forked from aliyun/ros-templates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnew-vpc-ask.yml
203 lines (203 loc) · 4.79 KB
/
new-vpc-ask.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
ROSTemplateFormatVersion: '2015-09-01'
Description:
zh-cn: 创建Serverless Kubernetes集群,配置VPC、交换机、安全组,启用公网访问,自定义ASK集群版本及基础网络设置。
en: Create a Serverless Kubernetes cluster, configure VPC (Virtual Private Cloud),
switches, security groups, enable public network access, customize ASK (Amazon
Serverless Kubernetes) cluster version, and set up basic network configurations.
Parameters:
VSwitchZoneId:
Type: String
Label:
en: VSwitch Zone ID
zh-cn: 交换机可用区
Description:
en: Availability ID for existing switches
zh-cn: 现有交换机的可用区ID
AssociationProperty: ALIYUN::ECS::Instance::ZoneId
VpcCidrBlock:
Type: String
Label:
en: VPC CIDR Block
zh-cn: 专有网络网段
Description:
en: New proprietary network IP address segment range, recommended use of the
following IP address segments<br><font color='green'>[10.0.0.0/8]</font><br><font
color='green'>[172.16.0.0/12]</font><br><font color='green'>[192.168.0.0/16]</font>
zh-cn: 新建专有网络IP地址段范围,推荐使用以下的IP地址段<br><font color='green'>[10.0.0.0/8]</font><br><font
color='green'>[172.16.0.0/12]</font><br><font color='green'>[192.168.0.0/16]</font>
Default: 192.168.0.0/16
VSwitchCidrBlock:
Type: String
Label:
en: VSwitch CIDR Block
zh-cn: 交换机网段
Description:
en: Must be a sub-network segment of the proprietary network and is not occupied
by other VSwitches.
zh-cn: 必须是所属专有网络的子网段,并且没有被其他交换机占用。
Default: 192.168.0.0/24
KubernetesVersion:
Type: String
Label:
en: ASK Cluster Version
zh-cn: ASK集群版本
AssociationProperty: ALIYUN::CS::ServerlessKubernetesCluster::KubernetesVersion
Resources:
Vpc:
Type: ALIYUN::ECS::VPC
Properties:
CidrBlock:
Ref: VpcCidrBlock
VpcName:
Ref: ALIYUN::StackName
SecurityGroup:
Type: ALIYUN::ECS::SecurityGroup
Properties:
VpcId:
Ref: Vpc
SecurityGroupEgress:
- DestCidrIp: 0.0.0.0/0
IpProtocol: all
NicType: intranet
PortRange: -1/-1
Priority: 1
SecurityGroupName:
Ref: ALIYUN::StackName
VSwitch:
Type: ALIYUN::ECS::VSwitch
Properties:
ZoneId:
Ref: VSwitchZoneId
VpcId:
Ref: Vpc
CidrBlock:
Ref: VSwitchCidrBlock
VSwitchName:
Ref: ALIYUN::StackName
Cluster:
Type: ALIYUN::CS::ServerlessKubernetesCluster
Properties:
ZoneId:
Ref: VSwitchZoneId
VpcId:
Ref: Vpc
VSwitchIds:
- Ref: VSwitch
SecurityGroupId:
Ref: SecurityGroup
Addons:
- Config: '{"IngressSlbNetworkType":"intranet"}'
Name: nginx-ingress-controller
EndpointPublicAccess: true
KubernetesVersion:
Ref: KubernetesVersion
Name:
Ref: ALIYUN::StackName
NatGateway: false
ServiceCidr: 172.19.0.0/20
Outputs:
ClusterId:
Value:
Fn::GetAtt:
- Cluster
- ClusterId
TaskId:
Value:
Fn::GetAtt:
- Cluster
- TaskId
Metadata:
ALIYUN::ROS::Interface:
ParameterGroups:
- Parameters:
- VSwitchZoneId
- VpcCidrBlock
- VSwitchCidrBlock
Label:
default:
en: Basic Network Configuration
zh-cn: 基础网络配置
- Parameters:
- KubernetesVersion
Label:
default:
en: ASK Configuration
zh-cn: ASK配置
ALIYUN::ROS::Composer:
a14fd7b0:
Rect:
- 560
- 480
- 40
- 100
- 1
- 0
ResT: Composer::ROSParameter::AlibabaCloud
afd7b947:
Parent: a14fd7b0
Rect:
- 520
- 410
- 60
- 150
- 2
- 0
ResT: Composer::ROSParameter::Region
f10177d2:
Res:
- Vpc
Parent: afd7b947
Rect:
- 480
- 340
- 80
- 200
- 3
- 0
2234545d:
Res:
- VSwitchZoneId
Parent: f10177d2
Rect:
- 440
- 270
- 100
- 250
- 4
- 0
ResT: Composer::ROSParameter::Zone
354b1f55:
Res:
- VSwitch
Parent: 2234545d
Rect:
- 400
- 200
- 120
- 300
- 5
- 0
eb345cc0:
Res:
- SecurityGroup
Parent: f10177d2
Rect:
- 188
- 130
- 181
- 346
- 10
- 0
7048788b:
Res:
- Cluster
Parent: 354b1f55
Rect:
- 40
- 40
- 249
- 380
- 11
- 0
Layer:
- eb345cc0