harshal-shah · December 10, 2018 13:50
diff --git a/kops-spec.yaml b/kops-spec.yaml
 apiVersion: kops/v1alpha2
 kind: Cluster
 metadata:
  creationTimestamp: null
  name: staging.some-company.io
 spec:
  additionalPolicies:
    master: |
      [
        {
          "Effect":"Allow",
          "Action":[
                    "autoscaling:DescribeAutoScalingGroups",
                    "autoscaling:DescribeAutoScalingInstances",
                    "autoscaling:DescribeLaunchConfigurations",
                    "autoscaling:DescribeTags",
                    "autoscaling:SetDesiredCapacity",
                    "autoscaling:TerminateInstanceInAutoScalingGroup",
                    "sts:AssumeRole"
                    ],
          "Resource":"*"
          }
      ]
    node: |
      [
        {
          "Effect": "Allow",
          "Action": [
            "sts:AssumeRole",
            "ec2:DescribeRegions"
          ],
          "Resource": [
            "*"
          ]
        },
        {
          "Sid": "kopsK8sEC2NodeAmazonVPCPerms",
          "Effect": "Allow",
          "Action": [
            "ec2:CreateNetworkInterface",
            "ec2:AttachNetworkInterface",
            "ec2:DeleteNetworkInterface",
            "ec2:DetachNetworkInterface",
            "ec2:DescribeNetworkInterfaces",
            "ec2:DescribeInstances",
            "ec2:ModifyNetworkInterfaceAttribute",
            "ec2:AssignPrivateIpAddresses",
            "tag:TagResources"
          ],
          "Resource": [
            "*"
          ]
        }
      ]
  api:
    loadBalancer:
      type: Internal
      idleTimeoutSeconds: 3600
  authorization:
    rbac: {}
  channel: stable
  cloudLabels:
    Environment: Staging
    Group: Kubernetes
    Squad: delta-force
    Tribe: Platform
  cloudProvider: aws
  configBase: s3://some-state/staging.some-company.io
  etcdClusters:
  - etcdMembers:
    - instanceGroup: master-eu-west-1a
      name: a
    - instanceGroup: master-eu-west-1b
      name: b
    - instanceGroup: master-eu-west-1c
      name: c
    name: main
  - etcdMembers:
    - instanceGroup: master-eu-west-1a
      name: a
    - instanceGroup: master-eu-west-1b
      name: b
    - instanceGroup: master-eu-west-1c
      name: c
    name: events
  externalDns:
    watchIngress: false
  iam:
    legacy: true
  kubeAPIServer:
    authorizationRbacSuperUser: admin
    featureGates:
      CustomPodDNS: "true"
    runtimeConfig:
      batch/v2alpha1: "true"
      autoscaling/v2beta1: "true"
  kubeDNS:
    provider: CoreDNS
  kubeProxy:
    clusterCIDR: 172.23.0.0/16
  kubelet:
    anonymousAuth: false
    enableCustomMetrics: true
    MaxPods: 55
    cloudProvider: aws
    featureGates:
      CustomPodDNS: "true"
  kubeControllerManager:
    horizontalPodAutoscalerUseRestClients: true
    horizontalPodAutoscalerDownscaleDelay: 10m
  kubernetesApiAccess:
  - 0.0.0.0/0
  kubernetesVersion: 1.11.5
  masterInternalName: api.internal.staging.some-company.io
  masterPublicName: api.staging.some-company.io
  networkCIDR: 172.23.0.0/16
  networking:
    amazonvpc: {}
  nonMasqueradeCIDR: 100.64.0.0/10
  subnets:
  - cidr: 172.23.32.0/19
    name: eu-west-1a
    type: Private
    zone: eu-west-1a
  - cidr: 172.23.64.0/19
    name: eu-west-1b
    type: Private
    zone: eu-west-1b
  - cidr: 172.23.96.0/19
    name: eu-west-1c
    type: Private
    zone: eu-west-1c
  - cidr: 172.23.0.0/22
    name: utility-eu-west-1a
    type: Utility
    zone: eu-west-1a
  - cidr: 172.23.4.0/22
    name: utility-eu-west-1b
    type: Utility
    zone: eu-west-1b
  - cidr: 172.23.8.0/22
    name: utility-eu-west-1c
    type: Utility
    zone: eu-west-1c
  target:
    terraform:
      providerExtraConfig:
        alias: parent
  topology:
    dns:
      type: Public
    masters: private
    nodes: private

 ---

 apiVersion: kops/v1alpha2
 kind: InstanceGroup
 metadata:
  labels:
    kops.k8s.io/cluster: staging.some-company.io
  name: master-eu-west-1a
 spec:
  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180814
  machineType: m3.xlarge
  maxSize: 1
  minSize: 1
  role: Master
  subnets:
  - eu-west-1a

 ---

 apiVersion: kops/v1alpha2
 kind: InstanceGroup
 metadata:
  labels:
    kops.k8s.io/cluster: staging.some-company.io
  name: master-eu-west-1b
 spec:
  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180814
  machineType: m3.xlarge
  maxSize: 1
  minSize: 1
  role: Master
  subnets:
  - eu-west-1b

 ---

 apiVersion: kops/v1alpha2
 kind: InstanceGroup
 metadata:
  labels:
    kops.k8s.io/cluster: staging.some-company.io
  name: master-eu-west-1c
 spec:
  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180814
  machineType: m3.xlarge
  maxSize: 1
  minSize: 1
  role: Master
  subnets:
  - eu-west-1c

 ---

 apiVersion: kops/v1alpha2
 kind: InstanceGroup
 metadata:
  labels:
    kops.k8s.io/cluster: staging.some-company.io
  name: nodes
 spec:
  cloudLabels:
    k8s.io/cluster-autoscaler/enabled: ""
    kubernetes.io/cluster/staging.some-company.io: owned
  image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180814
  machineType: m4.xlarge
  maxSize: 30
  minSize: 10
  role: Node
  subnets:
  - eu-west-1a
  - eu-west-1b
  - eu-west-1c
  suspendProcesses:
  - AZRebalance
	apiVersion: kops/v1alpha2
	kind: Cluster
	metadata:
	creationTimestamp: null
	name: staging.some-company.io
	spec:
	additionalPolicies:
	master: \|
	[
	{
	"Effect":"Allow",
	"Action":[
	"autoscaling:DescribeAutoScalingGroups",
	"autoscaling:DescribeAutoScalingInstances",
	"autoscaling:DescribeLaunchConfigurations",
	"autoscaling:DescribeTags",
	"autoscaling:SetDesiredCapacity",
	"autoscaling:TerminateInstanceInAutoScalingGroup",
	"sts:AssumeRole"
	],
	"Resource":"*"
	}
	]
	node: \|
	[
	{
	"Effect": "Allow",
	"Action": [
	"sts:AssumeRole",
	"ec2:DescribeRegions"
	],
	"Resource": [
	"*"
	]
	},
	{
	"Sid": "kopsK8sEC2NodeAmazonVPCPerms",
	"Effect": "Allow",
	"Action": [
	"ec2:CreateNetworkInterface",
	"ec2:AttachNetworkInterface",
	"ec2:DeleteNetworkInterface",
	"ec2:DetachNetworkInterface",
	"ec2:DescribeNetworkInterfaces",
	"ec2:DescribeInstances",
	"ec2:ModifyNetworkInterfaceAttribute",
	"ec2:AssignPrivateIpAddresses",
	"tag:TagResources"
	],
	"Resource": [
	"*"
	]
	}
	]
	api:
	loadBalancer:
	type: Internal
	idleTimeoutSeconds: 3600
	authorization:
	rbac: {}
	channel: stable
	cloudLabels:
	Environment: Staging
	Group: Kubernetes
	Squad: delta-force
	Tribe: Platform
	cloudProvider: aws
	configBase: s3://some-state/staging.some-company.io
	etcdClusters:
	- etcdMembers:
	- instanceGroup: master-eu-west-1a
	name: a
	- instanceGroup: master-eu-west-1b
	name: b
	- instanceGroup: master-eu-west-1c
	name: c
	name: main
	- etcdMembers:
	- instanceGroup: master-eu-west-1a
	name: a
	- instanceGroup: master-eu-west-1b
	name: b
	- instanceGroup: master-eu-west-1c
	name: c
	name: events
	externalDns:
	watchIngress: false
	iam:
	legacy: true
	kubeAPIServer:
	authorizationRbacSuperUser: admin
	featureGates:
	CustomPodDNS: "true"
	runtimeConfig:
	batch/v2alpha1: "true"
	autoscaling/v2beta1: "true"
	kubeDNS:
	provider: CoreDNS
	kubeProxy:
	clusterCIDR: 172.23.0.0/16
	kubelet:
	anonymousAuth: false
	enableCustomMetrics: true
	MaxPods: 55
	cloudProvider: aws
	featureGates:
	CustomPodDNS: "true"
	kubeControllerManager:
	horizontalPodAutoscalerUseRestClients: true
	horizontalPodAutoscalerDownscaleDelay: 10m
	kubernetesApiAccess:
	- 0.0.0.0/0
	kubernetesVersion: 1.11.5
	masterInternalName: api.internal.staging.some-company.io
	masterPublicName: api.staging.some-company.io
	networkCIDR: 172.23.0.0/16
	networking:
	amazonvpc: {}
	nonMasqueradeCIDR: 100.64.0.0/10
	subnets:
	- cidr: 172.23.32.0/19
	name: eu-west-1a
	type: Private
	zone: eu-west-1a
	- cidr: 172.23.64.0/19
	name: eu-west-1b
	type: Private
	zone: eu-west-1b
	- cidr: 172.23.96.0/19
	name: eu-west-1c
	type: Private
	zone: eu-west-1c
	- cidr: 172.23.0.0/22
	name: utility-eu-west-1a
	type: Utility
	zone: eu-west-1a
	- cidr: 172.23.4.0/22
	name: utility-eu-west-1b
	type: Utility
	zone: eu-west-1b
	- cidr: 172.23.8.0/22
	name: utility-eu-west-1c
	type: Utility
	zone: eu-west-1c
	target:
	terraform:
	providerExtraConfig:
	alias: parent
	topology:
	dns:
	type: Public
	masters: private
	nodes: private

	---

	apiVersion: kops/v1alpha2
	kind: InstanceGroup
	metadata:
	labels:
	kops.k8s.io/cluster: staging.some-company.io
	name: master-eu-west-1a
	spec:
	image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180814
	machineType: m3.xlarge
	maxSize: 1
	minSize: 1
	role: Master
	subnets:
	- eu-west-1a

	---

	apiVersion: kops/v1alpha2
	kind: InstanceGroup
	metadata:
	labels:
	kops.k8s.io/cluster: staging.some-company.io
	name: master-eu-west-1b
	spec:
	image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180814
	machineType: m3.xlarge
	maxSize: 1
	minSize: 1
	role: Master
	subnets:
	- eu-west-1b

	---

	apiVersion: kops/v1alpha2
	kind: InstanceGroup
	metadata:
	labels:
	kops.k8s.io/cluster: staging.some-company.io
	name: master-eu-west-1c
	spec:
	image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180814
	machineType: m3.xlarge
	maxSize: 1
	minSize: 1
	role: Master
	subnets:
	- eu-west-1c

	---

	apiVersion: kops/v1alpha2
	kind: InstanceGroup
	metadata:
	labels:
	kops.k8s.io/cluster: staging.some-company.io
	name: nodes
	spec:
	cloudLabels:
	k8s.io/cluster-autoscaler/enabled: ""
	kubernetes.io/cluster/staging.some-company.io: owned
	image: 099720109477/ubuntu/images/hvm-ssd/ubuntu-xenial-16.04-amd64-server-20180814
	machineType: m4.xlarge
	maxSize: 30
	minSize: 10
	role: Node
	subnets:
	- eu-west-1a
	- eu-west-1b
	- eu-west-1c
	suspendProcesses:
	- AZRebalance