apiVersion: cluster.x-k8s.io/v1beta1 kind: Cluster metadata: name: test-cluster namespace: eksa-system spec: clusterNetwork: pods: cidrBlocks: [192.168.0.0/16] serviceDomain: cluster.local services: cidrBlocks: [10.128.0.0/12] controlPlaneRef: apiVersion: controlplane.cluster.x-k8s.io/v1beta1 kind: KubeadmControlPlane name: test-cluster namespace: eksa-system infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: DockerCluster name: test-cluster namespace: eksa-system managedExternalEtcdRef: apiVersion: etcdcluster.cluster.x-k8s.io/v1beta1 kind: EtcdadmCluster name: test-cluster-etcd namespace: eksa-system --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: DockerCluster metadata: name: test-cluster namespace: eksa-system spec: loadBalancer: imageRepository: public.ecr.aws/l0g8r8j6/kubernetes-sigs/kind imageTag: v0.11.1-eks-a-v0.0.0-dev-build.1464 --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: DockerMachineTemplate metadata: name: test-cluster-control-plane-template-1234567890000 namespace: eksa-system spec: template: spec: extraMounts: - containerPath: /var/run/docker.sock hostPath: /var/run/docker.sock customImage: public.ecr.aws/eks-distro/kubernetes-sigs/kind/node:v1.18.16-eks-1-18-4-216edda697a37f8bf16651af6c23b7e2bb7ef42f-62681885fe3a97ee4f2b110cc277e084e71230fa --- apiVersion: controlplane.cluster.x-k8s.io/v1beta1 kind: KubeadmControlPlane metadata: name: test-cluster namespace: eksa-system spec: machineTemplate: infrastructureRef: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: DockerMachineTemplate name: test-cluster-control-plane-template-1234567890000 namespace: eksa-system kubeadmConfigSpec: clusterConfiguration: imageRepository: public.ecr.aws/eks-distro/kubernetes etcd: external: endpoints: [] caFile: "/etc/kubernetes/pki/etcd/ca.crt" certFile: "/etc/kubernetes/pki/apiserver-etcd-client.crt" keyFile: "/etc/kubernetes/pki/apiserver-etcd-client.key" dns: imageRepository: public.ecr.aws/eks-distro/coredns imageTag: v1.8.0-eks-1-19-2 apiServer: certSANs: - localhost - 127.0.0.1 extraArgs: audit-policy-file: /etc/kubernetes/audit-policy.yaml audit-log-path: /var/log/kubernetes/api-audit.log audit-log-maxage: "30" audit-log-maxbackup: "10" audit-log-maxsize: "512" profiling: "false" tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 extraVolumes: - hostPath: /etc/kubernetes/audit-policy.yaml mountPath: /etc/kubernetes/audit-policy.yaml name: audit-policy pathType: File readOnly: true - hostPath: /var/log/kubernetes mountPath: /var/log/kubernetes name: audit-log-dir pathType: DirectoryOrCreate readOnly: false controllerManager: extraArgs: enable-hostpath-provisioner: "true" profiling: "false" tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 scheduler: extraArgs: profiling: "false" tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 files: - content: | apiVersion: audit.k8s.io/v1 kind: Policy metadata: creationTimestamp: null rules: - level: RequestResponse namespaces: - kube-system omitStages: - RequestReceived resources: - resourceNames: - aws-auth resources: - configmaps verbs: - update - patch - delete - level: None resources: - resources: - endpoints - services - services/status users: - system:kube-proxy verbs: - watch - level: None resources: - resources: - nodes - nodes/status users: - kubelet verbs: - get - level: None resources: - resources: - nodes - nodes/status verbs: - get - level: None namespaces: - kube-system resources: - resources: - endpoints users: - system:kube-controller-manager - system:kube-scheduler - system:serviceaccount:kube-system:endpoint-controller verbs: - get - update - level: None resources: - resources: - namespaces - namespaces/status - namespaces/finalize users: - system:apiserver verbs: - get - level: None resources: - group: metrics.k8s.io users: - system:kube-controller-manager verbs: - get - list - level: None nonResourceURLs: - /healthz* - /version - /swagger* - level: None resources: - resources: - events - level: Request omitStages: - RequestReceived resources: - resources: - nodes/status - pods/status users: - kubelet - system:node-problem-detector - system:serviceaccount:kube-system:node-problem-detector verbs: - update - patch - level: Request omitStages: - RequestReceived resources: - resources: - nodes/status - pods/status userGroups: - system:nodes verbs: - update - patch - level: Request omitStages: - RequestReceived users: - system:serviceaccount:kube-system:namespace-controller verbs: - deletecollection - level: Metadata omitStages: - RequestReceived resources: - resources: - secrets - configmaps - group: authentication.k8s.io resources: - tokenreviews - level: Request resources: - resources: - serviceaccounts/token - level: Request omitStages: - RequestReceived resources: - {} - group: admissionregistration.k8s.io - group: apiextensions.k8s.io - group: apiregistration.k8s.io - group: apps - group: authentication.k8s.io - group: authorization.k8s.io - group: autoscaling - group: batch - group: certificates.k8s.io - group: extensions - group: metrics.k8s.io - group: networking.k8s.io - group: policy - group: rbac.authorization.k8s.io - group: scheduling.k8s.io - group: settings.k8s.io - group: storage.k8s.io verbs: - get - list - watch - level: RequestResponse omitStages: - RequestReceived resources: - {} - group: admissionregistration.k8s.io - group: apiextensions.k8s.io - group: apiregistration.k8s.io - group: apps - group: authentication.k8s.io - group: authorization.k8s.io - group: autoscaling - group: batch - group: certificates.k8s.io - group: extensions - group: metrics.k8s.io - group: networking.k8s.io - group: policy - group: rbac.authorization.k8s.io - group: scheduling.k8s.io - group: settings.k8s.io - group: storage.k8s.io - level: Metadata omitStages: - RequestReceived owner: root:root path: /etc/kubernetes/audit-policy.yaml initConfiguration: nodeRegistration: criSocket: /var/run/containerd/containerd.sock kubeletExtraArgs: eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% cgroup-driver: systemd tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 joinConfiguration: nodeRegistration: criSocket: /var/run/containerd/containerd.sock kubeletExtraArgs: eviction-hard: nodefs.available<0%,nodefs.inodesFree<0%,imagefs.available<0% cgroup-driver: systemd tls-cipher-suites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 replicas: 3 version: v1.19.6-eks-1-19-2 --- kind: EtcdadmCluster apiVersion: etcdcluster.cluster.x-k8s.io/v1beta1 metadata: name: test-cluster-etcd namespace: eksa-system spec: replicas: 3 etcdadmConfigSpec: etcdadmBuiltin: true cloudInitConfig: version: 3.4.14 cipherSuites: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 infrastructureTemplate: apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: DockerMachineTemplate name: test-cluster-etcd-template-1234567890000 namespace: eksa-system --- apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 kind: DockerMachineTemplate metadata: name: test-cluster-etcd-template-1234567890000 namespace: eksa-system spec: template: spec: extraMounts: - containerPath: /var/run/docker.sock hostPath: /var/run/docker.sock customImage: public.ecr.aws/eks-distro/kubernetes-sigs/kind/node:v1.18.16-eks-1-18-4-216edda697a37f8bf16651af6c23b7e2bb7ef42f-62681885fe3a97ee4f2b110cc277e084e71230fa