{ "description": "Cluster is the Schema for the Clusters API", "properties": { "apiVersion": { "description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", "type": "string" }, "kind": { "description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "type": "string" }, "metadata": { "type": "object" }, "spec": { "description": "ClusterSpec defines the desired state of Cluster.\n\nAn object representing an Amazon EKS cluster.", "properties": { "accessConfig": { "description": "The access configuration for the cluster.", "properties": { "authenticationMode": { "type": "string" }, "bootstrapClusterCreatorAdminPermissions": { "type": "boolean" } }, "type": "object", "additionalProperties": false }, "bootstrapSelfManagedAddons": { "description": "If you set this value to False when creating a cluster, the default networking\nadd-ons will not be installed.\n\nThe default networking addons include vpc-cni, coredns, and kube-proxy.\n\nUse this option when you plan to install third-party alternative add-ons\nor self-manage the default networking add-ons.", "type": "boolean" }, "clientRequestToken": { "description": "A unique, case-sensitive identifier that you provide to ensurethe idempotency\nof the request.", "type": "string" }, "computeConfig": { "description": "Enable or disable the compute capability of EKS Auto Mode when creating your\nEKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode\nwill create and delete EC2 Managed Instances in your Amazon Web Services\naccount", "properties": { "enabled": { "type": "boolean" }, "nodePools": { "items": { "type": "string" }, "type": "array" }, "nodeRoleARN": { "type": "string" } }, "type": "object", "additionalProperties": false }, "encryptionConfig": { "description": "The encryption configuration for the cluster.", "items": { "description": "The encryption configuration for the cluster.", "properties": { "provider": { "description": "Identifies the Key Management Service (KMS) key used to encrypt the secrets.", "properties": { "keyARN": { "type": "string" }, "keyRef": { "description": "Reference field for KeyARN", "properties": { "from": { "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "resources": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "kubernetesNetworkConfig": { "description": "The Kubernetes network configuration for the cluster.", "properties": { "elasticLoadBalancing": { "description": "Indicates the current configuration of the load balancing capability on your\nEKS Auto Mode cluster. For example, if the capability is enabled or disabled.\nFor more information, see EKS Auto Mode load balancing capability in the\nAmazon EKS User Guide.", "properties": { "enabled": { "type": "boolean" } }, "type": "object", "additionalProperties": false }, "ipFamily": { "type": "string" }, "serviceIPv4CIDR": { "type": "string" } }, "type": "object", "additionalProperties": false }, "logging": { "description": "Enable or disable exporting the Kubernetes control plane logs for your cluster\nto CloudWatch Logs . By default, cluster control plane logs aren't exported\nto CloudWatch Logs . For more information, see Amazon EKS Cluster control\nplane logs (https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html)\nin the Amazon EKS User Guide .\n\nCloudWatch Logs ingestion, archive storage, and data scanning rates apply\nto exported control plane logs. For more information, see CloudWatch Pricing\n(http://aws.amazon.com/cloudwatch/pricing/).", "properties": { "clusterLogging": { "items": { "description": "An object representing the enabled or disabled Kubernetes control plane logs\nfor your cluster.", "properties": { "enabled": { "type": "boolean" }, "types": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "name": { "description": "The unique name to give to your cluster. The name can contain only alphanumeric\ncharacters (case-sensitive),hyphens, and underscores. It must start with\nan alphanumeric character and can't be longer than100 characters. The name\nmust be unique within the Amazon Web Services Region and Amazon Web Services\naccount that you're creating the cluster in.", "type": "string" }, "outpostConfig": { "description": "An object representing the configuration of your local Amazon EKS cluster\non an Amazon Web Services Outpost. Before creating a local cluster on an\nOutpost, review Local clusters for Amazon EKS on Amazon Web Services Outposts\n(https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-local-cluster-overview.html)\nin the Amazon EKS User Guide. This object isn't available for creating Amazon\nEKS clusters on the Amazon Web Services cloud.", "properties": { "controlPlaneInstanceType": { "type": "string" }, "controlPlanePlacement": { "description": "The placement configuration for all the control plane instances of your local\nAmazon EKS cluster on an Amazon Web Services Outpost. For more information,\nsee Capacity considerations (https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html)\nin the Amazon EKS User Guide.", "properties": { "groupName": { "type": "string" } }, "type": "object", "additionalProperties": false }, "outpostARNs": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "remoteNetworkConfig": { "description": "The configuration in the cluster for EKS Hybrid Nodes. You can't change or\nupdate this configuration after the cluster is created.", "properties": { "remoteNodeNetworks": { "items": { "description": "A network CIDR that can contain hybrid nodes.\n\nThese CIDR blocks define the expected IP address range of the hybrid nodes\nthat join the cluster. These blocks are typically determined by your network\nadministrator.\n\nEnter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example,\n10.2.0.0/16).\n\nIt must satisfy the following requirements:\n\n - Each block must be within an IPv4 RFC-1918 network range. Minimum allowed\n size is /24, maximum allowed size is /8. Publicly-routable addresses aren't\n supported.\n\n - Each block cannot overlap with the range of the VPC CIDR blocks for\n your EKS resources, or the block of the Kubernetes service IP range.\n\n - Each block must have a route to the VPC that uses the VPC CIDR blocks,\n not public IPs or Elastic IPs. There are many options including Transit\n Gateway, Site-to-Site VPN, or Direct Connect.\n\n - Each host must allow outbound connection to the EKS cluster control\n plane on TCP ports 443 and 10250.\n\n - Each host must allow inbound connection from the EKS cluster control\n plane on TCP port 10250 for logs, exec and port-forward operations.\n\n - Each host must allow TCP and UDP network connectivity to and from other\n hosts that are running CoreDNS on UDP port 53 for service and pod DNS\n names.", "properties": { "cidrs": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" }, "remotePodNetworks": { "items": { "description": "A network CIDR that can contain pods that run Kubernetes webhooks on hybrid\nnodes.\n\nThese CIDR blocks are determined by configuring your Container Network Interface\n(CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon\nVPC CNI plugin for Kubernetes isn't available for on-premises and edge locations.\n\nEnter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example,\n10.2.0.0/16).\n\nIt must satisfy the following requirements:\n\n - Each block must be within an IPv4 RFC-1918 network range. Minimum allowed\n size is /24, maximum allowed size is /8. Publicly-routable addresses aren't\n supported.\n\n - Each block cannot overlap with the range of the VPC CIDR blocks for\n your EKS resources, or the block of the Kubernetes service IP range.", "properties": { "cidrs": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "resourcesVPCConfig": { "description": "The VPC configuration that's used by the cluster control plane. Amazon EKS\nVPC resources have specific requirements to work properly with Kubernetes.\nFor more information, see Cluster VPC Considerations (https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html)\nand Cluster Security Group Considerations (https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html)\nin the Amazon EKS User Guide. You must specify at least two subnets. You\ncan specify up to five security groups. However, we recommend that you use\na dedicated security group for your cluster control plane.", "properties": { "endpointPrivateAccess": { "type": "boolean" }, "endpointPublicAccess": { "type": "boolean" }, "publicAccessCIDRs": { "items": { "type": "string" }, "type": "array" }, "securityGroupIDs": { "items": { "type": "string" }, "type": "array" }, "securityGroupRefs": { "description": "Reference field for SecurityGroupIDs", "items": { "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", "properties": { "from": { "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" }, "subnetIDs": { "items": { "type": "string" }, "type": "array" }, "subnetRefs": { "description": "Reference field for SubnetIDs", "items": { "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", "properties": { "from": { "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "roleARN": { "description": "The Amazon Resource Name (ARN) of the IAM role that provides permissions\nfor the Kubernetes control plane to make calls to Amazon Web Services API\noperations on your behalf. For more information, see Amazon EKS Service IAM\nRole (https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html)\nin the Amazon EKS User Guide .", "type": "string" }, "roleRef": { "description": "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference\ntype to provide more user friendly syntax for references using 'from' field\nEx:\nAPIIDRef:\n\n\tfrom:\n\t name: my-api", "properties": { "from": { "description": "AWSResourceReference provides all the values necessary to reference another\nk8s resource for finding the identifier(Id/ARN/Name)", "properties": { "name": { "type": "string" }, "namespace": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "storageConfig": { "description": "Enable or disable the block storage capability of EKS Auto Mode when creating\nyour EKS Auto Mode cluster. If the block storage capability is enabled, EKS\nAuto Mode will create and delete EBS volumes in your Amazon Web Services\naccount.", "properties": { "blockStorage": { "description": "Indicates the current configuration of the block storage capability on your\nEKS Auto Mode cluster. For example, if the capability is enabled or disabled.\nIf the block storage capability is enabled, EKS Auto Mode will create and\ndelete EBS volumes in your Amazon Web Services account. For more information,\nsee EKS Auto Mode block storage capability in the Amazon EKS User Guide.", "properties": { "enabled": { "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "tags": { "additionalProperties": { "type": "string" }, "description": "Metadata that assists with categorization and organization. Each tag consists\nof a key and an optional value. You define both. Tags don't propagate to\nany other cluster or Amazon Web Services resources.", "type": "object" }, "upgradePolicy": { "description": "New clusters, by default, have extended support enabled. You can disable\nextended support when creating a cluster by setting this value to STANDARD.", "properties": { "supportType": { "type": "string" } }, "type": "object", "additionalProperties": false }, "version": { "description": "The desired Kubernetes version for your cluster. If you don't specify a value\nhere, the default version available in Amazon EKS is used.\n\nThe default version might not be the latest version available.", "type": "string" }, "zonalShiftConfig": { "description": "Enable or disable ARC zonal shift for the cluster. If zonal shift is enabled,\nAmazon Web Services configures zonal autoshift for the cluster.\n\nZonal shift is a feature of Amazon Application Recovery Controller (ARC).\nARC zonal shift is designed to be a temporary measure that allows you to\nmove traffic for a resource away from an impaired AZ until the zonal shift\nexpires or you cancel it. You can extend the zonal shift if necessary.\n\nYou can start a zonal shift for an Amazon EKS cluster, or you can allow Amazon\nWeb Services to do it for you by enabling zonal autoshift. This shift updates\nthe flow of east-to-west network traffic in your cluster to only consider\nnetwork endpoints for Pods running on worker nodes in healthy AZs. Additionally,\nany ALB or NLB handling ingress traffic for applications in your Amazon EKS\ncluster will automatically route traffic to targets in the healthy AZs. For\nmore information about zonal shift in EKS, see Learn about Amazon Application\nRecovery Controller (ARC) Zonal Shift in Amazon EKS (https://docs.aws.amazon.com/eks/latest/userguide/zone-shift.html)\nin the Amazon EKS User Guide .", "properties": { "enabled": { "type": "boolean" } }, "type": "object", "additionalProperties": false } }, "required": [ "name", "resourcesVPCConfig" ], "type": "object", "additionalProperties": false }, "status": { "description": "ClusterStatus defines the observed state of Cluster", "properties": { "ackResourceMetadata": { "description": "All CRs managed by ACK have a common `Status.ACKResourceMetadata` member\nthat is used to contain resource sync state, account ownership,\nconstructed ARN for the resource", "properties": { "arn": { "description": "ARN is the Amazon Resource Name for the resource. This is a\nglobally-unique identifier and is set only by the ACK service controller\nonce the controller has orchestrated the creation of the resource OR\nwhen it has verified that an \"adopted\" resource (a resource where the\nARN annotation was set by the Kubernetes user on the CR) exists and\nmatches the supplied CR's Spec field values.\nhttps://github.com/aws/aws-controllers-k8s/issues/270", "type": "string" }, "ownerAccountID": { "description": "OwnerAccountID is the AWS Account ID of the account that owns the\nbackend AWS service API resource.", "type": "string" }, "region": { "description": "Region is the AWS region in which the resource exists or will exist.", "type": "string" } }, "required": [ "ownerAccountID", "region" ], "type": "object", "additionalProperties": false }, "certificateAuthority": { "description": "The certificate-authority-data for your cluster.", "properties": { "data": { "type": "string" } }, "type": "object", "additionalProperties": false }, "conditions": { "description": "All CRs managed by ACK have a common `Status.Conditions` member that\ncontains a collection of `ackv1alpha1.Condition` objects that describe\nthe various terminal states of the CR and its backend AWS service API\nresource", "items": { "description": "Condition is the common struct used by all CRDs managed by ACK service\ncontrollers to indicate terminal states of the CR and its backend AWS\nservice API resource", "properties": { "lastTransitionTime": { "description": "Last time the condition transitioned from one status to another.", "format": "date-time", "type": "string" }, "message": { "description": "A human readable message indicating details about the transition.", "type": "string" }, "reason": { "description": "The reason for the condition's last transition.", "type": "string" }, "status": { "description": "Status of the condition, one of True, False, Unknown.", "type": "string" }, "type": { "description": "Type is the type of the Condition", "type": "string" } }, "required": [ "status", "type" ], "type": "object", "additionalProperties": false }, "type": "array" }, "connectorConfig": { "description": "The configuration used to connect to a cluster for registration.", "properties": { "activationCode": { "type": "string" }, "activationExpiry": { "format": "date-time", "type": "string" }, "activationID": { "type": "string" }, "provider": { "type": "string" }, "roleARN": { "type": "string" } }, "type": "object", "additionalProperties": false }, "createdAt": { "description": "The Unix epoch timestamp at object creation.", "format": "date-time", "type": "string" }, "endpoint": { "description": "The endpoint for your Kubernetes API server.", "type": "string" }, "health": { "description": "An object representing the health of your Amazon EKS cluster.", "properties": { "issues": { "items": { "description": "An issue with your Amazon EKS cluster.", "properties": { "code": { "type": "string" }, "message": { "type": "string" }, "resourceIDs": { "items": { "type": "string" }, "type": "array" } }, "type": "object", "additionalProperties": false }, "type": "array" } }, "type": "object", "additionalProperties": false }, "id": { "description": "The ID of your local Amazon EKS cluster on an Amazon Web Services Outpost.\nThis property isn't available for an Amazon EKS cluster on the Amazon Web\nServices cloud.", "type": "string" }, "identity": { "description": "The identity provider information for the cluster.", "properties": { "oidc": { "description": "An object representing the OpenID Connect (https://openid.net/connect/) (OIDC)\nidentity provider information for the cluster.", "properties": { "issuer": { "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object", "additionalProperties": false }, "platformVersion": { "description": "The platform version of your Amazon EKS cluster. For more information about\nclusters deployed on the Amazon Web Services Cloud, see Platform versions\n(https://docs.aws.amazon.com/eks/latest/userguide/platform-versions.html)\nin the Amazon EKS User Guide . For more information about local clusters\ndeployed on an Outpost, see Amazon EKS local cluster platform versions (https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-platform-versions.html)\nin the Amazon EKS User Guide .", "type": "string" }, "status": { "description": "The current status of the cluster.", "type": "string" } }, "type": "object", "additionalProperties": false } }, "type": "object" }