-
Notifications
You must be signed in to change notification settings - Fork 34
/
aws_provider_spec.go
284 lines (230 loc) · 12.9 KB
/
aws_provider_spec.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Gardener contributors
//
// SPDX-License-Identifier: Apache-2.0
package api
const (
// V1alpha1 is the API version
V1alpha1 = "mcm.gardener.cloud/v1alpha1"
// AWSAccessKeyID is a constant for a key name that is part of the AWS cloud credentials.
AWSAccessKeyID = "providerAccessKeyId"
// AWSSecretAccessKey is a constant for a key name that is part of the AWS cloud credentials.
AWSSecretAccessKey = "providerSecretAccessKey"
// AWSAlternativeAccessKeyID is a constant for a key name of a secret containing the AWS credentials (access key
// id).
AWSAlternativeAccessKeyID = "accessKeyID"
// AWSAlternativeSecretAccessKey is a constant for a key name of a secret containing the AWS credentials (secret
// access key).
AWSAlternativeSecretAccessKey = "secretAccessKey"
// ClusterTagPrefix is a constanst for identifying a tag containing the cluster name
ClusterTagPrefix = "kubernetes.io/cluster/"
// RoleTagPrefix is a constanst for identifying a tag containing the node role
RoleTagPrefix = "kubernetes.io/role/"
// VolumeTypeGP2 is the constant for volume type of GP2
VolumeTypeGP2 = "gp2"
// VolumeTypeGP3 is the constant for volume type of GP3
VolumeTypeGP3 = "gp3"
// VolumeTypeIO1 is the constant for volume type of IO1
VolumeTypeIO1 = "io1"
// VolumeTypeST1 is the constant for volume type of STR1
VolumeTypeST1 = "st1"
// VolumeTypeSC1 is the constant for volume type of SC1
VolumeTypeSC1 = "sc1"
// VolumeTypeStandard is the constant for volume type of standard
VolumeTypeStandard = "standard"
// DataDeviceNameFormat refers to the data device name format specified by AWS
// Refer - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html
DataDeviceNameFormat = `^/dev/(sd[a-z]|xvd[a-c][a-z]?)$`
// RootDeviceName is the name used for the root device
RootDeviceName = "/root"
)
var (
// ValidVolumeTypes contains the list of valid volumes types that can be attached to a EC2 instance
ValidVolumeTypes = []string{VolumeTypeGP2, VolumeTypeGP3, VolumeTypeIO1, VolumeTypeST1, VolumeTypeSC1, VolumeTypeStandard}
)
// AWSProviderSpec is the spec to be used while parsing the calls.
type AWSProviderSpec struct {
// APIVersion determines the APIversion for the provider APIs
APIVersion string `json:"apiVersion,omitempty"`
// AMI is the disk image version
AMI string `json:"ami,omitempty"`
// BlockDevices is the list of block devices to be mapped to the instances
BlockDevices []AWSBlockDeviceMappingSpec `json:"blockDevices,omitempty"`
// CapacityReservationTarget is an optional field that allows assigning of machines to an AWS Capacity Reservation
CapacityReservationTarget *AWSCapacityReservationTargetSpec `json:"capacityReservation,omitempty"`
// EbsOptimized specifies that the EBS is optimized
EbsOptimized bool `json:"ebsOptimized,omitempty"`
// IAM details for the machine
IAM AWSIAMProfileSpec `json:"iam,omitempty"`
// MachineType contains the EC2 instance type
MachineType string `json:"machineType,omitempty"`
// KeyName is an optional field that contains the SSH keypair
KeyName *string `json:"keyName,omitempty"`
// Monitoring specifies if monitoring is enabled
Monitoring bool `json:"monitoring,omitempty"`
// NetworkInterfaces contains a list of NetworkInterfaceSpecs
NetworkInterfaces []AWSNetworkInterfaceSpec `json:"networkInterfaces,omitempty"`
// Region contains the AWS region for the machine
Region string `json:"region,omitempty"`
// SpotPrice is an optional field that if set specifies to use spot instances
// When set to "" there is no maxPrice else, specifies the maxPrice
SpotPrice *string `json:"spotPrice,omitempty"`
// If set to false, source and destination checks are disabled, default is true
SrcAndDstChecksEnabled *bool `json:"srcAndDstChecksEnabled,omitempty"`
// Tags to be specified on the EC2 instances
Tags map[string]string `json:"tags,omitempty"`
// InstanceMetadataOptions contains configuration for controlling access to the metadata API.
InstanceMetadataOptions *InstanceMetadataOptions `json:"instanceMetadataOptions,omitempty"`
// CPUOptions contains detailed configuration for the number of cores and threads for the instance.
CPUOptions *CPUOptions `json:"cpuOptions,omitempty"`
}
// AWSBlockDeviceMappingSpec stores info about AWS block device mappings
type AWSBlockDeviceMappingSpec struct {
// The device name exposed to the machine (for example, /dev/sdh or xvdh).
DeviceName string `json:"deviceName,omitempty"`
// Parameters used to automatically set up EBS volumes when the machine is
// launched.
Ebs AWSEbsBlockDeviceSpec `json:"ebs,omitempty"`
// Suppresses the specified device included in the block device mapping of the
// AMI.
NoDevice string `json:"noDevice,omitempty"`
// The virtual device name (ephemeralN). Machine store volumes are numbered
// starting from 0. An machine type with 2 available machine store volumes
// can specify mappings for ephemeral0 and ephemeral1.The number of available
// machine store volumes depends on the machine type. After you connect to
// the machine, you must mount the volume.
//
// Constraints: For M3 machines, you must specify machine store volumes in
// the block device mapping for the machine. When you launch an M3 machine,
// we ignore any machine store volumes specified in the block device mapping
// for the AMI.
VirtualName string `json:"virtualName,omitempty"`
}
// AWSCapacityReservationTargetSpec allows to target an AWS Capacity Reservation directly or indirectly using an AWS Capacity Reservation.
// See https://docs.aws.amazon.com/sdk-for-go/api/service/ec2/#CapacityReservationSpecification for additional information.
type AWSCapacityReservationTargetSpec struct {
// CapacityReservationPreference indicates the instance's Capacity Reservation preferences (possible values are 'open' or 'none').
CapacityReservationPreference *string `json:"capacityReservationPreference,omitempty"`
// CapacityReservationID ID of the Capacity Reservation in which to run the instance.
CapacityReservationID *string `json:"capacityReservationId,omitempty"`
// CapacityReservationResourceGroupArn The ARN of the Capacity Reservation in which to run the instance.
CapacityReservationResourceGroupArn *string `json:"capacityReservationResourceGroupArn,omitempty"`
}
// AWSEbsBlockDeviceSpec describes a block device for an EBS volume.
// Please also see https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/EbsBlockDevice
type AWSEbsBlockDeviceSpec struct {
// Indicates whether the EBS volume is deleted on machine termination.
DeleteOnTermination *bool `json:"deleteOnTermination,omitempty"`
// Indicates whether the EBS volume is encrypted. Encrypted Amazon EBS volumes
// may only be attached to machines that support Amazon EBS encryption.
Encrypted bool `json:"encrypted,omitempty"`
// The number of I/O operations per second (IOPS) that the volume supports.
// For io1 and gp3, this represents the number of IOPS that are provisioned for the
// volume. For gp2, this represents the baseline performance of the volume and
// the rate at which the volume accumulates I/O credits for bursting. For more
// information about General Purpose SSD baseline performance, I/O credits,
// and bursting, see Amazon EBS Volume Types (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html)
// in the Amazon Elastic Compute Cloud User Guide.
//
// Constraint: IOPS should be a positive value.
// Validation of IOPS (i.e. whether it is allowed and is in the specified range for a particular volume type) is done on aws side.
//
// Condition: This parameter is required for requests to create io1 volumes;
// Do not specify it in requests to create gp2, st1, sc1, or standard volumes.
Iops int64 `json:"iops,omitempty"`
// The throughput that the volume supports, in MiB/s.
//
// This parameter is valid only for gp3 volumes.
//
// Valid Range: The range as of 16th Aug 2022 is from 125 MiB/s to 1000 MiB/s. For more info refer (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html)
Throughput *int64 `json:"throughput,omitempty"`
// Identifier (key ID, key alias, ID ARN, or alias ARN) for a customer managed
// CMK under which the EBS volume is encrypted.
//
// This parameter is only supported on BlockDeviceMapping objects called by
// RunInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html),
// RequestSpotFleet (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotFleet.html),
// and RequestSpotInstances (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html).
KmsKeyID *string `json:"kmsKeyID,omitempty"`
// The ID of the snapshot.
SnapshotID *string `json:"snapshotID,omitempty"`
// The size of the volume, in GiB.
//
// Constraints: 1-16384 for General Purpose SSD (gp2), 4-16384 for Provisioned
// IOPS SSD (io1), 500-16384 for Throughput Optimized HDD (st1), 500-16384 for
// Cold HDD (sc1), and 1-1024 for Magnetic (standard) volumes. If you specify
// a snapshot, the volume size must be equal to or larger than the snapshot
// size.
//
// Default: If you're creating the volume from a snapshot and don't specify
// a volume size, the default is the snapshot size.
VolumeSize int64 `json:"volumeSize,omitempty"`
// The volume type: gp2, gp3, io1, st1, sc1, or standard.
//
// Default: standard
VolumeType string `json:"volumeType,omitempty"`
}
// AWSIAMProfileSpec describes an IAM machine profile.
type AWSIAMProfileSpec struct {
// The Amazon Resource Name (ARN) of the machine profile.
ARN string `json:"arn,omitempty"`
// The name of the machine profile.
Name string `json:"name,omitempty"`
}
// AWSNetworkInterfaceSpec describes a network interface.
// Please also see https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/MachineAWSNetworkInterfaceSpecification
type AWSNetworkInterfaceSpec struct {
// Indicates whether to assign a public IPv4 address to an machine you launch
// in a VPC. The public IP address can only be assigned to a network interface
// for eth0, and can only be assigned to a new network interface, not an existing
// one. You cannot specify more than one network interface in the request. If
// launching into a default subnet, the default value is true.
AssociatePublicIPAddress *bool `json:"associatePublicIPAddress,omitempty"`
// Ipv6AddressCount represents the number of IPv6 addresses to assign to the network interface. Amazon EC2
// chooses the IPv6 addresses from the range of the subnet.
Ipv6AddressCount *int64 `json:"ipv6AddressCount,omitempty"`
// Ipv6PrefixCount represents the number of IPv6 delegated prefixes to be automatically assigned to the
// network interface.
Ipv6PrefixCount *int64 `json:"ipv6PrefixCount,omitempty"`
// If set to true, the interface is deleted when the machine is terminated.
// You can specify true only if creating a new network interface when launching
// an machine.
DeleteOnTermination *bool `json:"deleteOnTermination,omitempty"`
// The description of the network interface. Applies only if creating a network
// interface when launching an machine.
Description *string `json:"description,omitempty"`
// The IDs of the security groups for the network interface. Applies only if
// creating a network interface when launching an machine.
SecurityGroupIDs []string `json:"securityGroupIDs,omitempty"`
// The ID of the subnet associated with the network string. Applies only if
// creating a network interface when launching an machine.
SubnetID string `json:"subnetID,omitempty"`
}
const (
// HTTPTokensRequired enforces the use of tokens to access the metadata service. Effectively it enforces IMDSv2.
HTTPTokensRequired string = "required"
// HTTPTokensOptional allows the use of both IMDSv1 and IMDSv2.
HTTPTokensOptional string = "optional"
)
const (
// HTTPEndpointDisabled disables access to instance metadata endpoint.
HTTPEndpointDisabled string = "disabled"
// HTTPEndpointEnabled enables access to the instance metadata endpoint.
HTTPEndpointEnabled string = "enabled"
)
// InstanceMetadataOptions contains configuration for controlling access to the metadata API.
type InstanceMetadataOptions struct {
// HTTPEndpoint controls whether InstanceMetadataOptions API is enabled. By default, access to the metadata API is enabled.
HTTPEndpoint *string `json:"httpEndpoint,omitempty"`
// HTTPPutResponseHopLimit is the response hop limit for instance metadata requests. It controls which metadata API
// version is enabled.
HTTPPutResponseHopLimit *int64 `json:"httpPutResponseHopLimit,omitempty"`
// HTTPTokens enforces the use of metadata v2 API.
HTTPTokens *string `json:"httpTokens,omitempty"`
}
// CPUOptions contains detailed configuration for the number of cores and threads for the instance.
type CPUOptions struct {
// CoreCount specifies the number of CPU cores per instance.
CoreCount *int64 `json:"coreCount"`
// ThreadsPerCore sets the number of threads per core. Must be either '1' (disable multi-threading) or '2'.
ThreadsPerCore *int64 `json:"threadsPerCore"`
}