Capability
eks.services.k8s.aws/v1alpha1
| Type | Link |
|---|---|
| GoDoc | eks-controller/apis/v1alpha1#Capability |
Metadata
| Property | Value |
|---|---|
| Scope | Namespaced |
| Kind | Capability |
| ListKind | CapabilityList |
| Plural | capabilities |
| Singular | capability |
An object representing a managed capability in an Amazon EKS cluster. This includes all configuration, status, and health information for the capability.
Spec
clusterName: string
configuration:
argoCD:
awsIDC:
idcInstanceARN: string
idcRegion: string
namespace: string
networkAccess:
vpceIDs:
- string
rbacRoleMappings:
identities:
- id: string
type: string
role: string
deletePropagationPolicy: string
name: string
roleARN: string
roleRef:
from:
name: string
namespace: string
tags: {}
type: string
| Field | Description |
|---|---|
| clusterName Required | string The name of the Amazon EKS cluster where you want to create the capability. |
| configuration Optional | object The configuration settings for the capability. The structure of this object varies depending on the capability type. For Argo CD capabilities, you can configure IAM Identity CenterIAM; Identity Center integration, RBAC role mappings, and network access settings. |
| configuration.argoCD Optional | object Configuration settings for an Argo CD capability. This includes the Kubernetes namespace, IAM Identity CenterIAM; Identity Center integration, RBAC role mappings, and network access configuration. |
| configuration.argoCD.awsIDC Optional | object Configuration for integrating Argo CD with IAM Identity CenterIAM; Identity Center. This allows you to use your organization’s identity provider for authentication to Argo CD. |
| configuration.argoCD.awsIDC.idcInstanceARN Optional | string |
| configuration.argoCD.awsIDC.idcRegion Optional | string |
| configuration.argoCD.namespace Optional | string |
| configuration.argoCD.networkAccess Optional | object Configuration for network access to the Argo CD capability’s managed API server endpoint. When VPC endpoint IDs are specified, public access is blocked and the Argo CD server is only accessible through the specified VPC endpoints. |
| configuration.argoCD.networkAccess.vpceIDs Optional | array |
| configuration.argoCD.networkAccess.vpceIDs.[] Required | string |
| configuration.argoCD.rbacRoleMappings.[] Required | object A mapping between an Argo CD role and IAM Identity CenterIAM; Identity Center |
| identities. This defines which users or groups have specific permissions | |
| in Argo CD. | |
| configuration.argoCD.rbacRoleMappings.[].identities.[] Required | object An IAM Identity CenterIAM; Identity Center identity (user or group) that |
| can be assigned permissions in a capability. | |
| configuration.argoCD.rbacRoleMappings.[].identities.[].type Optional | string |
| configuration.argoCD.rbacRoleMappings.[].role Optional | string |
| deletePropagationPolicy Required | string Specifies how Kubernetes resources managed by the capability should be handled when the capability is deleted. Currently, the only supported value is RETAIN which retains all Kubernetes resources managed by the capability when the capability is deleted. Because resources are retained, all Kubernetes resources created by the capability should be deleted from the cluster before deleting the capability itself. After the capability is deleted, these resources become difficult to manage because the controller is no longer available. |
| name Required | string A unique name for the capability. The name must be unique within your cluster and can contain alphanumeric characters, hyphens, and underscores. |
| roleARN Optional | string The Amazon Resource Name (ARN) of the IAM role that the capability uses to interact with Amazon Web Services services. This role must have a trust policy that allows the EKS service principal to assume it, and it must have the necessary permissions for the capability type you’re creating. For ACK capabilities, the role needs permissions to manage the resources you want to control through Kubernetes. For Argo CD capabilities, the role needs permissions to access Git repositories and Secrets Manager. For KRO capabilities, the role needs permissions based on the resources you’ll be orchestrating. |
| roleRef Optional | object AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference type to provide more user friendly syntax for references using ‘from’ field Ex: APIIDRef: from: name: my-api |
| roleRef.from Optional | object AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name) |
| roleRef.from.name Optional | string |
| roleRef.from.namespace Optional | string |
| tags Optional | object |
| type Required | string The type of capability to create. Valid values are: * ACK – Amazon Web Services Controllers for Kubernetes (ACK), which lets you manage resources directly from Kubernetes. * ARGOCD – Argo CD for GitOps-based continuous delivery. * KRO – Kube Resource Orchestrator (KRO) for composing and managing custom Kubernetes resources. |
Status
ackResourceMetadata:
arn: string
ownerAccountID: string
partition: string
region: string
conditions:
- lastTransitionTime: string
message: string
reason: string
status: string
type: string
createdAt: string
health:
issues:
- code: string
message: string
modifiedAt: string
status: string
version: string
| Field | Description |
|---|---|
| ackResourceMetadata Optional | object All CRs managed by ACK have a common Status.ACKResourceMetadata memberthat is used to contain resource sync state, account ownership, constructed ARN for the resource |
| ackResourceMetadata.arn Optional | string ARN is the Amazon Resource Name for the resource. This is a globally-unique identifier and is set only by the ACK service controller once the controller has orchestrated the creation of the resource OR when it has verified that an “adopted” resource (a resource where the ARN annotation was set by the Kubernetes user on the CR) exists and matches the supplied CR’s Spec field values. https://github.com/aws/aws-controllers-k8s/issues/270 |
| ackResourceMetadata.ownerAccountID Required | string OwnerAccountID is the AWS Account ID of the account that owns the backend AWS service API resource. |
| ackResourceMetadata.partition Optional | string Partition is the AWS partition in which the resource exists or will exist |
| ackResourceMetadata.region Required | string Region is the AWS region in which the resource exists or will exist. |
| conditions Optional | array All CRs managed by ACK have a common Status.Conditions member thatcontains a collection of ackv1alpha1.Condition objects that describethe various terminal states of the CR and its backend AWS service API resource |
| conditions.[] Required | object Condition is the common struct used by all CRDs managed by ACK service |
| controllers to indicate terminal states of the CR and its backend AWS | |
| service API resource | |
| conditions.[].message Optional | string A human readable message indicating details about the transition. |
| conditions.[].reason Optional | string The reason for the condition’s last transition. |
| conditions.[].status Optional | string Status of the condition, one of True, False, Unknown. |
| conditions.[].type Optional | string Type is the type of the Condition |
| createdAt Optional | string The Unix epoch timestamp in seconds for when the capability was created. |
| health Optional | object Health information for the capability, including any issues that may be affecting its operation. |
| health.issues Optional | array |
| health.issues.[] Required | object An issue affecting a capability’s health or operation. |
| health.issues.[].message Optional | string |
| modifiedAt Optional | string The Unix epoch timestamp in seconds for when the capability was last modified. |
| status Optional | string The current status of the capability. Valid values include: * CREATING – The capability is being created. * ACTIVE – The capability is running and available. * UPDATING – The capability is being updated. * DELETING – The capability is being deleted. * CREATE_FAILED – The capability creation failed. * UPDATE_FAILED – The capability update failed. * DELETE_FAILED – The capability deletion failed. |
| version Optional | string The version of the capability software that is currently running. |