recollir/gist:9e9b4b0b426ef77014083f1839c123d6

## gistfile1.txt
apiVersion: kops/v1alpha2
kind: Cluster
metadata:
  creationTimestamp: 2018-04-01T00:00:00Z
  name: <redacted>
spec:
  additionalPolicies:
    master: |
      [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateNetworkInterface",
                "ec2:AttachNetworkInterface",
                "ec2:DeleteNetworkInterface",
                "ec2:DetachNetworkInterface",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeInstances",
                "ec2:ModifyNetworkInterfaceAttribute",
                "ec2:AssignPrivateIpAddresses"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "tag:TagResources",
            "Resource": "*"
        }
      ]
    node: |
      [
        {
            "Effect": "Allow",
            "Action": [
                "ec2:CreateNetworkInterface",
                "ec2:AttachNetworkInterface",
                "ec2:DeleteNetworkInterface",
                "ec2:DetachNetworkInterface",
                "ec2:DescribeNetworkInterfaces",
                "ec2:DescribeInstances",
                "ec2:ModifyNetworkInterfaceAttribute",
                "ec2:AssignPrivateIpAddresses"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "tag:TagResources",
            "Resource": "*"
        }
      ]
  api:
    dns: {}
    loadBalancer:
      type: Public
  authorization:
    rbac: {}
  channel: stable
  cloudProvider: aws
  configBase: s3://<redacted>
  etcdClusters:
  - enableEtcdTLS: true
    etcdMembers:
    - encryptedVolume: true
      instanceGroup: master-eu-west-1a
      name: a
    - encryptedVolume: true
      instanceGroup: master-eu-west-1b
      name: b
    - encryptedVolume: true
      instanceGroup: master-eu-west-1c
      name: c
    name: main
    version: 3.1.11
  - enableEtcdTLS: true
    etcdMembers:
    - encryptedVolume: true
      instanceGroup: master-eu-west-1a
      name: a
    - encryptedVolume: true
      instanceGroup: master-eu-west-1b
      name: b
    - encryptedVolume: true
      instanceGroup: master-eu-west-1c
      name: c
    name: events
    version: 3.1.11
  iam:
    allowContainerRegistry: true
    legacy: false
  kubernetesApiAccess:
  - <redacted>
  kubernetesVersion: 1.8.6
  masterInternalName: <redacted>
  masterPublicName: <redacted>
  networkCIDR: <redacted>
  networkID: vpc-<redacted>
  networking:
    amazonvpc: {}
  nonMasqueradeCIDR: <redacted>
  sshAccess:
  - <redacted>
  subnets:
  - cidr: 10.<redacted>
    name: eu-west-1a
    type: Private
    zone: eu-west-1a
  - cidr: 10.<redacted>
    name: utility-eu-west-1a
    type: Utility
    zone: eu-west-1a
  - cidr: 10.<redacted>
    name: eu-west-1b
    type: Private
    zone: eu-west-1b
  - cidr: 10.<redacted>
    name: utility-eu-west-1b
    type: Utility
    zone: eu-west-1b
  - cidr: 10.<redacted>
    name: eu-west-1c
    type: Private
    zone: eu-west-1c
  - cidr: 10.<redacted>
    name: utility-eu-west-1c
    type: Utility
    zone: eu-west-1c
  topology:
    bastion:
      bastionPublicName: <redacted>
    dns:
      type: Public
    masters: private
    nodes: private

---

apiVersion: kops/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: 2018-04-01T00:00:00Z
  labels:
    kops.k8s.io/cluster: <redacted>
  name: bastions
spec:
  associatePublicIp: true
  image: ami-<redacted>
  machineType: t2.micro
  maxSize: 1
  minSize: 1
  nodeLabels:
    kops.k8s.io/instancegroup: bastion-eu-west-1a
  role: Bastion
  subnets:
  - utility-eu-west-1a

---

apiVersion: kops/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: 2018-04-01T00:00:00Z
  labels:
    kops.k8s.io/cluster: <redacted>
  name: master-eu-west-1a
spec:
  image: kope.io/k8s-1.8-debian-stretch-amd64-hvm-ebs-2018-01-14
  machineType: m5.large
  maxSize: 1
  minSize: 1
  nodeLabels:
    kops.k8s.io/instancegroup: master-eu-west-1a
  role: Master
  subnets:
  - eu-west-1a

---

apiVersion: kops/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: 2018-04-01T00:00:00Z
  labels:
    kops.k8s.io/cluster: <redacted>
  name: master-eu-west-1b
spec:
  image: kope.io/k8s-1.8-debian-stretch-amd64-hvm-ebs-2018-01-14
  machineType: m5.large
  maxSize: 1
  minSize: 1
  nodeLabels:
    kops.k8s.io/instancegroup: master-eu-west-1b
  role: Master
  subnets:
  - eu-west-1b

---

apiVersion: kops/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: 2018-04-01T00:00:00Z
  labels:
    kops.k8s.io/cluster: <redacted>
  name: master-eu-west-1c
spec:
  image: kope.io/k8s-1.8-debian-stretch-amd64-hvm-ebs-2018-01-14
  machineType: m5.large
  maxSize: 1
  minSize: 1
  nodeLabels:
    kops.k8s.io/instancegroup: master-eu-west-1c
  role: Master
  subnets:
  - eu-west-1c

---

apiVersion: kops/v1alpha2
kind: InstanceGroup
metadata:
  creationTimestamp: 2018-04-01T00:00:00Z
  labels:
    kops.k8s.io/cluster: <redacted>
  name: nodes-eu-west-1
spec:
  image: kope.io/k8s-1.8-debian-jessie-amd64-hvm-ebs-2017-12-02
  machineType: r4.2xlarge
  maxSize: 3
  minSize: 3
  nodeLabels:
    kops.k8s.io/instancegroup: nodes-eu-west-1
  role: Node
  subnets:
  - eu-west-1a
  - eu-west-1b
  - eu-west-1c
	apiVersion: kops/v1alpha2
	kind: Cluster
	metadata:
	creationTimestamp: 2018-04-01T00:00:00Z
	name: <redacted>
	spec:
	additionalPolicies:
	master: \|
	[
	{
	"Effect": "Allow",
	"Action": [
	"ec2:CreateNetworkInterface",
	"ec2:AttachNetworkInterface",
	"ec2:DeleteNetworkInterface",
	"ec2:DetachNetworkInterface",
	"ec2:DescribeNetworkInterfaces",
	"ec2:DescribeInstances",
	"ec2:ModifyNetworkInterfaceAttribute",
	"ec2:AssignPrivateIpAddresses"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Effect": "Allow",
	"Action": "tag:TagResources",
	"Resource": "*"
	}
	]
	node: \|
	[
	{
	"Effect": "Allow",
	"Action": [
	"ec2:CreateNetworkInterface",
	"ec2:AttachNetworkInterface",
	"ec2:DeleteNetworkInterface",
	"ec2:DetachNetworkInterface",
	"ec2:DescribeNetworkInterfaces",
	"ec2:DescribeInstances",
	"ec2:ModifyNetworkInterfaceAttribute",
	"ec2:AssignPrivateIpAddresses"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Effect": "Allow",
	"Action": "tag:TagResources",
	"Resource": "*"
	}
	]
	api:
	dns: {}
	loadBalancer:
	type: Public
	authorization:
	rbac: {}
	channel: stable
	cloudProvider: aws
	configBase: s3://<redacted>
	etcdClusters:
	- enableEtcdTLS: true
	etcdMembers:
	- encryptedVolume: true
	instanceGroup: master-eu-west-1a
	name: a
	- encryptedVolume: true
	instanceGroup: master-eu-west-1b
	name: b
	- encryptedVolume: true
	instanceGroup: master-eu-west-1c
	name: c
	name: main
	version: 3.1.11
	- enableEtcdTLS: true
	etcdMembers:
	- encryptedVolume: true
	instanceGroup: master-eu-west-1a
	name: a
	- encryptedVolume: true
	instanceGroup: master-eu-west-1b
	name: b
	- encryptedVolume: true
	instanceGroup: master-eu-west-1c
	name: c
	name: events
	version: 3.1.11
	iam:
	allowContainerRegistry: true
	legacy: false
	kubernetesApiAccess:
	- <redacted>
	kubernetesVersion: 1.8.6
	masterInternalName: <redacted>
	masterPublicName: <redacted>
	networkCIDR: <redacted>
	networkID: vpc-<redacted>
	networking:
	amazonvpc: {}
	nonMasqueradeCIDR: <redacted>
	sshAccess:
	- <redacted>
	subnets:
	- cidr: 10.<redacted>
	name: eu-west-1a
	type: Private
	zone: eu-west-1a
	- cidr: 10.<redacted>
	name: utility-eu-west-1a
	type: Utility
	zone: eu-west-1a
	- cidr: 10.<redacted>
	name: eu-west-1b
	type: Private
	zone: eu-west-1b
	- cidr: 10.<redacted>
	name: utility-eu-west-1b
	type: Utility
	zone: eu-west-1b
	- cidr: 10.<redacted>
	name: eu-west-1c
	type: Private
	zone: eu-west-1c
	- cidr: 10.<redacted>
	name: utility-eu-west-1c
	type: Utility
	zone: eu-west-1c
	topology:
	bastion:
	bastionPublicName: <redacted>
	dns:
	type: Public
	masters: private
	nodes: private

	---

	apiVersion: kops/v1alpha2
	kind: InstanceGroup
	metadata:
	creationTimestamp: 2018-04-01T00:00:00Z
	labels:
	kops.k8s.io/cluster: <redacted>
	name: bastions
	spec:
	associatePublicIp: true
	image: ami-<redacted>
	machineType: t2.micro
	maxSize: 1
	minSize: 1
	nodeLabels:
	kops.k8s.io/instancegroup: bastion-eu-west-1a
	role: Bastion
	subnets:
	- utility-eu-west-1a

	---

	apiVersion: kops/v1alpha2
	kind: InstanceGroup
	metadata:
	creationTimestamp: 2018-04-01T00:00:00Z
	labels:
	kops.k8s.io/cluster: <redacted>
	name: master-eu-west-1a
	spec:
	image: kope.io/k8s-1.8-debian-stretch-amd64-hvm-ebs-2018-01-14
	machineType: m5.large
	maxSize: 1
	minSize: 1
	nodeLabels:
	kops.k8s.io/instancegroup: master-eu-west-1a
	role: Master
	subnets:
	- eu-west-1a

	---

	apiVersion: kops/v1alpha2
	kind: InstanceGroup
	metadata:
	creationTimestamp: 2018-04-01T00:00:00Z
	labels:
	kops.k8s.io/cluster: <redacted>
	name: master-eu-west-1b
	spec:
	image: kope.io/k8s-1.8-debian-stretch-amd64-hvm-ebs-2018-01-14
	machineType: m5.large
	maxSize: 1
	minSize: 1
	nodeLabels:
	kops.k8s.io/instancegroup: master-eu-west-1b
	role: Master
	subnets:
	- eu-west-1b

	---

	apiVersion: kops/v1alpha2
	kind: InstanceGroup
	metadata:
	creationTimestamp: 2018-04-01T00:00:00Z
	labels:
	kops.k8s.io/cluster: <redacted>
	name: master-eu-west-1c
	spec:
	image: kope.io/k8s-1.8-debian-stretch-amd64-hvm-ebs-2018-01-14
	machineType: m5.large
	maxSize: 1
	minSize: 1
	nodeLabels:
	kops.k8s.io/instancegroup: master-eu-west-1c
	role: Master
	subnets:
	- eu-west-1c

	---

	apiVersion: kops/v1alpha2
	kind: InstanceGroup
	metadata:
	creationTimestamp: 2018-04-01T00:00:00Z
	labels:
	kops.k8s.io/cluster: <redacted>
	name: nodes-eu-west-1
	spec:
	image: kope.io/k8s-1.8-debian-jessie-amd64-hvm-ebs-2017-12-02
	machineType: r4.2xlarge
	maxSize: 3
	minSize: 3
	nodeLabels:
	kops.k8s.io/instancegroup: nodes-eu-west-1
	role: Node
	subnets:
	- eu-west-1a
	- eu-west-1b
	- eu-west-1c