summaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2019-10-28 12:06:50 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2019-10-28 12:06:50 +0000
commit6cf6996f183bdff46e73431c07bfb723066a8222 (patch)
tree4c76635c08f84715ad7d4bf9e0dc4b73bfc793e0 /vendor
parent29eea410c440212730a33ddf610483fe095c8670 (diff)
downloadgitlab-ce-6cf6996f183bdff46e73431c07bfb723066a8222.tar.gz
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'vendor')
-rw-r--r--vendor/aws/cloudformation/eks_cluster.yaml340
1 files changed, 340 insertions, 0 deletions
diff --git a/vendor/aws/cloudformation/eks_cluster.yaml b/vendor/aws/cloudformation/eks_cluster.yaml
new file mode 100644
index 00000000000..ac09fc7ccca
--- /dev/null
+++ b/vendor/aws/cloudformation/eks_cluster.yaml
@@ -0,0 +1,340 @@
+---
+AWSTemplateFormatVersion: 2010-09-09
+Description: GitLab EKS Cluster
+
+Parameters:
+
+ KubernetesVersion:
+ Description: The Kubernetes version to install
+ Type: String
+ Default: 1.14
+ AllowedValues:
+ - 1.12
+ - 1.13
+ - 1.14
+
+ KeyName:
+ Description: The EC2 Key Pair to allow SSH access to the node instances
+ Type: AWS::EC2::KeyPair::KeyName
+
+ NodeImageIdSSMParam:
+ Type: "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>"
+ Default: /aws/service/eks/optimized-ami/1.14/amazon-linux-2/recommended/image_id
+ Description: AWS Systems Manager Parameter Store parameter of the AMI ID for the worker node instances.
+
+ NodeInstanceType:
+ Description: EC2 instance type for the node instances
+ Type: String
+ Default: t3.medium
+ ConstraintDescription: Must be a valid EC2 instance type
+ AllowedValues:
+ - t2.small
+ - t2.medium
+ - t2.large
+ - t2.xlarge
+ - t2.2xlarge
+ - t3.nano
+ - t3.micro
+ - t3.small
+ - t3.medium
+ - t3.large
+ - t3.xlarge
+ - t3.2xlarge
+ - m3.medium
+ - m3.large
+ - m3.xlarge
+ - m3.2xlarge
+ - m4.large
+ - m4.xlarge
+ - m4.2xlarge
+ - m4.4xlarge
+ - m4.10xlarge
+ - m5.large
+ - m5.xlarge
+ - m5.2xlarge
+ - m5.4xlarge
+ - m5.12xlarge
+ - m5.24xlarge
+ - c4.large
+ - c4.xlarge
+ - c4.2xlarge
+ - c4.4xlarge
+ - c4.8xlarge
+ - c5.large
+ - c5.xlarge
+ - c5.2xlarge
+ - c5.4xlarge
+ - c5.9xlarge
+ - c5.18xlarge
+ - i3.large
+ - i3.xlarge
+ - i3.2xlarge
+ - i3.4xlarge
+ - i3.8xlarge
+ - i3.16xlarge
+ - r3.xlarge
+ - r3.2xlarge
+ - r3.4xlarge
+ - r3.8xlarge
+ - r4.large
+ - r4.xlarge
+ - r4.2xlarge
+ - r4.4xlarge
+ - r4.8xlarge
+ - r4.16xlarge
+ - x1.16xlarge
+ - x1.32xlarge
+ - p2.xlarge
+ - p2.8xlarge
+ - p2.16xlarge
+ - p3.2xlarge
+ - p3.8xlarge
+ - p3.16xlarge
+ - p3dn.24xlarge
+ - r5.large
+ - r5.xlarge
+ - r5.2xlarge
+ - r5.4xlarge
+ - r5.12xlarge
+ - r5.24xlarge
+ - r5d.large
+ - r5d.xlarge
+ - r5d.2xlarge
+ - r5d.4xlarge
+ - r5d.12xlarge
+ - r5d.24xlarge
+ - z1d.large
+ - z1d.xlarge
+ - z1d.2xlarge
+ - z1d.3xlarge
+ - z1d.6xlarge
+ - z1d.12xlarge
+
+ NodeAutoScalingGroupDesiredCapacity:
+ Description: Desired capacity of Node Group ASG.
+ Type: Number
+ Default: 3
+
+ NodeVolumeSize:
+ Description: Node volume size
+ Type: Number
+ Default: 20
+
+ ClusterName:
+ Description: Unique name for your Amazon EKS cluster.
+ Type: String
+
+ ClusterRole:
+ Description: The IAM Role to allow Amazon EKS and the Kubernetes control plane to manage AWS resources on your behalf.
+ Type: String
+
+ ClusterControlPlaneSecurityGroup:
+ Description: The security groups to apply to the EKS-managed Elastic Network Interfaces that are created in your worker node subnets.
+ Type: AWS::EC2::SecurityGroup::Id
+
+ VpcId:
+ Description: The VPC to use for your EKS Cluster resources.
+ Type: AWS::EC2::VPC::Id
+
+ Subnets:
+ Description: The subnets in your VPC where your worker nodes will run.
+ Type: List<AWS::EC2::Subnet::Id>
+
+Metadata:
+
+ AWS::CloudFormation::Interface:
+ ParameterGroups:
+ - Label:
+ default: EKS Cluster
+ Parameters:
+ - ClusterName
+ - ClusterRole
+ - KubernetesVersion
+ - ClusterControlPlaneSecurityGroup
+ - Label:
+ default: Worker Node Configuration
+ Parameters:
+ - NodeAutoScalingGroupDesiredCapacity
+ - NodeInstanceType
+ - NodeImageIdSSMParam
+ - NodeVolumeSize
+ - KeyName
+ - Label:
+ default: Worker Network Configuration
+ Parameters:
+ - VpcId
+ - Subnets
+
+Resources:
+
+ Cluster:
+ Type: AWS::EKS::Cluster
+ Properties:
+ Name: !Sub ${ClusterName}
+ Version: !Sub ${KubernetesVersion}
+ RoleArn: !Sub ${ClusterRole}
+ ResourcesVpcConfig:
+ SecurityGroupIds:
+ - !Ref ClusterControlPlaneSecurityGroup
+ SubnetIds: !Ref Subnets
+
+ NodeInstanceProfile:
+ Type: AWS::IAM::InstanceProfile
+ Properties:
+ Path: "/"
+ Roles:
+ - !Ref NodeInstanceRole
+
+ NodeInstanceRole:
+ Type: AWS::IAM::Role
+ Properties:
+ AssumeRolePolicyDocument:
+ Version: 2012-10-17
+ Statement:
+ - Effect: Allow
+ Principal:
+ Service: ec2.amazonaws.com
+ Action: sts:AssumeRole
+ Path: "/"
+ ManagedPolicyArns:
+ - arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
+ - arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
+ - arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
+
+ NodeSecurityGroup:
+ Type: AWS::EC2::SecurityGroup
+ Properties:
+ GroupDescription: Security group for all nodes in the cluster
+ VpcId: !Ref VpcId
+ Tags:
+ - Key: !Sub kubernetes.io/cluster/${ClusterName}
+ Value: owned
+
+ NodeSecurityGroupIngress:
+ Type: AWS::EC2::SecurityGroupIngress
+ DependsOn: NodeSecurityGroup
+ Properties:
+ Description: Allow nodes to communicate with each other
+ GroupId: !Ref NodeSecurityGroup
+ SourceSecurityGroupId: !Ref NodeSecurityGroup
+ IpProtocol: -1
+ FromPort: 0
+ ToPort: 65535
+
+ NodeSecurityGroupFromControlPlaneIngress:
+ Type: AWS::EC2::SecurityGroupIngress
+ DependsOn: NodeSecurityGroup
+ Properties:
+ Description: Allow worker Kubelets and pods to receive communication from the cluster control plane
+ GroupId: !Ref NodeSecurityGroup
+ SourceSecurityGroupId: !Ref ClusterControlPlaneSecurityGroup
+ IpProtocol: tcp
+ FromPort: 1025
+ ToPort: 65535
+
+ ControlPlaneEgressToNodeSecurityGroup:
+ Type: AWS::EC2::SecurityGroupEgress
+ DependsOn: NodeSecurityGroup
+ Properties:
+ Description: Allow the cluster control plane to communicate with worker Kubelet and pods
+ GroupId: !Ref ClusterControlPlaneSecurityGroup
+ DestinationSecurityGroupId: !Ref NodeSecurityGroup
+ IpProtocol: tcp
+ FromPort: 1025
+ ToPort: 65535
+
+ NodeSecurityGroupFromControlPlaneOn443Ingress:
+ Type: AWS::EC2::SecurityGroupIngress
+ DependsOn: NodeSecurityGroup
+ Properties:
+ Description: Allow pods running extension API servers on port 443 to receive communication from cluster control plane
+ GroupId: !Ref NodeSecurityGroup
+ SourceSecurityGroupId: !Ref ClusterControlPlaneSecurityGroup
+ IpProtocol: tcp
+ FromPort: 443
+ ToPort: 443
+
+ ControlPlaneEgressToNodeSecurityGroupOn443:
+ Type: AWS::EC2::SecurityGroupEgress
+ DependsOn: NodeSecurityGroup
+ Properties:
+ Description: Allow the cluster control plane to communicate with pods running extension API servers on port 443
+ GroupId: !Ref ClusterControlPlaneSecurityGroup
+ DestinationSecurityGroupId: !Ref NodeSecurityGroup
+ IpProtocol: tcp
+ FromPort: 443
+ ToPort: 443
+
+ ClusterControlPlaneSecurityGroupIngress:
+ Type: AWS::EC2::SecurityGroupIngress
+ DependsOn: NodeSecurityGroup
+ Properties:
+ Description: Allow pods to communicate with the cluster API Server
+ GroupId: !Ref ClusterControlPlaneSecurityGroup
+ SourceSecurityGroupId: !Ref NodeSecurityGroup
+ IpProtocol: tcp
+ ToPort: 443
+ FromPort: 443
+
+ NodeGroup:
+ Type: AWS::AutoScaling::AutoScalingGroup
+ DependsOn: Cluster
+ Properties:
+ DesiredCapacity: !Ref NodeAutoScalingGroupDesiredCapacity
+ LaunchConfigurationName: !Ref NodeLaunchConfig
+ MinSize: !Ref NodeAutoScalingGroupDesiredCapacity
+ MaxSize: !Ref NodeAutoScalingGroupDesiredCapacity
+ VPCZoneIdentifier: !Ref Subnets
+ Tags:
+ - Key: Name
+ Value: !Sub ${ClusterName}-node
+ PropagateAtLaunch: true
+ - Key: !Sub kubernetes.io/cluster/${ClusterName}
+ Value: owned
+ PropagateAtLaunch: true
+ UpdatePolicy:
+ AutoScalingRollingUpdate:
+ MaxBatchSize: 1
+ MinInstancesInService: !Ref NodeAutoScalingGroupDesiredCapacity
+ PauseTime: PT5M
+
+ NodeLaunchConfig:
+ Type: AWS::AutoScaling::LaunchConfiguration
+ Properties:
+ AssociatePublicIpAddress: true
+ IamInstanceProfile: !Ref NodeInstanceProfile
+ ImageId: !Ref NodeImageIdSSMParam
+ InstanceType: !Ref NodeInstanceType
+ KeyName: !Ref KeyName
+ SecurityGroups:
+ - !Ref NodeSecurityGroup
+ BlockDeviceMappings:
+ - DeviceName: /dev/xvda
+ Ebs:
+ VolumeSize: !Ref NodeVolumeSize
+ VolumeType: gp2
+ DeleteOnTermination: true
+ UserData:
+ Fn::Base64:
+ !Sub |
+ #!/bin/bash
+ set -o xtrace
+ /etc/eks/bootstrap.sh "${ClusterName}"
+ /opt/aws/bin/cfn-signal --exit-code $? \
+ --stack ${AWS::StackName} \
+ --resource NodeGroup \
+ --region ${AWS::Region}
+
+Outputs:
+
+ NodeInstanceRole:
+ Description: The node instance role
+ Value: !GetAtt NodeInstanceRole.Arn
+
+ ClusterCertificate:
+ Description: The cluster certificate
+ Value: !GetAtt Cluster.CertificateAuthorityData
+
+ ClusterEndpoint:
+ Description: The cluster endpoint
+ Value: !GetAtt Cluster.Endpoint