Tags: aws

TABLE OF CONTENTS

• Overview
• Additional AWS resources
• Overriding properties of Kublr-generated resources
• Fields that allow using AWS CF resource references
• Examples and references

Overview

By default Kublr automatically creates all AWS required to run a secure Kubernetes cluster in a single AWS CloudFormation stack. At the same time, sometimes additional resources are necessary to implement complex or extended use-cases.

Kublr supports inclusion of additional AWS Cloudformation resources in the cluster specification.

This makes it possible to tie the additional resources lifecycle to the cluster.

The additional resources can also be referred to in certain cluster specification fields, such as additional security groups, subnets etc.

Additional AWS resources

[Supported in Kublr 1.19.0 and later] Additional resources and parameters can be specified in the following fields in the cluster specification:

• spec.locations[*].aws.resourcesCloudFormationExtras
  
  All resources specified in this section in the cluster spec are included as is in the Cloudformation template section Resources.

[Supported in Kublr 1.24.0 and later] Starting with Kublr 1.24.0 the spec.locations[*].aws.resourcesCloudFormationExtras field is deprecated in favor of more consistent data structure. The resources specified in the deprecated field will be automatically migrated into the new field on the first cluster update:

• spec.locations[*].aws.cloudFormationExtras.resources
  
  All resources specified in this section in the cluster spec are included as is in the Cloudformation template section Resources.

Overriding properties of Kublr-generated resources

[Supported in Kublr 1.19.0 and later] Additional resources and parameters can be specified in the following fields in the cluster specification:

• spec.locations[*].aws.resourcesCloudFormationExtras
  
  All resources specified in this section in the cluster spec are included as is in the Cloudformation template section Resources.
  
  

• spec.master.locations[*].aws.asgCloudFormationExtras

  spec.nodes[*].locations[*].aws.asgCloudFormationExtras
  
  All fields specified in this section in the cluster spec in the master or a node group are included as is in the Cloudformation template in the corresponding autoscaling group resource.
  This is useful to specify the group update policy and potentially other top level ASG properties.
  
  

• spec.master.locations[*].aws.asgPropertiesCloudFormationExtras

  spec.nodes[*].locations[*].aws.asgPropertiesCloudFormationExtras
  
  All fields specified in this section in the cluster spec in the master or a node group are included as is in the Cloudformation template in the corresponding autoscaling group resource in the Properties section.
  
  

• spec.master.locations[*].aws.launchConfigurationPropertiesCloudFormationExtras

  spec.nodes[*].locations[*].aws.launchConfigurationPropertiesCloudFormationExtras
  
  All fields specified in this section in the cluster spec in the master or a node group are included as is in the Cloudformation template in the corresponding launch configuration resource in the Properties section, if the corresponding instance group uses launch configuration (group type is asg-lc).
  
  

• spec.master.locations[*].aws.launchTemplateDataCloudFormationExtras

  spec.nodes[*].locations[*].aws.launchTemplateDataCloudFormationExtras
  
  All fields specified in this section in the cluster spec in the master or a node group are included as is in the Cloudformation template in the corresponding launch template resource in the Data section, if the corresponding instance group uses launch template (group type is asg-lt).
  
  

• spec.master.locations[*].aws.mixedInstancesPolicyCloudFormationExtras

  spec.nodes[*].locations[*].aws.mixedInstancesPolicyCloudFormationExtras
  
  All fields specified in this section in the cluster spec in the master or a node group are included as is in the Cloudformation template in the corresponding autoscaling group resource in the Properties.MixedInstancePolicy section, if the corresponding instance group uses mixed instance policy and launch template (group type is asg-mip).
  
  

• [Kublr 1.19.3+] spec.secretStore.awsS3.secretExchangeBucketCloudFormationExtras
  
  All fields specified in this section in the cluster spec are included as is in the S3 bucket CloudFormation resource section in the cluster CloudFormation template

[Supported in Kublr 1.24.0 and later] Starting with Kublr 1.24.0 the fields specified above were deprecated in favor of more consistent data structure. The properties specified in the deprecated fields will be automatically migrated into the new fields on the first cluster update.

• spec.locations[*].aws.cloudFormationExtras.*
  
  Fields that allow overriding all Kublr-generated AWS resources' properties on the cluster level.
  
  See Kublr API reference (AWSLocationCloudFormationExtrasSpec) for the list and description of available properties
  
  
• spec.locations[*].master.locations[*].aws.cloudFormationExtras.*
  spec.locations[*].nodes[*].locations[*].aws.cloudFormationExtras.*
  
  Fields that allow overriding Kublr-generated AWS resources' properties on the node group level.
  
  See Kublr API reference (AWSInstanceGroupLocationCloudFormationExtrasSpec) for the list and description of available properties
  
  
• spec.locations[*].aws.availabilityZoneSpec[*].cloudFormationExtras.*
  
  Fields that allow overriding Kublr-generated AWS resources' properties specific for an AWS availability zone.
  
  See Kublr API reference (AWSAvailabilityZoneCloudFormationExtrasSpec) for the list and description of available properties
  
  
• spec.locations[*].aws.availabilityZoneSpec[*].subnetMasterPublic.cloudFormationExtras.*
  spec.locations[*].aws.availabilityZoneSpec[*].subnetMasterPrivate.cloudFormationExtras.*
  spec.locations[*].aws.availabilityZoneSpec[*].subnetNodePublic.cloudFormationExtras.*
  spec.locations[*].aws.availabilityZoneSpec[*].subnetNodePrivate.cloudFormationExtras.*
  spec.locations[*].aws.availabilityZoneSpec[*].subnetOtherPublic.cloudFormationExtras.*
  
  Fields that allow overriding Kublr-generated AWS resources' properties specific for an AWS availability zone.
  
  See Kublr API reference (AWSSubnetCloudFormationExtrasSpec) for the list and description of available properties.

Fields that allow using AWS CF resource references

[Supported in Kublr 1.19.3 and later] The following fields of the cluster specification can reference AWS resources using Cloudformation functions such as Ref or GetAtt:

• spec.locations[*].aws.existingSecurityGroupIds
  
  
• spec.master.locations[*].aws.existingSecurityGroupIds
  spec.nodes[*].locations[*].aws.existingSecurityGroupIds
  
  
• spec.master.locations[*].aws.subnetIds
  spec.nodes[*].locations[*].aws.subnetIds
  
  
• spec.master.locations[*].aws.privateMasterPublicElbSubnetIds
  spec.nodes[*].locations[*].aws.privateMasterPublicElbSubnetIds
  
  
• spec.master.locations[*].aws.loadBalancerNames
  spec.nodes[*].locations[*].aws.loadBalancerNames
  
  
• spec.master.locations[*].aws.targetGroupARNs
  spec.nodes[*].locations[*].aws.targetGroupARNs
  
  
• spec.secretStore.awsS3.secretExchangeBucketCloudFormationExtras
  
  
• [Kublr 1.22.0+]
  spec.master.locations[*].aws.masterVolume.kmsKeyId
  spec.master.locations[*].aws.rootVolume.kmsKeyId
  spec.nodes[*].locations[*].aws.rootVolume.kmsKeyId
• [Kublr 1.24.0+] spec.master.locations[*].aws.masterVolume.snapshotId

Examples and references

See examples of using these capabilities for advanced configurations:

• Deploy cluster on AWS with EFS persistence
• Using custom security groups in AWS cluster
• Using custom subnets in AWS cluster
• Using encrypted S3 bucket for the AWS cluster secret exchange store