned" | |
} | |
] | |
} | |
}, | |
"AWSEC2InternetGatewaymyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::InternetGateway", | |
"Properties": { | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local", | |
"Value": "owned" | |
} | |
] | |
} | |
}, | |
"AWSEC2Route00000": { | |
"Type": "AWS::EC2::Route", | |
"Properties": { | |
"RouteTableId": { | |
"Ref": "AWSEC2RouteTablemyfirstclusterk8slocal" | |
}, | |
"DestinationCidrBlock": "0.0.0.0/0", | |
"GatewayId": { | |
"Ref": "AWSEC2InternetGatewaymyfirstclusterk8slocal" | |
} | |
} | |
}, | |
"AWSEC2RouteTablemyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::RouteTable", | |
"Properties": { | |
"VpcId": { | |
"Ref": "AWSEC2VPCmyfirstclusterk8slocal" | |
}, | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local", | |
"Value": "owned" | |
}, | |
{ | |
"Key": "kubernetes.io/kops/role", | |
"Value": "public" | |
} | |
] | |
} | |
}, | |
"AWSEC2SecurityGroupEgressapielbegress": { | |
"Type": "AWS::EC2::SecurityGroupEgress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupapielbmyfirstclusterk8slocal" | |
}, | |
"FromPort": 0, | |
"ToPort": 0, | |
"IpProtocol": "-1", | |
"CidrIp": "0.0.0.0/0" | |
} | |
}, | |
"AWSEC2SecurityGroupEgressmasteregress": { | |
"Type": "AWS::EC2::SecurityGroupEgress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
}, | |
"FromPort": 0, | |
"ToPort": 0, | |
"IpProtocol": "-1", | |
"CidrIp": "0.0.0.0/0" | |
} | |
}, | |
"AWSEC2SecurityGroupEgressnodeegress": { | |
"Type": "AWS::EC2::SecurityGroupEgress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal" | |
}, | |
"FromPort": 0, | |
"ToPort": 0, | |
"IpProtocol": "-1", | |
"CidrIp": "0.0.0.0/0" | |
} | |
}, | |
"AWSEC2SecurityGroupIngressallmastertomaster": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
}, | |
"SourceSecurityGroupId": { | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
}, | |
"FromPort": 0, | |
"ToPort": 0, | |
"IpProtocol": "-1" | |
} | |
}, | |
"AWSEC2SecurityGroupIngressallmastertonode": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal" | |
}, | |
"SourceSecurityGroupId": { | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
}, | |
"FromPort": 0, | |
"ToPort": 0, | |
"IpProtocol": "-1" | |
} | |
}, | |
"AWSEC2SecurityGroupIngressallnodetonode": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal" | |
}, | |
"SourceSecurityGroupId": { | |
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal" | |
}, | |
"FromPort": 0, | |
"ToPort": 0, | |
"IpProtocol": "-1" | |
} | |
}, | |
"AWSEC2SecurityGroupIngresshttpsapielb00000": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupapielbmyfirstclusterk8slocal" | |
}, | |
"FromPort": 443, | |
"ToPort": 443, | |
"IpProtocol": "tcp", | |
"CidrIp": "0.0.0.0/0" | |
} | |
}, | |
"AWSEC2SecurityGroupIngresshttpselbtomaster": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
}, | |
"SourceSecurityGroupId": { | |
"Ref": "AWSEC2SecurityGroupapielbmyfirstclusterk8slocal" | |
}, | |
"FromPort": 443, | |
"ToPort": 443, | |
"IpProtocol": "tcp" | |
} | |
}, | |
"AWSEC2SecurityGroupIngressnodetomastertcp12379": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
}, | |
"SourceSecurityGroupId": { | |
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal" | |
}, | |
"FromPort": 1, | |
"ToPort": 2379, | |
"IpProtocol": "tcp" | |
} | |
}, | |
"AWSEC2SecurityGroupIngressnodetomastertcp23824000": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
}, | |
"SourceSecurityGroupId": { | |
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal" | |
}, | |
"FromPort": 2382, | |
"ToPort": 4000, | |
"IpProtocol": "tcp" | |
} | |
}, | |
"AWSEC2SecurityGroupIngressnodetomastertcp400365535": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
}, | |
"SourceSecurityGroupId": { | |
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal" | |
}, | |
"FromPort": 4003, | |
"ToPort": 65535, | |
"IpProtocol": "tcp" | |
} | |
}, | |
"AWSEC2SecurityGroupIngressnodetomasterudp165535": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
}, | |
"SourceSecurityGroupId": { | |
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal" | |
}, | |
"FromPort": 1, | |
"ToPort": 65535, | |
"IpProtocol": "udp" | |
} | |
}, | |
"AWSEC2SecurityGroupIngresssshexternaltomaster00000": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupmastersmyfirstclusterk8slocal" | |
}, | |
"FromPort": 22, | |
"ToPort": 22, | |
"IpProtocol": "tcp", | |
"CidrIp": "0.0.0.0/0" | |
} | |
}, | |
"AWSEC2SecurityGroupIngresssshexternaltonode00000": { | |
"Type": "AWS::EC2::SecurityGroupIngress", | |
"Properties": { | |
"GroupId": { | |
"Ref": "AWSEC2SecurityGroupnodesmyfirstclusterk8slocal" | |
}, | |
"FromPort": 22, | |
"ToPort": 22, | |
"IpProtocol": "tcp", | |
"CidrIp": "0.0.0.0/0" | |
} | |
}, | |
"AWSEC2SecurityGroupapielbmyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"VpcId": { | |
"Ref": "AWSEC2VPCmyfirstclusterk8slocal" | |
}, | |
"GroupDescription": "Security group for api ELB", | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "api-elb.myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local", | |
"Value": "owned" | |
} | |
] | |
} | |
}, | |
"AWSEC2SecurityGroupmastersmyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"VpcId": { | |
"Ref": "AWSEC2VPCmyfirstclusterk8slocal" | |
}, | |
"GroupDescription": "Security group for masters", | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "masters.myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local", | |
"Value": "owned" | |
} | |
] | |
} | |
}, | |
"AWSEC2SecurityGroupnodesmyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::SecurityGroup", | |
"Properties": { | |
"VpcId": { | |
"Ref": "AWSEC2VPCmyfirstclusterk8slocal" | |
}, | |
"GroupDescription": "Security group for nodes", | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "nodes.myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local", | |
"Value": "owned" | |
} | |
] | |
} | |
}, | |
"AWSEC2SubnetRouteTableAssociationuseast1amyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::SubnetRouteTableAssociation", | |
"Properties": { | |
"SubnetId": { | |
"Ref": "AWSEC2Subnetuseast1amyfirstclusterk8slocal" | |
}, | |
"RouteTableId": { | |
"Ref": "AWSEC2RouteTablemyfirstclusterk8slocal" | |
} | |
} | |
}, | |
"AWSEC2Subnetuseast1amyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::Subnet", | |
"Properties": { | |
"VpcId": { | |
"Ref": "AWSEC2VPCmyfirstclusterk8slocal" | |
}, | |
"CidrBlock": "172.20.32.0/19", | |
"AvailabilityZone": "us-east-1a", | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "us-east-1a.myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "SubnetType", | |
"Value": "Public" | |
}, | |
{ | |
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local", | |
"Value": "owned" | |
}, | |
{ | |
"Key": "kubernetes.io/role/elb", | |
"Value": "1" | |
} | |
] | |
} | |
}, | |
"AWSEC2VPCDHCPOptionsAssociationmyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::VPCDHCPOptionsAssociation", | |
"Properties": { | |
"VpcId": { | |
"Ref": "AWSEC2VPCmyfirstclusterk8slocal" | |
}, | |
"DhcpOptionsId": { | |
"Ref": "AWSEC2DHCPOptionsmyfirstclusterk8slocal" | |
} | |
} | |
}, | |
"AWSEC2VPCGatewayAttachmentmyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::VPCGatewayAttachment", | |
"Properties": { | |
"VpcId": { | |
"Ref": "AWSEC2VPCmyfirstclusterk8slocal" | |
}, | |
"InternetGatewayId": { | |
"Ref": "AWSEC2InternetGatewaymyfirstclusterk8slocal" | |
} | |
} | |
}, | |
"AWSEC2VPCmyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::VPC", | |
"Properties": { | |
"CidrBlock": "172.20.0.0/16", | |
"EnableDnsHostnames": true, | |
"EnableDnsSupport": true, | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local", | |
"Value": "owned" | |
} | |
] | |
} | |
}, | |
"AWSEC2Volumeaetcdeventsmyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::Volume", | |
"Properties": { | |
"AvailabilityZone": "us-east-1a", | |
"Size": 20, | |
"VolumeType": "gp2", | |
"Encrypted": false, | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "a.etcd-events.myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "k8s.io/etcd/events", | |
"Value": "a/a" | |
}, | |
{ | |
"Key": "k8s.io/role/master", | |
"Value": "1" | |
}, | |
{ | |
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local", | |
"Value": "owned" | |
} | |
] | |
} | |
}, | |
"AWSEC2Volumeaetcdmainmyfirstclusterk8slocal": { | |
"Type": "AWS::EC2::Volume", | |
"Properties": { | |
"AvailabilityZone": "us-east-1a", | |
"Size": 20, | |
"VolumeType": "gp2", | |
"Encrypted": false, | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "a.etcd-main.myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "k8s.io/etcd/main", | |
"Value": "a/a" | |
}, | |
{ | |
"Key": "k8s.io/role/master", | |
"Value": "1" | |
}, | |
{ | |
"Key": "kubernetes.io/cluster/myfirstcluster.k8s.local", | |
"Value": "owned" | |
} | |
] | |
} | |
}, | |
"AWSElasticLoadBalancingLoadBalancerapimyfirstclusterk8slocal": { | |
"Type": "AWS::ElasticLoadBalancing::LoadBalancer", | |
"Properties": { | |
"LoadBalancerName": "api-myfirstcluster-k8s-lo-hqulii", | |
"Listeners": [ | |
{ | |
"InstancePort": 443, | |
"InstanceProtocol": "TCP", | |
"LoadBalancerPort": 443, | |
"Protocol": "TCP" | |
} | |
], | |
"SecurityGroups": [ | |
{ | |
"Ref": "AWSEC2SecurityGroupapielbmyfirstclusterk8slocal" | |
} | |
], | |
"Subnets": [ | |
{ | |
"Ref": "AWSEC2Subnetuseast1amyfirstclusterk8slocal" | |
} | |
], | |
"HealthCheck": { | |
"Target": "SSL:443", | |
"HealthyThreshold": 2, | |
"UnhealthyThreshold": 2, | |
"Interval": 10, | |
"Timeout": 5 | |
}, | |
"ConnectionSettings": { | |
"IdleTimeout": 300 | |
}, | |
"Tags": [ | |
{ | |
"Key": "KubernetesCluster", | |
"Value": "myfirstcluster.k8s.local" | |
}, | |
{ | |
"Key": "Name", | |
"Value": "api.myfirstcluster.k8s.local" | |
} | |
] | |
} | |
}, | |
"AWSIAMInstanceProfilemastersmyfirstclusterk8slocal": { | |
"Type": "AWS::IAM::InstanceProfile", | |
"Properties": { | |
"Roles": [ | |
{ | |
"Ref": "AWSIAMRolemastersmyfirstclusterk8slocal" | |
} | |
] | |
} | |
}, | |
"AWSIAMInstanceProfilenodesmyfirstclusterk8slocal": { | |
"Type": "AWS::IAM::InstanceProfile", | |
"Properties": { | |
"Roles": [ | |
{ | |
"Ref": "AWSIAMRolenodesmyfirstclusterk8slocal" | |
} | |
] | |
} | |
}, | |
"AWSIAMPolicymastersmyfirstclusterk8slocal": { | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyName": "masters.myfirstcluster.k8s.local", | |
"Roles": [ | |
{ | |
"Ref": "AWSIAMRolemastersmyfirstclusterk8slocal" | |
} | |
], | |
"PolicyDocument": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeInstances", | |
"ec2:DescribeRegions", | |
"ec2:DescribeRouteTables", | |
"ec2:DescribeSecurityGroups", | |
"ec2:DescribeSubnets", | |
"ec2:DescribeVolumes" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsK8sEC2MasterPermsDescribeResources" | |
}, | |
{ | |
"Action": [ | |
"ec2:CreateSecurityGroup", | |
"ec2:CreateTags", | |
"ec2:CreateVolume", | |
"ec2:ModifyInstanceAttribute" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsK8sEC2MasterPermsAllResources" | |
}, | |
{ | |
"Action": [ | |
"ec2:AttachVolume", | |
"ec2:AuthorizeSecurityGroupIngress", | |
"ec2:CreateRoute", | |
"ec2:DeleteRoute", | |
"ec2:DeleteSecurityGroup", | |
"ec2:DeleteVolume", | |
"ec2:DetachVolume", | |
"ec2:RevokeSecurityGroupIngress" | |
], | |
"Condition": { | |
"StringEquals": { | |
"ec2:ResourceTag/KubernetesCluster": "myfirstcluster.k8s.local" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsK8sEC2MasterPermsTaggedResources" | |
}, | |
{ | |
"Action": [ | |
"autoscaling:DescribeAutoScalingGroups", | |
"autoscaling:DescribeLaunchConfigurations", | |
"autoscaling:DescribeTags", | |
"autoscaling:GetAsgForInstance" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsK8sASMasterPermsAllResources" | |
}, | |
{ | |
"Action": [ | |
"autoscaling:SetDesiredCapacity", | |
"autoscaling:TerminateInstanceInAutoScalingGroup", | |
"autoscaling:UpdateAutoScalingGroup" | |
], | |
"Condition": { | |
"StringEquals": { | |
"autoscaling:ResourceTag/KubernetesCluster": "myfirstcluster.k8s.local" | |
} | |
}, | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsK8sASMasterPermsTaggedResources" | |
}, | |
{ | |
"Action": [ | |
"elasticloadbalancing:AddTags", | |
"elasticloadbalancing:AttachLoadBalancerToSubnets", | |
"elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", | |
"elasticloadbalancing:CreateLoadBalancer", | |
"elasticloadbalancing:CreateLoadBalancerPolicy", | |
"elasticloadbalancing:CreateLoadBalancerListeners", | |
"elasticloadbalancing:ConfigureHealthCheck", | |
"elasticloadbalancing:DeleteLoadBalancer", | |
"elasticloadbalancing:DeleteLoadBalancerListeners", | |
"elasticloadbalancing:DescribeLoadBalancers", | |
"elasticloadbalancing:DescribeLoadBalancerAttributes", | |
"elasticloadbalancing:DetachLoadBalancerFromSubnets", | |
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer", | |
"elasticloadbalancing:ModifyLoadBalancerAttributes", | |
"elasticloadbalancing:RegisterInstancesWithLoadBalancer", | |
"elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsK8sELBMasterPermsRestrictive" | |
}, | |
{ | |
"Action": [ | |
"ec2:DescribeVpcs", | |
"elasticloadbalancing:AddTags", | |
"elasticloadbalancing:CreateListener", | |
"elasticloadbalancing:CreateTargetGroup", | |
"elasticloadbalancing:DeleteListener", | |
"elasticloadbalancing:DeleteTargetGroup", | |
"elasticloadbalancing:DescribeListeners", | |
"elasticloadbalancing:DescribeLoadBalancerPolicies", | |
"elasticloadbalancing:DescribeTargetGroups", | |
"elasticloadbalancing:DescribeTargetHealth", | |
"elasticloadbalancing:ModifyListener", | |
"elasticloadbalancing:ModifyTargetGroup", | |
"elasticloadbalancing:RegisterTargets", | |
"elasticloadbalancing:SetLoadBalancerPoliciesOfListener" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsK8sNLBMasterPermsRestrictive" | |
}, | |
{ | |
"Action": [ | |
"iam:ListServerCertificates", | |
"iam:GetServerCertificate" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsMasterCertIAMPerms" | |
}, | |
{ | |
"Action": [ | |
"s3:GetBucketLocation", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::wooo-example-com-state-store" | |
], | |
"Sid": "kopsK8sS3GetListBucket" | |
}, | |
{ | |
"Action": [ | |
"s3:Get*" | |
], | |
"Effect": "Allow", | |
"Resource": "arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/*", | |
"Sid": "kopsK8sS3MasterBucketFullGet" | |
}, | |
{ | |
"Action": [ | |
"ecr:GetAuthorizationToken", | |
"ecr:BatchCheckLayerAvailability", | |
"ecr:GetDownloadUrlForLayer", | |
"ecr:GetRepositoryPolicy", | |
"ecr:DescribeRepositories", | |
"ecr:ListImages", | |
"ecr:BatchGetImage" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsK8sECR" | |
} | |
], | |
"Version": "2012-10-17" | |
} | |
} | |
}, | |
"AWSIAMPolicynodesmyfirstclusterk8slocal": { | |
"Type": "AWS::IAM::Policy", | |
"Properties": { | |
"PolicyName": "nodes.myfirstcluster.k8s.local", | |
"Roles": [ | |
{ | |
"Ref": "AWSIAMRolenodesmyfirstclusterk8slocal" | |
} | |
], | |
"PolicyDocument": { | |
"Statement": [ | |
{ | |
"Action": [ | |
"ec2:DescribeInstances", | |
"ec2:DescribeRegions" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsK8sEC2NodePerms" | |
}, | |
{ | |
"Action": [ | |
"s3:GetBucketLocation", | |
"s3:ListBucket" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::wooo-example-com-state-store" | |
], | |
"Sid": "kopsK8sS3GetListBucket" | |
}, | |
{ | |
"Action": [ | |
"s3:Get*" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/addons/*", | |
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/cluster.spec", | |
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/config", | |
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/instancegroup/*", | |
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/pki/issued/*", | |
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/pki/private/kube-proxy/*", | |
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/pki/private/kubelet/*", | |
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/pki/ssh/*", | |
"arn:aws:s3:::wooo-example-com-state-store/myfirstcluster.k8s.local/secrets/dockerconfig" | |
], | |
"Sid": "kopsK8sS3NodeBucketSelectiveGet" | |
}, | |
{ | |
"Action": [ | |
"ecr:GetAuthorizationToken", | |
"ecr:BatchCheckLayerAvailability", | |
"ecr:GetDownloadUrlForLayer", | |
"ecr:GetRepositoryPolicy", | |
"ecr:DescribeRepositories", | |
"ecr:ListImages", | |
"ecr:BatchGetImage" | |
], | |
"Effect": "Allow", | |
"Resource": [ | |
"*" | |
], | |
"Sid": "kopsK8sECR" | |
} | |
], | |
"Version": "2012-10-17" | |
} | |
} | |
}, | |
"AWSIAMRolemastersmyfirstclusterk8slocal": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"RoleName": "masters.myfirstcluster.k8s.local", | |
"AssumeRolePolicyDocument": { | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Effect": "Allow", | |
"Principal": { | |
"Service": "ec2.amazonaws.com" | |
} | |
} | |
], | |
"Version": "2012-10-17" | |
} | |
} | |
}, | |
"AWSIAMRolenodesmyfirstclusterk8slocal": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"RoleName": "nodes.myfirstcluster.k8s.local", | |
"AssumeRolePolicyDocument": { | |
"Statement": [ | |
{ | |
"Action": "sts:AssumeRole", | |
"Effect": "Allow", | |
"Principal": { | |
"Service": "ec2.amazonaws.com" | |
} | |
} | |
], | |
"Version": "2012-10-17" | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment