@pulumi/rke
Version:
A Pulumi package for creating and managing rke cloud resources.
2,037 lines • 64.6 kB
TypeScript
import * as outputs from "../types/output";
export interface ClusterAuthentication {
/**
* List of additional hostnames and IPs to include in the api server PKI cert
*/
sans: string[];
/**
* Authentication strategy that will be used in RKE k8s cluster
*/
strategy?: string;
/**
* Webhook configuration options
*/
webhook: outputs.ClusterAuthenticationWebhook;
}
export interface ClusterAuthenticationWebhook {
/**
* Controls how long to cache authentication decisions
*/
cacheTimeout?: string;
/**
* Multiline string that represent a custom webhook config file
*/
configFile?: string;
}
export interface ClusterAuthorization {
/**
* RKE mode for authorization. `rbac` and `none` modes are available. Default `rbac` (string)
*/
mode?: string;
/**
* Authorization mode options
*/
options?: {
[key: string]: string;
};
}
export interface ClusterBastionHost {
/**
* Address of Bastion Host
*/
address: string;
/**
* Ignore proxy env vars at Bastion Host?
*/
ignoreProxyEnvVars?: boolean;
/**
* SSH Port of Bastion Host
*/
port?: string;
/**
* SSH Agent Auth enable (bool)
*/
sshAgentAuth: boolean;
/**
* SSH Certificate Key
*/
sshCert?: string;
/**
* SSH Certificate Path (string)
*/
sshCertPath: string;
/**
* SSH Private Key
*/
sshKey?: string;
/**
* SSH Private Key Path (string)
*/
sshKeyPath: string;
/**
* SSH User to Bastion Host
*/
user: string;
}
export interface ClusterCertificate {
certificate: string;
commonName: string;
config: string;
configEnvName: string;
configPath: string;
envName: string;
/**
* (Computed) The ID of the resource (string)
*/
id: string;
/**
* TLS key for etcd service (string)
*/
key: string;
keyEnvName: string;
keyPath: string;
/**
* Name of virtualcenter config for Vsphere Cloud Provider config (string)
*/
name: string;
ouName: string;
/**
* Audit log path. Default: `/var/log/kube-audit/audit-log.json` (string)
*/
path: string;
}
export interface ClusterCloudProvider {
/**
* Use awsCloudProvider instead
*
* @deprecated Use awsCloudProvider instead
*/
awsCloudConfig?: outputs.ClusterCloudProviderAwsCloudConfig;
/**
* AWS Cloud Provider config
*/
awsCloudProvider?: outputs.ClusterCloudProviderAwsCloudProvider;
/**
* Use azureCloudProvider instead
*
* @deprecated Use azureCloudProvider instead
*/
azureCloudConfig?: outputs.ClusterCloudProviderAzureCloudConfig;
/**
* Azure Cloud Provider config
*/
azureCloudProvider?: outputs.ClusterCloudProviderAzureCloudProvider;
/**
* Use customCloudProvider instead
*
* @deprecated Use customCloudProvider instead
*/
customCloudConfig?: string;
/**
* Custom Cloud Provider config
*/
customCloudProvider?: string;
/**
* Name of virtualcenter config for Vsphere Cloud Provider config (string)
*/
name: string;
/**
* Use openstackCloudProvider instead
*
* @deprecated Use openstackCloudProvider instead
*/
openstackCloudConfig?: outputs.ClusterCloudProviderOpenstackCloudConfig;
/**
* Openstack Cloud Provider config
*/
openstackCloudProvider?: outputs.ClusterCloudProviderOpenstackCloudProvider;
/**
* Use vsphereCloudProvider instead
*
* @deprecated Use vsphereCloudProvider instead
*/
vsphereCloudConfig?: outputs.ClusterCloudProviderVsphereCloudConfig;
/**
* Vsphere Cloud Provider config
*/
vsphereCloudProvider?: outputs.ClusterCloudProviderVsphereCloudProvider;
}
export interface ClusterCloudProviderAwsCloudConfig {
/**
* (list maxitems:1)
*/
global?: outputs.ClusterCloudProviderAwsCloudConfigGlobal;
/**
* (list)
*/
serviceOverrides?: outputs.ClusterCloudProviderAwsCloudConfigServiceOverride[];
}
export interface ClusterCloudProviderAwsCloudConfigGlobal {
/**
* Disables the automatic ingress creation
*/
disableSecurityGroupIngress?: boolean;
/**
* Setting this to true will disable the check and provide a warning that the check was skipped
*/
disableStrictZoneCheck?: boolean;
/**
* Use these ELB security groups instead create new
*/
elbSecurityGroup?: string;
/**
* The cluster id we'll use to identify our cluster resources
*/
kubernetesClusterId?: string;
/**
* Legacy cluster id we'll use to identify our cluster resources
*/
kubernetesClusterTag?: string;
/**
* IAM role to assume when interaction with AWS APIs
*/
roleArn?: string;
/**
* Enables using a specific RouteTable
*/
routeTableId?: string;
/**
* Enables using a specific subnet to use for ELB's
*/
subnetId?: string;
/**
* The AWS VPC flag enables the possibility to run the master components on a different aws account, on a different cloud provider or on-premises. If the flag is set also the KubernetesClusterTag must be provided
*/
vpc?: string;
/**
* The AWS zone
*/
zone?: string;
}
export interface ClusterCloudProviderAwsCloudConfigServiceOverride {
/**
* TLS key for etcd service (string)
*
* @deprecated Use service instead
*/
key?: string;
/**
* Region for S3 service (string)
*/
region?: string;
/**
* (string)
*/
service: string;
/**
* (string)
*/
signingMethod: string;
/**
* (string)
*/
signingName?: string;
/**
* (string)
*/
signingRegion?: string;
/**
* Registry URL (string)
*/
url?: string;
}
export interface ClusterCloudProviderAwsCloudProvider {
/**
* (list maxitems:1)
*/
global?: outputs.ClusterCloudProviderAwsCloudProviderGlobal;
/**
* (list)
*/
serviceOverrides?: outputs.ClusterCloudProviderAwsCloudProviderServiceOverride[];
}
export interface ClusterCloudProviderAwsCloudProviderGlobal {
/**
* Disables the automatic ingress creation
*/
disableSecurityGroupIngress?: boolean;
/**
* Setting this to true will disable the check and provide a warning that the check was skipped
*/
disableStrictZoneCheck?: boolean;
/**
* Use these ELB security groups instead create new
*/
elbSecurityGroup?: string;
/**
* The cluster id we'll use to identify our cluster resources
*/
kubernetesClusterId?: string;
/**
* Legacy cluster id we'll use to identify our cluster resources
*/
kubernetesClusterTag?: string;
/**
* IAM role to assume when interaction with AWS APIs
*/
roleArn?: string;
/**
* Enables using a specific RouteTable
*/
routeTableId?: string;
/**
* Enables using a specific subnet to use for ELB's
*/
subnetId?: string;
/**
* The AWS VPC flag enables the possibility to run the master components on a different aws account, on a different cloud provider or on-premises. If the flag is set also the KubernetesClusterTag must be provided
*/
vpc?: string;
/**
* The AWS zone
*/
zone?: string;
}
export interface ClusterCloudProviderAwsCloudProviderServiceOverride {
/**
* TLS key for etcd service (string)
*
* @deprecated Use service instead
*/
key?: string;
/**
* Region for S3 service (string)
*/
region?: string;
/**
* (string)
*/
service: string;
/**
* (string)
*/
signingMethod: string;
/**
* (string)
*/
signingName?: string;
/**
* (string)
*/
signingRegion?: string;
/**
* Registry URL (string)
*/
url?: string;
}
export interface ClusterCloudProviderAzureCloudConfig {
/**
* The password of the client certificate for an AAD application with RBAC access to talk to Azure RM APIs
*/
aadClientCertPassword?: string;
/**
* The path of a client certificate for an AAD application with RBAC access to talk to Azure RM APIs
*/
aadClientCertPath?: string;
/**
* The ClientID for an AAD application with RBAC access to talk to Azure RM APIs
*/
aadClientId: string;
/**
* The ClientSecret for an AAD application with RBAC access to talk to Azure RM APIs
*/
aadClientSecret: string;
/**
* The cloud environment identifier. Takes values from https://github.com/Azure/go-autorest/blob/ec5f4903f77ed9927ac95b19ab8e44ada64c1356/autorest/azure/environments.go#L13
*/
cloud?: string;
/**
* Enable exponential backoff to manage resource request retries
*/
cloudProviderBackoff?: boolean;
/**
* Backoff duration
*/
cloudProviderBackoffDuration?: number;
/**
* Backoff exponent
*/
cloudProviderBackoffExponent?: number;
/**
* Backoff jitter
*/
cloudProviderBackoffJitter?: number;
/**
* Backoff retry limit
*/
cloudProviderBackoffRetries?: number;
/**
* Enable rate limiting
*/
cloudProviderRateLimit?: boolean;
/**
* (int)
*/
cloudProviderRateLimitBucket: number;
/**
* Rate limit QPS
*/
cloudProviderRateLimitQps?: number;
/**
* Load balancer type (basic | standard). Must be standard for auto-scaling
*/
loadBalancerSku?: string;
/**
* The location of the resource group that the cluster is deployed in
*/
location?: string;
/**
* Maximum allowed LoadBalancer Rule Count is the limit enforced by Azure Load balancer
*/
maximumLoadBalancerRuleCount?: number;
/**
* The name of the availability set that should be used as the load balancer backendIf this is set, the Azure cloudprovider will only add nodes from that availability set to the loadbalancer backend pool. If this is not set, and multiple agent pools (availability sets) are used, thenthe cloudprovider will try to add all nodes to a single backend pool which is forbidden.In other words, if you use multiple agent pools (availability sets), you MUST set this field.
*/
primaryAvailabilitySetName?: string;
/**
* The name of the scale set that should be used as the load balancer backend.If this is set, the Azure cloudprovider will only add nodes from that scale set to the loadbalancer backend pool. If this is not set, and multiple agent pools (scale sets) are used, thenthe cloudprovider will try to add all nodes to a single backend pool which is forbidden.In other words, if you use multiple agent pools (scale sets), you MUST set this field.
*/
primaryScaleSetName?: string;
/**
* The name of the resource group that the cluster is deployed in
*/
resourceGroup?: string;
/**
* (Optional in 1.6) The name of the route table attached to the subnet that the cluster is deployed in
*/
routeTableName?: string;
/**
* The name of the security group attached to the cluster's subnet
*/
securityGroupName?: string;
/**
* The name of the Subnet that the cluster is deployed in
*/
subnetName?: string;
/**
* The ID of the Azure Subscription that the cluster is deployed in
*/
subscriptionId: string;
/**
* The AAD Tenant ID for the Subscription that the cluster is deployed in
*/
tenantId: string;
/**
* Use instance metadata service where possible
*/
useInstanceMetadata?: boolean;
/**
* Use managed service identity for the virtual machine to access Azure ARM APIs
*/
useManagedIdentityExtension?: boolean;
/**
* The type of azure nodes. If not set, it will be default to standard.
*/
vmType?: string;
/**
* The name of the VNet that the cluster is deployed in
*/
vnetName?: string;
/**
* The name of the resource group that the Vnet is deployed in
*/
vnetResourceGroup?: string;
}
export interface ClusterCloudProviderAzureCloudProvider {
/**
* The password of the client certificate for an AAD application with RBAC access to talk to Azure RM APIs
*/
aadClientCertPassword?: string;
/**
* The path of a client certificate for an AAD application with RBAC access to talk to Azure RM APIs
*/
aadClientCertPath?: string;
/**
* The ClientID for an AAD application with RBAC access to talk to Azure RM APIs
*/
aadClientId: string;
/**
* The ClientSecret for an AAD application with RBAC access to talk to Azure RM APIs
*/
aadClientSecret: string;
/**
* The cloud environment identifier. Takes values from https://github.com/Azure/go-autorest/blob/ec5f4903f77ed9927ac95b19ab8e44ada64c1356/autorest/azure/environments.go#L13
*/
cloud?: string;
/**
* Enable exponential backoff to manage resource request retries
*/
cloudProviderBackoff?: boolean;
/**
* Backoff duration
*/
cloudProviderBackoffDuration?: number;
/**
* Backoff exponent
*/
cloudProviderBackoffExponent?: number;
/**
* Backoff jitter
*/
cloudProviderBackoffJitter?: number;
/**
* Backoff retry limit
*/
cloudProviderBackoffRetries?: number;
/**
* Enable rate limiting
*/
cloudProviderRateLimit?: boolean;
/**
* (int)
*/
cloudProviderRateLimitBucket: number;
/**
* Rate limit QPS
*/
cloudProviderRateLimitQps?: number;
/**
* Load balancer type (basic | standard). Must be standard for auto-scaling
*/
loadBalancerSku?: string;
/**
* The location of the resource group that the cluster is deployed in
*/
location?: string;
/**
* Maximum allowed LoadBalancer Rule Count is the limit enforced by Azure Load balancer
*/
maximumLoadBalancerRuleCount?: number;
/**
* The name of the availability set that should be used as the load balancer backendIf this is set, the Azure cloudprovider will only add nodes from that availability set to the loadbalancer backend pool. If this is not set, and multiple agent pools (availability sets) are used, thenthe cloudprovider will try to add all nodes to a single backend pool which is forbidden.In other words, if you use multiple agent pools (availability sets), you MUST set this field.
*/
primaryAvailabilitySetName?: string;
/**
* The name of the scale set that should be used as the load balancer backend.If this is set, the Azure cloudprovider will only add nodes from that scale set to the loadbalancer backend pool. If this is not set, and multiple agent pools (scale sets) are used, thenthe cloudprovider will try to add all nodes to a single backend pool which is forbidden.In other words, if you use multiple agent pools (scale sets), you MUST set this field.
*/
primaryScaleSetName?: string;
/**
* The name of the resource group that the cluster is deployed in
*/
resourceGroup?: string;
/**
* (Optional in 1.6) The name of the route table attached to the subnet that the cluster is deployed in
*/
routeTableName?: string;
/**
* The name of the security group attached to the cluster's subnet
*/
securityGroupName?: string;
/**
* The name of the Subnet that the cluster is deployed in
*/
subnetName?: string;
/**
* The ID of the Azure Subscription that the cluster is deployed in
*/
subscriptionId: string;
/**
* The AAD Tenant ID for the Subscription that the cluster is deployed in
*/
tenantId: string;
/**
* Use instance metadata service where possible
*/
useInstanceMetadata?: boolean;
/**
* Use managed service identity for the virtual machine to access Azure ARM APIs
*/
useManagedIdentityExtension?: boolean;
/**
* The type of azure nodes. If not set, it will be default to standard.
*/
vmType?: string;
/**
* The name of the VNet that the cluster is deployed in
*/
vnetName?: string;
/**
* The name of the resource group that the Vnet is deployed in
*/
vnetResourceGroup?: string;
}
export interface ClusterCloudProviderOpenstackCloudConfig {
/**
* (list maxitems:1)
*/
blockStorage: outputs.ClusterCloudProviderOpenstackCloudConfigBlockStorage;
/**
* (list maxitems:1)
*/
global: outputs.ClusterCloudProviderOpenstackCloudConfigGlobal;
/**
* (list maxitems:1)
*/
loadBalancer: outputs.ClusterCloudProviderOpenstackCloudConfigLoadBalancer;
/**
* (list maxitems:1)
*/
metadata: outputs.ClusterCloudProviderOpenstackCloudConfigMetadata;
/**
* (list maxitems:1)
*/
route: outputs.ClusterCloudProviderOpenstackCloudConfigRoute;
}
export interface ClusterCloudProviderOpenstackCloudConfigBlockStorage {
/**
* (string)
*/
bsVersion?: string;
/**
* (string)
*/
ignoreVolumeAz?: boolean;
/**
* (string)
*/
trustDevicePath?: boolean;
}
export interface ClusterCloudProviderOpenstackCloudConfigGlobal {
/**
* (string)
*/
authUrl: string;
/**
* (string)
*/
caFile?: string;
/**
* Required if `domainName` not provided. (string)
*/
domainId?: string;
/**
* Required if `domainId` not provided. (string)
*/
domainName?: string;
/**
* Registry password (string)
*/
password: string;
/**
* Region for S3 service (string)
*/
region?: string;
/**
* Required if `tenantName` not provided. (string)
*/
tenantId?: string;
/**
* Required if `tenantId` not provided. (string)
*/
tenantName?: string;
/**
* (string)
*/
trustId?: string;
/**
* Required if `username` not provided. (string)
*/
userId?: string;
/**
* Required if `userId` not provided. (string)
*/
username?: string;
}
export interface ClusterCloudProviderOpenstackCloudConfigLoadBalancer {
/**
* (bool)
*/
createMonitor?: boolean;
/**
* (string)
*/
floatingNetworkId?: string;
/**
* (string)
*/
lbMethod?: string;
/**
* (string)
*/
lbProvider?: string;
/**
* (string)
*/
lbVersion?: string;
/**
* (bool)
*/
manageSecurityGroups?: boolean;
/**
* (string)
*/
monitorDelay?: string;
/**
* (int)
*/
monitorMaxRetries?: number;
/**
* (string)
*/
monitorTimeout?: string;
/**
* (string)
*/
subnetId?: string;
/**
* (bool)
*/
useOctavia?: boolean;
}
export interface ClusterCloudProviderOpenstackCloudConfigMetadata {
/**
* (int)
*/
requestTimeout?: number;
/**
* (string)
*/
searchOrder?: string;
}
export interface ClusterCloudProviderOpenstackCloudConfigRoute {
/**
* (string)
*/
routerId?: string;
}
export interface ClusterCloudProviderOpenstackCloudProvider {
/**
* (list maxitems:1)
*/
blockStorage: outputs.ClusterCloudProviderOpenstackCloudProviderBlockStorage;
/**
* (list maxitems:1)
*/
global: outputs.ClusterCloudProviderOpenstackCloudProviderGlobal;
/**
* (list maxitems:1)
*/
loadBalancer: outputs.ClusterCloudProviderOpenstackCloudProviderLoadBalancer;
/**
* (list maxitems:1)
*/
metadata: outputs.ClusterCloudProviderOpenstackCloudProviderMetadata;
/**
* (list maxitems:1)
*/
route: outputs.ClusterCloudProviderOpenstackCloudProviderRoute;
}
export interface ClusterCloudProviderOpenstackCloudProviderBlockStorage {
/**
* (string)
*/
bsVersion?: string;
/**
* (string)
*/
ignoreVolumeAz?: boolean;
/**
* (string)
*/
trustDevicePath?: boolean;
}
export interface ClusterCloudProviderOpenstackCloudProviderGlobal {
/**
* (string)
*/
authUrl: string;
/**
* (string)
*/
caFile?: string;
/**
* Required if `domainName` not provided. (string)
*/
domainId?: string;
/**
* Required if `domainId` not provided. (string)
*/
domainName?: string;
/**
* Registry password (string)
*/
password: string;
/**
* Region for S3 service (string)
*/
region?: string;
/**
* Required if `tenantName` not provided. (string)
*/
tenantId?: string;
/**
* Required if `tenantId` not provided. (string)
*/
tenantName?: string;
/**
* (string)
*/
trustId?: string;
/**
* Required if `username` not provided. (string)
*/
userId?: string;
/**
* Required if `userId` not provided. (string)
*/
username?: string;
}
export interface ClusterCloudProviderOpenstackCloudProviderLoadBalancer {
/**
* (bool)
*/
createMonitor?: boolean;
/**
* (string)
*/
floatingNetworkId?: string;
/**
* (string)
*/
lbMethod?: string;
/**
* (string)
*/
lbProvider?: string;
/**
* (string)
*/
lbVersion?: string;
/**
* (bool)
*/
manageSecurityGroups?: boolean;
/**
* (string)
*/
monitorDelay?: string;
/**
* (int)
*/
monitorMaxRetries?: number;
/**
* (string)
*/
monitorTimeout?: string;
/**
* (string)
*/
subnetId?: string;
/**
* (bool)
*/
useOctavia?: boolean;
}
export interface ClusterCloudProviderOpenstackCloudProviderMetadata {
/**
* (int)
*/
requestTimeout?: number;
/**
* (string)
*/
searchOrder?: string;
}
export interface ClusterCloudProviderOpenstackCloudProviderRoute {
/**
* (string)
*/
routerId?: string;
}
export interface ClusterCloudProviderVsphereCloudConfig {
/**
* (list maxitems:1)
*/
disk: outputs.ClusterCloudProviderVsphereCloudConfigDisk;
/**
* (list maxitems:1)
*/
global: outputs.ClusterCloudProviderVsphereCloudConfigGlobal;
/**
* RKE k8s cluster network configuration (list maxitems:1)
*/
network: outputs.ClusterCloudProviderVsphereCloudConfigNetwork;
/**
* (List)
*/
virtualCenters: outputs.ClusterCloudProviderVsphereCloudConfigVirtualCenter[];
/**
* (list maxitems:1)
*/
workspace: outputs.ClusterCloudProviderVsphereCloudConfigWorkspace;
}
export interface ClusterCloudProviderVsphereCloudConfigDisk {
/**
* (string)
*/
scsiControllerType?: string;
}
export interface ClusterCloudProviderVsphereCloudConfigGlobal {
/**
* (string)
*/
datacenter?: string;
/**
* (string)
*/
datacenters: string;
/**
* (string)
*/
datastore?: string;
/**
* (bool)
*/
insecureFlag?: boolean;
/**
* Registry password (string)
*/
password?: string;
/**
* Port used for SSH communication (string)
*/
port?: string;
/**
* (int)
*/
soapRoundtripCount?: number;
/**
* Registry user (string)
*/
user?: string;
/**
* (string)
*/
vmName?: string;
/**
* (string)
*/
vmUuid?: string;
/**
* (string)
*/
workingDir?: string;
}
export interface ClusterCloudProviderVsphereCloudConfigNetwork {
/**
* (string)
*/
publicNetwork?: string;
}
export interface ClusterCloudProviderVsphereCloudConfigVirtualCenter {
/**
* (string)
*/
datacenters: string;
/**
* Name of virtualcenter config for Vsphere Cloud Provider config (string)
*/
name: string;
/**
* Registry password (string)
*/
password: string;
/**
* Port used for SSH communication (string)
*/
port?: string;
/**
* (int)
*/
soapRoundtripCount?: number;
/**
* Registry user (string)
*/
user: string;
}
export interface ClusterCloudProviderVsphereCloudConfigWorkspace {
/**
* (string)
*/
datacenter: string;
/**
* (string)
*/
defaultDatastore?: string;
/**
* Folder for S3 service. Available from Rancher v2.2.7 (string)
*/
folder?: string;
/**
* (string)
*/
resourcepoolPath?: string;
/**
* (string)
*/
server: string;
}
export interface ClusterCloudProviderVsphereCloudProvider {
/**
* (list maxitems:1)
*/
disk: outputs.ClusterCloudProviderVsphereCloudProviderDisk;
/**
* (list maxitems:1)
*/
global: outputs.ClusterCloudProviderVsphereCloudProviderGlobal;
/**
* RKE k8s cluster network configuration (list maxitems:1)
*/
network: outputs.ClusterCloudProviderVsphereCloudProviderNetwork;
/**
* (List)
*/
virtualCenters: outputs.ClusterCloudProviderVsphereCloudProviderVirtualCenter[];
/**
* (list maxitems:1)
*/
workspace: outputs.ClusterCloudProviderVsphereCloudProviderWorkspace;
}
export interface ClusterCloudProviderVsphereCloudProviderDisk {
/**
* (string)
*/
scsiControllerType?: string;
}
export interface ClusterCloudProviderVsphereCloudProviderGlobal {
/**
* (string)
*/
datacenter?: string;
/**
* (string)
*/
datacenters: string;
/**
* (string)
*/
datastore?: string;
/**
* (bool)
*/
insecureFlag?: boolean;
/**
* Registry password (string)
*/
password?: string;
/**
* Port used for SSH communication (string)
*/
port?: string;
/**
* (int)
*/
soapRoundtripCount?: number;
/**
* Registry user (string)
*/
user?: string;
/**
* (string)
*/
vmName?: string;
/**
* (string)
*/
vmUuid?: string;
/**
* (string)
*/
workingDir?: string;
}
export interface ClusterCloudProviderVsphereCloudProviderNetwork {
/**
* (string)
*/
publicNetwork?: string;
}
export interface ClusterCloudProviderVsphereCloudProviderVirtualCenter {
/**
* (string)
*/
datacenters: string;
/**
* Name of virtualcenter config for Vsphere Cloud Provider config (string)
*/
name: string;
/**
* Registry password (string)
*/
password: string;
/**
* Port used for SSH communication (string)
*/
port?: string;
/**
* (int)
*/
soapRoundtripCount?: number;
/**
* Registry user (string)
*/
user: string;
}
export interface ClusterCloudProviderVsphereCloudProviderWorkspace {
/**
* (string)
*/
datacenter: string;
/**
* (string)
*/
defaultDatastore?: string;
/**
* Folder for S3 service. Available from Rancher v2.2.7 (string)
*/
folder?: string;
/**
* (string)
*/
resourcepoolPath?: string;
/**
* (string)
*/
server: string;
}
export interface ClusterControlPlaneHost {
/**
* Address ip for node (string)
*/
address: string;
/**
* Name of the host provisioned via docker machine (string)
*/
nodeName: string;
}
export interface ClusterDns {
/**
* NodeSelector key pair
*/
nodeSelector?: {
[key: string]: string;
};
/**
* Nodelocal dns
*/
nodelocal?: outputs.ClusterDnsNodelocal;
/**
* DNS provider
*/
provider?: string;
/**
* ReverseCIDRs
*/
reverseCidrs?: string[];
/**
* Upstream nameservers
*/
upstreamNameservers?: string[];
}
export interface ClusterDnsNodelocal {
/**
* Nodelocal dns ip address (string)
*/
ipAddress?: string;
/**
* Node selector key pair
*/
nodeSelector?: {
[key: string]: string;
};
}
export interface ClusterEtcdHost {
/**
* Address ip for node (string)
*/
address: string;
/**
* Name of the host provisioned via docker machine (string)
*/
nodeName: string;
}
export interface ClusterInactiveHost {
/**
* Address ip for node (string)
*/
address: string;
/**
* Name of the host provisioned via docker machine (string)
*/
nodeName: string;
}
export interface ClusterIngress {
/**
* Ingress Default Backend
*/
defaultBackend?: boolean;
/**
* Ingress controller dns policy
*/
dnsPolicy?: string;
/**
* Extra arguments for the ingress controller
*/
extraArgs?: {
[key: string]: string;
};
/**
* Ingress controller http port
*/
httpPort?: number;
/**
* Ingress controller https port
*/
httpsPort?: number;
/**
* Ingress controller network mode
*/
networkMode?: string;
/**
* Node selector key pair
*/
nodeSelector?: {
[key: string]: string;
};
/**
* Ingress controller options
*/
options?: {
[key: string]: string;
};
/**
* Ingress controller provider
*/
provider?: string;
}
export interface ClusterMonitoring {
/**
* Node selector key pair
*/
nodeSelector?: {
[key: string]: string;
};
/**
* Monitoring options
*/
options?: {
[key: string]: string;
};
/**
* Monitoring provider
*/
provider: string;
}
export interface ClusterNetwork {
/**
* Aci network provider config
*/
aciNetworkProvider?: outputs.ClusterNetworkAciNetworkProvider;
/**
* Calico network provider config
*/
calicoNetworkProvider?: outputs.ClusterNetworkCalicoNetworkProvider;
/**
* Canal network provider config
*/
canalNetworkProvider?: outputs.ClusterNetworkCanalNetworkProvider;
/**
* Flannel network provider config
*/
flannelNetworkProvider?: outputs.ClusterNetworkFlannelNetworkProvider;
/**
* Network provider MTU
*/
mtu?: number;
/**
* Network provider options
*/
options: {
[key: string]: string;
};
/**
* Network provider plugin
*/
plugin?: string;
/**
* Weave network provider config
*/
weaveNetworkProvider?: outputs.ClusterNetworkWeaveNetworkProvider;
}
export interface ClusterNetworkAciNetworkProvider {
/**
* Attachment entity profile name on aci (string)
*/
aep: string;
/**
* Ip address for apic hosts (list)
*/
apicHosts: string[];
/**
* Base64 encoded certificate for aci apic user (string)
*/
apicUserCrt: string;
/**
* Base64 encoded private key for aci apic user (string)
*/
apicUserKey: string;
/**
* User name for aci apic (string)
*/
apicUserName: string;
/**
* One of the supported encap types for aci(vlan/vxlan) (string)
*/
encapType: string;
/**
* Subnet to use for dynamic external IPs on aci (string)
* * `externStatic"` - (Required) Subnet to use for static external IPs on aci (string)
*/
externDynamic: string;
externStatic: string;
/**
* Vlan for infra network on aci (string)
*/
infraVlan: string;
/**
* Vlan for node network on aci (string)
*/
kubeApiVlan: string;
/**
* L3Out on aci (string)
*/
l3out: string;
/**
* L3out external networks on aci (list)
*/
l3outExternalNetworks: string[];
/**
* Mcast range end address for endpoint groups on aci (string)
*/
mcastRangeEnd: string;
/**
* Mcast range start address for endpoint groups on aci (string)
*/
mcastRangeStart: string;
/**
* Kubernetes node address subnet (string)
*/
nodeSubnet: string;
/**
* Subnet to use for service graph endpoints on aci (string)
*/
nodeSvcSubnet: string;
/**
* Vlan for service graph nodes on aci (string)
*/
serviceVlan: string;
/**
* Port end range for Source Network Address Translation on aci (string)
*/
snatPortRangeEnd?: string;
/**
* Port start range for Source Network Address Translation on aci (string)
*/
snatPortRangeStart?: string;
/**
* Ports per node for Source Network Address Translation on aci (string)
*/
snatPortsPerNode?: string;
/**
* Unique suffix for all cluster related objects in aci (string)
*/
systemId: string;
/**
* UUID for this version of the input configuration (string)
*/
token: string;
/**
* VRF Name on aci (string)
*/
vrfName: string;
/**
* Tenant for VRF on aci (string)
*/
vrfTenant: string;
}
export interface ClusterNetworkCalicoNetworkProvider {
/**
* RKE k8s cluster cloud provider configuration [rke-cloud-providers](https://rancher.com/docs/rke/latest/en/config-options/cloud-providers/) (list maxitems:1)
*/
cloudProvider: string;
}
export interface ClusterNetworkCanalNetworkProvider {
/**
* Flannel network interface (string)
*/
iface: string;
}
export interface ClusterNetworkFlannelNetworkProvider {
/**
* Flannel network interface (string)
*/
iface: string;
}
export interface ClusterNetworkWeaveNetworkProvider {
/**
* Registry password (string)
*/
password: string;
}
export interface ClusterNode {
/**
* IP or FQDN that is fully resolvable and used for SSH communication
*/
address: string;
/**
* Docker socket on the node that will be used in tunneling
*/
dockerSocket?: string;
/**
* Hostname override
*/
hostnameOverride?: string;
/**
* Internal address that will be used for components communication
*/
internalAddress?: string;
/**
* Node Labels
*/
labels?: {
[key: string]: string;
};
/**
* Name of the host provisioned via docker machine
*/
nodeName?: string;
/**
* Port used for SSH communication
*/
port?: string;
/**
* Node roles in k8s cluster [controlplane/worker/etcd])
*/
roles: string[];
/**
* Node role in kubernetes cluster [controlplane/worker/etcd], specified by a comma-separated string
*
* @deprecated Use role instead
*/
rolesDeprecated?: string;
/**
* SSH Agent Auth enable (bool)
*/
sshAgentAuth: boolean;
/**
* SSH Certificate
*/
sshCert?: string;
/**
* SSH Certificate Path (string)
*/
sshCertPath?: string;
/**
* SSH Private Key
*/
sshKey?: string;
/**
* SSH Private Key Path (string)
*/
sshKeyPath?: string;
/**
* Node taints
*/
taints?: outputs.ClusterNodeTaint[];
/**
* SSH user that will be used by RKE
*/
user: string;
}
export interface ClusterNodeTaint {
/**
* Taint effect. `NoExecute`, `NoSchedule` (default) and `PreferNoSchedule` are supported (string)
*/
effect?: string;
/**
* TLS key for etcd service (string)
*/
key: string;
/**
* Taint value (string)
*/
value: string;
}
export interface ClusterPrivateRegistry {
/**
* Set as default registry
*/
isDefault?: boolean;
/**
* Registry password
*/
password?: string;
/**
* Registry URL
*/
url: string;
/**
* Registry user
*/
user?: string;
}
export interface ClusterRestore {
/**
* RKE k8s cluster restore configuration (list maxitems:1)
*/
restore?: boolean;
/**
* Snapshot name
*/
snapshotName?: string;
}
export interface ClusterRotateCertificates {
/**
* Rotate CA Certificates
*/
caCertificates?: boolean;
/**
* RKE k8s cluster services (list maxitems:1)
*/
services?: string[];
}
export interface ClusterRunningSystemImage {
/**
* Docker image for aciCniDeployContainer (string)
*/
aciCniDeployContainer?: string;
/**
* Docker image for aciControllerContainer (string)
*/
aciControllerContainer?: string;
/**
* Docker image for aciHostContainer (string)
*/
aciHostContainer?: string;
/**
* Docker image for aciMcastContainer (string)
*/
aciMcastContainer?: string;
/**
* Docker image for aciOpflexContainer (string)
*/
aciOpflexContainer?: string;
/**
* Docker image for aciOvsContainer (string)
*/
aciOvsContainer?: string;
/**
* Docker image for alpine (string)
*/
alpine?: string;
/**
* Docker image for calicoCni (string)
*/
calicoCni?: string;
/**
* Docker image for calicoControllers (string)
*/
calicoControllers?: string;
/**
* Docker image for calicoCtl (string)
*/
calicoCtl?: string;
/**
* Docker image for calicoFlexVol (string)
*/
calicoFlexVol?: string;
/**
* Docker image for calicoNode (string)
*/
calicoNode?: string;
/**
* Docker image for canalCni (string)
*/
canalCni?: string;
/**
* Docker image for canalFlannel (string)
*/
canalFlannel?: string;
/**
* Docker image for canalFlexVol (string)
*/
canalFlexVol?: string;
/**
* Docker image for canalNode (string)
*/
canalNode?: string;
/**
* Docker image for certDownloader (string)
*/
certDownloader?: string;
/**
* Docker image for coredns (string)
*/
coredns?: string;
/**
* Docker image for corednsAutoscaler (string)
*/
corednsAutoscaler?: string;
/**
* Docker image for dnsmasq (string)
*/
dnsmasq?: string;
/**
* Docker image for etcd (string)
*/
etcd?: string;
/**
* Docker image for flannel (string)
*/
flannel?: string;
/**
* Docker image for flannelCni (string)
*/
flannelCni?: string;
/**
* RKE k8s cluster ingress controller configuration (list maxitems:1)
*/
ingress?: string;
/**
* Docker image for ingressBackend (string)
*/
ingressBackend?: string;
/**
* Docker image for kubeDns (string)
*/
kubeDns?: string;
/**
* Docker image for kubeDnsAutoscaler (string)
*/
kubeDnsAutoscaler?: string;
/**
* Docker image for kubeDnsSidecar (string)
*/
kubeDnsSidecar?: string;
/**
* Docker image for kubernetes (string)
*/
kubernetes?: string;
/**
* Docker image for kubernetesServicesSidecar (string)
*/
kubernetesServicesSidecar?: string;
/**
* Docker image for metricsServer (string)
*/
metricsServer?: string;
/**
* Docker image for nginxProxy (string)
*/
nginxProxy?: string;
/**
* Docker image for nodelocal (string)
*/
nodelocal?: string;
/**
* Docker image for podInfraContainer (string)
*/
podInfraContainer?: string;
/**
* Docker image for weaveCni (string)
*/
weaveCni?: string;
/**
* Docker image for weaveNode (string)
*/
weaveNode?: string;
/**
* Docker image for windowsPodInfraContainer (string)
*/
windowsPodInfraContainer?: string;
}
export interface ClusterServices {
/**
* Docker image for etcd (string)
*/
etcd: outputs.ClusterServicesEtcd;
/**
* Kube API options for RKE services (list maxitems:1)
*/
kubeApi: outputs.ClusterServicesKubeApi;
/**
* Kube Controller options for RKE services (list maxitems:1)
*/
kubeController: outputs.ClusterServicesKubeController;
/**
* Kubelet options for RKE services (list maxitems:1)
*/
kubelet: outputs.ClusterServicesKubelet;
/**
* Kubeproxy options for RKE services (list maxitems:1)
*/
kubeproxy: outputs.ClusterServicesKubeproxy;
/**
* Scheduler options for RKE services (list maxitems:1)
*/
scheduler: outputs.ClusterServicesScheduler;
}
export interface ClusterServicesEtcd {
/**
* Backup options for etcd service. For Rancher v2.2.x and above (list maxitems:1)
*/
backupConfig: outputs.ClusterServicesEtcdBackupConfig;
/**
* TLS CA certificate for etcd service (string)
*/
caCert: string;
/**
* TLS certificate for etcd service (string)
*/
cert: string;
/**
* Creation option for etcd service (string)
*/
creation: string;
/**
* External urls for etcd service (list)
*/
externalUrls: string[];
/**
* Extra arguments for scheduler service (map)
*/
extraArgs: {
[key: string]: string;
};
/**
* Extra binds for scheduler service (list)
*/
extraBinds: string[];
/**
* Extra environment for scheduler service (list)
*/
extraEnvs: string[];
/**
* Etcd service GID. Default: `0`. For Rancher v2.3.x and above (int)
*/
gid?: number;
/**
* Docker image for scheduler service (string)
*/
image: string;
/**
* TLS key for etcd service (string)
*/
key: string;
/**
* Audit log path. Default: `/var/log/kube-audit/audit-log.json` (string)
*/
path: string;
/**
* Retention for etcd backup. Default `6` (int)
*/
retention: string;
/**
* Snapshot option for etcd service. Default `true` (bool)
*/
snapshot?: boolean;
/**
* Etcd service UID. Default: `0`. For Rancher v2.3.x and above (int)
*/
uid?: number;
}
export interface ClusterServicesEtcdBackupConfig {
/**
* Enable secrets encryption (bool)
*/
enabled?: boolean;
/**
* Interval hours for etcd backup. Default `12` (int)
*/
intervalHours?: number;
/**
* Retention for etcd backup. Default `6` (int)
*/
retention?: number;
/**
* S3 config options for etcd backup (list maxitems:1)
*/
s3BackupConfig?: outputs.ClusterServicesEtcdBackupConfigS3BackupConfig;
/**
* Safe timestamp for etcd backup. Default: `false` (bool)
*/
safeTimestamp?: boolean;
/**
* RKE node drain timeout (int)
*/
timeout?: number;
}
export interface ClusterServicesEtcdBackupConfigS3BackupConfig {
/**
* Access key for S3 service (string)
*/
accessKey?: string;
/**
* Bucket name for S3 service (string)
*/
bucketName?: string;
/**
* Base64 encoded custom CA for S3 service. Use filebase64(<FILE>) for encoding file. Available from Rancher v2.2.5 (string)
*/
customCa?: string;
/**
* Endpoint for S3 service (string)
*/
endpoint?: string;
/**
* Folder for S3 service. Available from Rancher v2.2.7 (string)
*/
folder?: string;
/**
* Region for S3 service (string)
*/
region?: string;
/**
* Secret key for S3 service (string)
*/
secretKey?: string;
}
export interface ClusterServicesEtcdDeprecated {
/**
* Backup options for etcd service. For Rancher v2.2.x and above (list maxitems:1)
*/
backupConfig: outputs.ClusterServicesEtcdDeprecatedBackupConfig;
/**
* TLS CA certificate for etcd service (string)
*/
caCert: string;
/**
* TLS certificate for etcd service (string)
*/
cert: string;
/**
* Creation option for etcd service (string)
*/
creation: string;
/**
* External urls for etcd service (list)
*/
externalUrls: string[];
/**
* Extra arguments for scheduler service (map)
*/
extraArgs: {
[key: string]: string;
};
/**
* Extra binds for scheduler service (list)
*/
extraBinds: string[];
/**
* Extra environment for scheduler service (list)
*/
extraEnvs: string[];
/**
* Etcd service GID. Default: `0`. For Rancher v2.3.x and above (int)
*/
gid?: number;
/**
* Docker image for scheduler service (string)
*/
image: string;
/**
* TLS key for etcd service (string)
*/
key: string;
/**
* Audit log path. Default: `/var/log/kube-audit/audit-log.json` (string)
*/
path: string;
/**
* Retention for etcd backup. Default `6` (int)
*/
retention: string;
/**
* Snapshot option for etcd service. Default `true` (bool)
*/
snapshot?: boolean;
/**
* Etcd service UID. Default: `0`. For Rancher v2.3.x and above (int)
*/
uid?: number;
}
export interface ClusterServicesEtcdDeprecatedBackupConfig {
/**
* Enable secrets encryption (bool)
*/
enabled?: boolean;
/**
* Interval hours for etcd backup. Default `12` (int)
*/
intervalHours?: number;
/**
* Retention for etcd backup. Default `6` (int)
*/
retention?: number;
/**
* S3 config options for etcd backup (list maxitems:1)
*/
s3BackupConfig?: outputs.ClusterServicesEtcdDeprecatedBackupConfigS3BackupConfig;
/**
* Safe timestamp for etcd backup. Default: `false` (bool)
*/
safeTimestamp?: boolean;
/**
* RKE node drain timeout (int)
*/
timeout?: number;
}
export interface ClusterServicesEtcdDeprecatedBackupConfigS3BackupConfig {
/**
* Access key for S3 service (string)
*/
accessKey?: string;
/**
* Bucket name for S3 service (string)
*/
bucketName?: string;
/**
* Base64 encoded custom CA for S3 service. Use filebase64(<FILE>) for encoding file. Available from Rancher v2.2.5 (string)
*/
customCa?: string;
/**
* Endpoint for S3 service (string)
*/
endpoint?: string;
/**
* Folder for S3 service. Available from Rancher v2.2.7 (string)
*/
folder?: string;
/**
* Region for S3 service (string)
*/
region?: string;
/**
* Secret key for S3 service (string)
*/
secretKey?: string;
}
export interface ClusterServicesKubeApi {
/**
* Enable/Disable AlwaysPullImages admissions plugin
*/
alwaysPullImages: boolean;
/**
* K8s audit log configuration. (list maxitem: 1)
*/
auditLog: outputs.ClusterServicesKubeApiAuditLog;
/**
* K8s event rate limit configuration. (list maxitem: 1)
*/
eventRateLimit?: outputs.ClusterServicesKubeApiEventRateLimit;
/**
* Extra arguments that are added to the kube-api services
*/
extraArgs: {
[key: string]: string;
};
/**
* Extra binds added to the controlplane nodes
*/
extraBinds: string[];
/**
* Extra env added to the controlplane nodes
*/
extraEnvs: string[];
/**
* Docker image for scheduler service (string)
*/
image: string;
/**
* Built-in PodSecurityPolicy (privileged or restricted)
*/
podSecurityConfiguration: string;
/**
* Enabled/Disable PodSecurityPolicy
*/
podSecurityPolicy: boolean;
/**
* [Encrypt k8s secret data configration](https://rancher.com/docs/rke/latest/en/config-options/secrets-encryption/). (list maxitem: 1)
*/
secretsEncryptionConfig?: outputs.ClusterServicesKubeApiSecretsEncryptionConfig;
/**
* Virtual IP range that will be used by Kubernetes services
*/
serviceClusterIpRange: string;
/**
* Port range for services defined with NodePort type
*/
serviceNodePortRange: string;
}
export interface ClusterServicesKubeApiAuditLog {
/**
* Event rate limit yaml encoded configuration. `"apiVersion"` and `"kind":"Configuration"` fields are required in the yaml. Ex. `apiVersion: eventratelimit.admission.k8s.io/v1alpha1\nkind: Configuration\nlimits:\n- type: Server\n burst: 30000\n qps: 6000\n` [More info](https://rancher.com/docs/rke/latest/en/config-options/rate-limiting/) (string)
*/
configuration: outputs.ClusterServicesKubeApiAuditLogConfiguration;
/**
* Enable secrets encryption (bool)
*/
enabled: boolean;
}
export interface ClusterServicesKubeApiAuditLogConfiguration {
/**
* Audit log format (string)
*/
format: string;
/**
* Audit log max age (int)
*/
maxAge: number;
/**
* Audit log max backup. Default: `10` (int)
*/
maxBackup: number;
/**
* Audit log max size. Default: `100` (int)
*/
maxSize: number;
/**
* Audit log path. Default: `/var/log/kube-audit/audit-log.json` (string)
*/
path: string;
/**
* Audit policy json encoded definition. `"apiVersion"` and `"kind":"Policy","rules"` fields are required in the json. Ex. `jsonencode({"apiVersion":"audit.k8s.io/v1","kind":"Policy","rules":[{"level":"RequestResponse","resources":[{"group":"","resources":["pods"]}]}]})` [More info](https://rancher.com/docs/rke/latest/en/config-options/audit-log/) (string)
*/
policy: string;
}
export interface ClusterServicesKubeApiDeprecated {
/**
* Enable/Disable AlwaysPullImages admissions plugin
*/
alwaysPullImages: boolean;
/**
* K8s audit log configuration. (list maxitem: 1)
*/
auditLog: outputs.ClusterServicesKubeApiDeprecatedAuditLog;
/**
* K8s event rate limit configuration. (list maxitem: 1)
*/
eventRateLimit?: outputs.ClusterServicesKubeApiDeprecatedEventRateLimit;
/**
* Extra arguments that are added to the kube-api services
*/
extraArgs: {
[key: string]: string;
};
/**
* Extra binds adde