{ "description": "Cluster is the Schema for the Clusters API. Manages an EKS Cluster", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "ClusterSpec defines the desired state of Cluster", "properties": { "deletionPolicy": { "default": "Delete", "description": "DeletionPolicy specifies what will happen to the underlying external\nwhen this managed resource is deleted - either \"Delete\" or \"Orphan\" the\nexternal resource.\nThis field is planned to be deprecated in favor of the ManagementPolicies\nfield in a future release. Currently, both could be set independently and\nnon-default values would be honored if the feature flag is enabled.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223", "enum": [ "Orphan", "Delete" ], "type": "string" }, "forProvider": { "properties": { "accessConfig": { "description": "Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.", "items": { "properties": { "authenticationMode": { "description": "The authentication mode for the cluster. Valid values are CONFIG_MAP, API or API_AND_CONFIG_MAP", "type": "string" }, "bootstrapClusterCreatorAdminPermissions": { "description": "Whether or not to bootstrap the access config values to the cluster. Default is true.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "bootstrapSelfManagedAddons": { "description": "Install default unmanaged add-ons, such as aws-cni, kube-proxy, and CoreDNS during cluster creation. If false, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults to true.", "type": "boolean" }, "computeConfig": { "description": "Configuration block with compute configuration for EKS Auto Mode. Detailed below.", "items": { "properties": { "enabled": { "description": "Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.", "type": "boolean" }, "nodePools": { "description": "Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are general-purpose and system.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "nodeRoleArn": { "description": "The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled..", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "deletionProtection": { "description": "Whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled. Default: false.", "type": "boolean" }, "enabledClusterLogTypes": { "description": "List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "encryptionConfig": { "description": "Configuration block with encryption configuration for the cluster. Detailed below.", "items": { "properties": { "provider": { "description": "Configuration block with provider for encryption. Detailed below.", "items": { "properties": { "keyArn": { "description": "ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "resources": { "description": "List of strings with resources to be encrypted. Valid values: secrets.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "forceUpdateVersion": { "description": "Force version update by overriding upgrade-blocking readiness checks when updating a cluster.", "type": "boolean" }, "kubernetesNetworkConfig": { "description": "Configuration block with kubernetes network configuration for the cluster. Detailed below.", "items": { "properties": { "elasticLoadBalancing": { "description": "Configuration block with elastic load balancing configuration for the cluster. Detailed below.", "items": { "properties": { "enabled": { "description": "Whether zonal shift is enabled for the cluster.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ipFamily": { "description": "The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created.", "type": "string" }, "serviceIpv4Cidr": { "description": "The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "outpostConfig": { "description": "Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.", "items": { "properties": { "controlPlaneInstanceType": { "description": "The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have:", "type": "string" }, "controlPlanePlacement": { "description": "An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost.\nThe control_plane_placement configuration block supports the following arguments:", "items": { "properties": { "groupName": { "description": "The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "outpostArns": { "description": "The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "remoteNetworkConfig": { "description": "Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.", "items": { "properties": { "remoteNodeNetworks": { "description": "Configuration block with remote node network configuration for EKS Hybrid Nodes. Detailed below.", "items": { "properties": { "cidrs": { "description": "List of network CIDRs that can contain hybrid nodes.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "remotePodNetworks": { "description": "Configuration block with remote pod network configuration for EKS Hybrid Nodes. Detailed below.", "items": { "properties": { "cidrs": { "description": "List of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "roleArn": { "description": "ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding depends_on if using the aws_iam_role_policy resource or aws_iam_role_policy_attachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.", "type": "string" }, "roleArnRef": { "description": "Reference to a Role in iam to populate roleArn.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "roleArnSelector": { "description": "Selector for a Role in iam to populate roleArn.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "storageConfig": { "description": "Configuration block with storage configuration for EKS Auto Mode. Detailed below.", "items": { "properties": { "blockStorage": { "description": "Configuration block with block storage configuration for the cluster. Detailed below.", "items": { "properties": { "enabled": { "description": "Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete block storage volumes in your Amazon Web Services account.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "upgradePolicy": { "description": "Configuration block for the support policy to use for the cluster. See upgrade_policy for details.", "items": { "properties": { "supportType": { "description": "Support type to use for the cluster. If the cluster is set to EXTENDED, it will enter extended support at the end of standard support. If the cluster is set to STANDARD, it will be automatically upgraded at the end of standard support. Valid values are EXTENDED, STANDARD", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "version": { "description": "Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.", "type": "string" }, "vpcConfig": { "description": "Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.", "items": { "properties": { "endpointPrivateAccess": { "description": "Whether the Amazon EKS private API server endpoint is enabled. Default is false.", "type": "boolean" }, "endpointPublicAccess": { "description": "Whether the Amazon EKS public API server endpoint is enabled. Default is true.", "type": "boolean" }, "publicAccessCidrs": { "description": "List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "securityGroupIdRefs": { "description": "References to SecurityGroup in ec2 to populate securityGroupIds.", "items": { "description": "A Reference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "securityGroupIdSelector": { "description": "Selector for a list of SecurityGroup in ec2 to populate securityGroupIds.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "securityGroupIds": { "description": "List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "subnetIdRefs": { "description": "References to Subnet in ec2 to populate subnetIds.", "items": { "description": "A Reference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "subnetIdSelector": { "description": "Selector for a list of Subnet in ec2 to populate subnetIds.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "subnetIds": { "description": "List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "zonalShiftConfig": { "description": "Configuration block with zonal shift configuration for the cluster. Detailed below.", "items": { "properties": { "enabled": { "description": "Whether zonal shift is enabled for the cluster.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "required": [ "region" ], "type": "object", "additionalProperties": false }, "initProvider": { "description": "THIS IS A BETA FIELD. It will be honored\nunless the Management Policies feature flag is disabled.\nInitProvider holds the same fields as ForProvider, with the exception\nof Identifier and other resource reference fields. The fields that are\nin InitProvider are merged into ForProvider when the resource is created.\nThe same fields are also added to the terraform ignore_changes hook, to\navoid updating them after creation. This is useful for fields that are\nrequired on creation, but we do not desire to update them after creation,\nfor example because of an external controller is managing them, like an\nautoscaler.", "properties": { "accessConfig": { "description": "Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.", "items": { "properties": { "authenticationMode": { "description": "The authentication mode for the cluster. Valid values are CONFIG_MAP, API or API_AND_CONFIG_MAP", "type": "string" }, "bootstrapClusterCreatorAdminPermissions": { "description": "Whether or not to bootstrap the access config values to the cluster. Default is true.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "bootstrapSelfManagedAddons": { "description": "Install default unmanaged add-ons, such as aws-cni, kube-proxy, and CoreDNS during cluster creation. If false, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults to true.", "type": "boolean" }, "computeConfig": { "description": "Configuration block with compute configuration for EKS Auto Mode. Detailed below.", "items": { "properties": { "enabled": { "description": "Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.", "type": "boolean" }, "nodePools": { "description": "Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are general-purpose and system.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "nodeRoleArn": { "description": "The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled..", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "deletionProtection": { "description": "Whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled. Default: false.", "type": "boolean" }, "enabledClusterLogTypes": { "description": "List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "encryptionConfig": { "description": "Configuration block with encryption configuration for the cluster. Detailed below.", "items": { "properties": { "provider": { "description": "Configuration block with provider for encryption. Detailed below.", "items": { "properties": { "keyArn": { "description": "ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "resources": { "description": "List of strings with resources to be encrypted. Valid values: secrets.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "forceUpdateVersion": { "description": "Force version update by overriding upgrade-blocking readiness checks when updating a cluster.", "type": "boolean" }, "kubernetesNetworkConfig": { "description": "Configuration block with kubernetes network configuration for the cluster. Detailed below.", "items": { "properties": { "elasticLoadBalancing": { "description": "Configuration block with elastic load balancing configuration for the cluster. Detailed below.", "items": { "properties": { "enabled": { "description": "Whether zonal shift is enabled for the cluster.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ipFamily": { "description": "The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created.", "type": "string" }, "serviceIpv4Cidr": { "description": "The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "outpostConfig": { "description": "Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.", "items": { "properties": { "controlPlaneInstanceType": { "description": "The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have:", "type": "string" }, "controlPlanePlacement": { "description": "An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost.\nThe control_plane_placement configuration block supports the following arguments:", "items": { "properties": { "groupName": { "description": "The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "outpostArns": { "description": "The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "remoteNetworkConfig": { "description": "Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.", "items": { "properties": { "remoteNodeNetworks": { "description": "Configuration block with remote node network configuration for EKS Hybrid Nodes. Detailed below.", "items": { "properties": { "cidrs": { "description": "List of network CIDRs that can contain hybrid nodes.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "remotePodNetworks": { "description": "Configuration block with remote pod network configuration for EKS Hybrid Nodes. Detailed below.", "items": { "properties": { "cidrs": { "description": "List of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "roleArn": { "description": "ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding depends_on if using the aws_iam_role_policy resource or aws_iam_role_policy_attachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.", "type": "string" }, "roleArnRef": { "description": "Reference to a Role in iam to populate roleArn.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "roleArnSelector": { "description": "Selector for a Role in iam to populate roleArn.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "storageConfig": { "description": "Configuration block with storage configuration for EKS Auto Mode. Detailed below.", "items": { "properties": { "blockStorage": { "description": "Configuration block with block storage configuration for the cluster. Detailed below.", "items": { "properties": { "enabled": { "description": "Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete block storage volumes in your Amazon Web Services account.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "upgradePolicy": { "description": "Configuration block for the support policy to use for the cluster. See upgrade_policy for details.", "items": { "properties": { "supportType": { "description": "Support type to use for the cluster. If the cluster is set to EXTENDED, it will enter extended support at the end of standard support. If the cluster is set to STANDARD, it will be automatically upgraded at the end of standard support. Valid values are EXTENDED, STANDARD", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "version": { "description": "Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.", "type": "string" }, "vpcConfig": { "description": "Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.", "items": { "properties": { "endpointPrivateAccess": { "description": "Whether the Amazon EKS private API server endpoint is enabled. Default is false.", "type": "boolean" }, "endpointPublicAccess": { "description": "Whether the Amazon EKS public API server endpoint is enabled. Default is true.", "type": "boolean" }, "publicAccessCidrs": { "description": "List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "securityGroupIdRefs": { "description": "References to SecurityGroup in ec2 to populate securityGroupIds.", "items": { "description": "A Reference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "securityGroupIdSelector": { "description": "Selector for a list of SecurityGroup in ec2 to populate securityGroupIds.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "securityGroupIds": { "description": "List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "subnetIdRefs": { "description": "References to Subnet in ec2 to populate subnetIds.", "items": { "description": "A Reference to a named object.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "type": "array" }, "subnetIdSelector": { "description": "Selector for a list of Subnet in ec2 to populate subnetIds.", "properties": { "matchControllerRef": { "description": "MatchControllerRef ensures an object with the same controller reference\nas the selecting object is selected.", "type": "boolean" }, "matchLabels": { "additionalProperties": { "type": "string" }, "description": "MatchLabels ensures an object with matching labels is selected.", "type": "object" }, "policy": { "description": "Policies for selection.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "subnetIds": { "description": "List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "zonalShiftConfig": { "description": "Configuration block with zonal shift configuration for the cluster. Detailed below.", "items": { "properties": { "enabled": { "description": "Whether zonal shift is enabled for the cluster.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "managementPolicies": { "default": [ "*" ], "description": "THIS IS A BETA FIELD. It is on by default but can be opted out\nthrough a Crossplane feature flag.\nManagementPolicies specify the array of actions Crossplane is allowed to\ntake on the managed and external resources.\nThis field is planned to replace the DeletionPolicy field in a future\nrelease. Currently, both could be set independently and non-default\nvalues would be honored if the feature flag is enabled. If both are\ncustom, the DeletionPolicy field will be ignored.\nSee the design doc for more information: https://github.com/crossplane/crossplane/blob/499895a25d1a1a0ba1604944ef98ac7a1a71f197/design/design-doc-observe-only-resources.md?plain=1#L223\nand this one: https://github.com/crossplane/crossplane/blob/444267e84783136daa93568b364a5f01228cacbe/design/one-pager-ignore-changes.md", "items": { "description": "A ManagementAction represents an action that the Crossplane controllers\ncan take on an external resource.", "enum": [ "Observe", "Create", "Update", "Delete", "LateInitialize", "*" ], "type": "string" }, "type": "array" }, "providerConfigRef": { "default": { "name": "default" }, "description": "ProviderConfigReference specifies how the provider that will be used to\ncreate, observe, update, and delete this managed resource should be\nconfigured.", "properties": { "name": { "description": "Name of the referenced object.", "type": "string" }, "policy": { "description": "Policies for referencing.", "properties": { "resolution": { "default": "Required", "description": "Resolution specifies whether resolution of this reference is required.\nThe default is 'Required', which means the reconcile will fail if the\nreference cannot be resolved. 'Optional' means this reference will be\na no-op if it cannot be resolved.", "enum": [ "Required", "Optional" ], "type": "string" }, "resolve": { "description": "Resolve specifies when this reference should be resolved. The default\nis 'IfNotPresent', which will attempt to resolve the reference only when\nthe corresponding field is not present. Use 'Always' to resolve the\nreference on every reconcile.", "enum": [ "Always", "IfNotPresent" ], "type": "string" } }, "type": "object", "additionalProperties": false } }, "required": [ "name" ], "type": "object", "additionalProperties": false }, "writeConnectionSecretToRef": { "description": "WriteConnectionSecretToReference specifies the namespace and name of a\nSecret to which any connection details for this managed resource should\nbe written. Connection details frequently include the endpoint, username,\nand password required to connect to the managed resource.", "properties": { "name": { "description": "Name of the secret.", "type": "string" }, "namespace": { "description": "Namespace of the secret.", "type": "string" } }, "required": [ "name", "namespace" ], "type": "object", "additionalProperties": false } }, "required": [ "forProvider" ], "type": "object", "x-kubernetes-validations": [ { "message": "spec.forProvider.vpcConfig is a required parameter", "rule": "!('*' in self.managementPolicies || 'Create' in self.managementPolicies || 'Update' in self.managementPolicies) || has(self.forProvider.vpcConfig) || (has(self.initProvider) && has(self.initProvider.vpcConfig))" } ], "additionalProperties": false }, "status": { "description": "ClusterStatus defines the observed state of Cluster.", "properties": { "atProvider": { "properties": { "accessConfig": { "description": "Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.", "items": { "properties": { "authenticationMode": { "description": "The authentication mode for the cluster. Valid values are CONFIG_MAP, API or API_AND_CONFIG_MAP", "type": "string" }, "bootstrapClusterCreatorAdminPermissions": { "description": "Whether or not to bootstrap the access config values to the cluster. Default is true.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "arn": { "description": "ARN of the cluster.", "type": "string" }, "bootstrapSelfManagedAddons": { "description": "Install default unmanaged add-ons, such as aws-cni, kube-proxy, and CoreDNS during cluster creation. If false, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults to true.", "type": "boolean" }, "certificateAuthority": { "description": "Attribute block containing certificate-authority-data for your cluster. Detailed below.", "items": { "properties": { "data": { "description": "Base64 encoded certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "clusterId": { "description": "The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.", "type": "string" }, "computeConfig": { "description": "Configuration block with compute configuration for EKS Auto Mode. Detailed below.", "items": { "properties": { "enabled": { "description": "Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.", "type": "boolean" }, "nodePools": { "description": "Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are general-purpose and system.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "nodeRoleArn": { "description": "The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled..", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "createdAt": { "description": "Unix epoch timestamp in seconds for when the cluster was created.", "type": "string" }, "deletionProtection": { "description": "Whether to enable deletion protection for the cluster. When enabled, the cluster cannot be deleted unless deletion protection is first disabled. Default: false.", "type": "boolean" }, "enabledClusterLogTypes": { "description": "List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "encryptionConfig": { "description": "Configuration block with encryption configuration for the cluster. Detailed below.", "items": { "properties": { "provider": { "description": "Configuration block with provider for encryption. Detailed below.", "items": { "properties": { "keyArn": { "description": "ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "resources": { "description": "List of strings with resources to be encrypted. Valid values: secrets.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "endpoint": { "description": "Endpoint for your Kubernetes API server.", "type": "string" }, "forceUpdateVersion": { "description": "Force version update by overriding upgrade-blocking readiness checks when updating a cluster.", "type": "boolean" }, "id": { "description": "Name of the cluster.", "type": "string" }, "identity": { "description": "Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.", "items": { "properties": { "oidc": { "description": "Nested block containing OpenID Connect identity provider information for the cluster. Detailed below.", "items": { "properties": { "issuer": { "description": "Issuer URL for the OpenID Connect identity provider.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "kubernetesNetworkConfig": { "description": "Configuration block with kubernetes network configuration for the cluster. Detailed below.", "items": { "properties": { "elasticLoadBalancing": { "description": "Configuration block with elastic load balancing configuration for the cluster. Detailed below.", "items": { "properties": { "enabled": { "description": "Whether zonal shift is enabled for the cluster.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "ipFamily": { "description": "The IP family used to assign Kubernetes pod and service addresses. Valid values are ipv4 (default) and ipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created.", "type": "string" }, "serviceIpv4Cidr": { "description": "The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:", "type": "string" }, "serviceIpv6Cidr": { "description": "(Computed) The CIDR block that Kubernetes pod and service IP addresses are assigned from if you specify ipv6 for ip_family when you create the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "outpostConfig": { "description": "Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.", "items": { "properties": { "controlPlaneInstanceType": { "description": "The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have:", "type": "string" }, "controlPlanePlacement": { "description": "An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost.\nThe control_plane_placement configuration block supports the following arguments:", "items": { "properties": { "groupName": { "description": "The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "outpostArns": { "description": "The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "platformVersion": { "description": "Platform version for the cluster.", "type": "string" }, "region": { "description": "Region where this resource will be managed. Defaults to the Region set in the provider configuration.\nRegion is the region you'd like your resource to be created in.", "type": "string" }, "remoteNetworkConfig": { "description": "Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.", "items": { "properties": { "remoteNodeNetworks": { "description": "Configuration block with remote node network configuration for EKS Hybrid Nodes. Detailed below.", "items": { "properties": { "cidrs": { "description": "List of network CIDRs that can contain hybrid nodes.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "remotePodNetworks": { "description": "Configuration block with remote pod network configuration for EKS Hybrid Nodes. Detailed below.", "items": { "properties": { "cidrs": { "description": "List of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "roleArn": { "description": "ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding depends_on if using the aws_iam_role_policy resource or aws_iam_role_policy_attachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.", "type": "string" }, "status": { "description": "Status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.", "type": "string" }, "storageConfig": { "description": "Configuration block with storage configuration for EKS Auto Mode. Detailed below.", "items": { "properties": { "blockStorage": { "description": "Configuration block with block storage configuration for the cluster. Detailed below.", "items": { "properties": { "enabled": { "description": "Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete block storage volumes in your Amazon Web Services account.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "tags": { "additionalProperties": { "type": "string" }, "description": "Key-value map of resource tags.", "type": "object", "x-kubernetes-map-type": "granular" }, "tagsAll": { "additionalProperties": { "type": "string" }, "description": "Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.", "type": "object", "x-kubernetes-map-type": "granular" }, "upgradePolicy": { "description": "Configuration block for the support policy to use for the cluster. See upgrade_policy for details.", "items": { "properties": { "supportType": { "description": "Support type to use for the cluster. If the cluster is set to EXTENDED, it will enter extended support at the end of standard support. If the cluster is set to STANDARD, it will be automatically upgraded at the end of standard support. Valid values are EXTENDED, STANDARD", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "version": { "description": "Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.", "type": "string" }, "vpcConfig": { "description": "Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.", "items": { "properties": { "clusterSecurityGroupId": { "description": "(Computed) Cluster security group that is created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.", "type": "string" }, "endpointPrivateAccess": { "description": "Whether the Amazon EKS private API server endpoint is enabled. Default is false.", "type": "boolean" }, "endpointPublicAccess": { "description": "Whether the Amazon EKS public API server endpoint is enabled. Default is true.", "type": "boolean" }, "publicAccessCidrs": { "description": "List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "securityGroupIds": { "description": "List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "subnetIds": { "description": "List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.", "items": { "type": "string" }, "type": "array", "x-kubernetes-list-type": "set" }, "vpcId": { "description": "(Computed) ID of the VPC associated with your cluster.", "type": "string" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "zonalShiftConfig": { "description": "Configuration block with zonal shift configuration for the cluster. Detailed below.", "items": { "properties": { "enabled": { "description": "Whether zonal shift is enabled for the cluster.", "type": "boolean" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "conditions": { "description": "Conditions of the resource.", "items": { "description": "A Condition that may apply to a resource.", "properties": { "lastTransitionTime": { "description": "LastTransitionTime is the last time this condition transitioned from one\nstatus to another.", "format": "date-time", "type": "string" }, "message": { "description": "A Message containing details about this condition's last transition from\none status to another, if any.", "type": "string" }, "observedGeneration": { "description": "ObservedGeneration represents the .metadata.generation that the condition was set based upon.\nFor instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date\nwith respect to the current state of the instance.", "format": "int64", "type": "integer" }, "reason": { "description": "A Reason for this condition's last transition from one status to another.", "type": "string" }, "status": { "description": "Status of this condition; is it currently True, False, or Unknown?", "type": "string" }, "type": { "description": "Type of this condition. At most one of each condition type may apply to\na resource at any point in time.", "type": "string" } }, "required": [ "lastTransitionTime", "reason", "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array", "x-kubernetes-list-map-keys": [ "type" ], "x-kubernetes-list-type": "map" }, "observedGeneration": { "description": "ObservedGeneration is the latest metadata.generation\nwhich resulted in either a ready state, or stalled due to error\nit can not recover from without human intervention.", "format": "int64", "type": "integer" } }, "type": "object", "additionalProperties": false } }, "required": [ "spec" ], "type": "object" }