1. Docs
  2. Reference
  3. Platform API
  4. Cluster app charts
  5. cluster-aws

Last modified November 27, 2024

cluster-aws chart reference

The cluster-aws chart templates all the AWS infrastructure resources that are necessary to create a Cluster API cluster.

Chart Configuration Reference

AWS settings

.global.providerSpecific.additionalResourceTags

Additional resource tags
object 
Additional tags to add to AWS resources created by the cluster.

.global.providerSpecific.additionalResourceTags.*

Tag value
string 

.global.providerSpecific.ami

Amazon machine image (AMI)
string 
If specified, this image will be used to provision EC2 instances.

.global.providerSpecific.awsClusterRoleIdentityName

Cluster role identity name
string 
Name of an AWSClusterRoleIdentity object. Learn more at https://docs.giantswarm.io/getting-started/cloud-provider-accounts/cluster-api/aws/#configure-the-awsclusterroleidentity .

.global.providerSpecific.flatcarAwsAccount

AWS account owning Flatcar image
string 
AWS account ID owning the Flatcar Container Linux AMI.

.global.providerSpecific.region

Region
string 

Apps

Configuration of apps that are part of the cluster.

.global.apps.awsCloudControllerManager

App
object 
Configuration of an default app that is part of the cluster.

.global.apps.awsCloudControllerManager.extraConfigs

Extra config maps or secrets
array 
Extra config maps or secrets that will be used to customize to the app. The desired values must be under configmap or secret key 'values'. The values are merged in the order given, with the later values overwriting earlier, and then inline values overwriting those. Resources must be in the same namespace as the cluster.

.global.apps.awsCloudControllerManager.extraConfigs[*]

Config map or secret
object 

.global.apps.awsCloudControllerManager.extraConfigs[*].kind

Kind
string 
Specifies whether the resource is a config map or a secret.

.global.apps.awsCloudControllerManager.extraConfigs[*].name

Name
string 
Name of the config map or secret. The object must exist in the same namespace as the cluster App.

.global.apps.awsCloudControllerManager.extraConfigs[*].optional

Optional
boolean 
Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.

.global.apps.awsCloudControllerManager.values

Values
object 
Values to be passed to the app. Values will have higher priority than values from configmaps.

.global.apps.awsEbsCsiDriver

App
object 
Configuration of an default app that is part of the cluster.

.global.apps.awsEbsCsiDriver.extraConfigs

Extra config maps or secrets
array 
Extra config maps or secrets that will be used to customize to the app. The desired values must be under configmap or secret key 'values'. The values are merged in the order given, with the later values overwriting earlier, and then inline values overwriting those. Resources must be in the same namespace as the cluster.

.global.apps.awsEbsCsiDriver.extraConfigs[*]

Config map or secret
object 

.global.apps.awsEbsCsiDriver.extraConfigs[*].kind

Kind
string 
Specifies whether the resource is a config map or a secret.

.global.apps.awsEbsCsiDriver.extraConfigs[*].name

Name
string 
Name of the config map or secret. The object must exist in the same namespace as the cluster App.

.global.apps.awsEbsCsiDriver.extraConfigs[*].optional

Optional
boolean 
Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.

.global.apps.awsEbsCsiDriver.values

Values
object 
Values to be passed to the app. Values will have higher priority than values from configmaps.

.global.apps.cilium

App
object 
Configuration of an default app that is part of the cluster.

.global.apps.cilium.extraConfigs

Extra config maps or secrets
array 
Extra config maps or secrets that will be used to customize to the app. The desired values must be under configmap or secret key 'values'. The values are merged in the order given, with the later values overwriting earlier, and then inline values overwriting those. Resources must be in the same namespace as the cluster.

.global.apps.cilium.extraConfigs[*]

Config map or secret
object 

.global.apps.cilium.extraConfigs[*].kind

Kind
string 
Specifies whether the resource is a config map or a secret.

.global.apps.cilium.extraConfigs[*].name

Name
string 
Name of the config map or secret. The object must exist in the same namespace as the cluster App.

.global.apps.cilium.extraConfigs[*].optional

Optional
boolean 
Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.

.global.apps.cilium.values

Values
object 
Values to be passed to the app. Values will have higher priority than values from configmaps.

.global.apps.coreDns

App
object 
Configuration of an default app that is part of the cluster.

.global.apps.coreDns.extraConfigs

Extra config maps or secrets
array 
Extra config maps or secrets that will be used to customize to the app. The desired values must be under configmap or secret key 'values'. The values are merged in the order given, with the later values overwriting earlier, and then inline values overwriting those. Resources must be in the same namespace as the cluster.

.global.apps.coreDns.extraConfigs[*]

Config map or secret
object 

.global.apps.coreDns.extraConfigs[*].kind

Kind
string 
Specifies whether the resource is a config map or a secret.

.global.apps.coreDns.extraConfigs[*].name

Name
string 
Name of the config map or secret. The object must exist in the same namespace as the cluster App.

.global.apps.coreDns.extraConfigs[*].optional

Optional
boolean 
Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.

.global.apps.coreDns.values

Values
object 
Values to be passed to the app. Values will have higher priority than values from configmaps.

.global.apps.verticalPodAutoscalerCrd

App
object 
Configuration of an default app that is part of the cluster.

.global.apps.verticalPodAutoscalerCrd.extraConfigs

Extra config maps or secrets
array 
Extra config maps or secrets that will be used to customize to the app. The desired values must be under configmap or secret key 'values'. The values are merged in the order given, with the later values overwriting earlier, and then inline values overwriting those. Resources must be in the same namespace as the cluster.

.global.apps.verticalPodAutoscalerCrd.extraConfigs[*]

Config map or secret
object 

.global.apps.verticalPodAutoscalerCrd.extraConfigs[*].kind

Kind
string 
Specifies whether the resource is a config map or a secret.

.global.apps.verticalPodAutoscalerCrd.extraConfigs[*].name

Name
string 
Name of the config map or secret. The object must exist in the same namespace as the cluster App.

.global.apps.verticalPodAutoscalerCrd.extraConfigs[*].optional

Optional
boolean 
Optional marks this ValuesReference as optional. When set, a not found error for the values reference is ignored, but any ValuesKey, TargetPath or transient error will still result in a reconciliation failure.

.global.apps.verticalPodAutoscalerCrd.values

Values
object 
Values to be passed to the app. Values will have higher priority than values from configmaps.

Components

Advanced configuration of components that are running on all nodes.

.global.components.containerd

Containerd
object 
Configuration of containerd.

.global.components.containerd.containerRegistries

Container registries
object 
Endpoints and credentials configuration for container registries.

.global.components.containerd.containerRegistries.*

Registries
array 
Container registries and mirrors

.global.components.containerd.containerRegistries.*[*]

Registry
object 

.global.components.containerd.containerRegistries.*[*].credentials

Credentials
object 

.global.components.containerd.containerRegistries.*[*].credentials.auth

Auth
string 
Base64-encoded string from the concatenation of the username, a colon, and the password.

.global.components.containerd.containerRegistries.*[*].credentials.identitytoken

Identity token
string 
Used to authenticate the user and obtain an access token for the registry.

.global.components.containerd.containerRegistries.*[*].credentials.password

Password
string 
Used to authenticate for the registry with username/password.

.global.components.containerd.containerRegistries.*[*].credentials.username

Username
string 
Used to authenticate for the registry with username/password.

.global.components.containerd.containerRegistries.*[*].endpoint

Endpoint
string 
Endpoint for the container registry.

Connectivity

.global.connectivity.availabilityZoneUsageLimit

Availability zones
integer 
Maximum number of availability zones (AZ) that should be used in a region. If a region has more than this number of AZs then this number of AZs will be picked randomly when creating subnets.

.global.connectivity.baseDomain

Base DNS domain
string 

.global.connectivity.dns

DNS
object 

.global.connectivity.dns.resolverRulesOwnerAccount

Resolver rules owner
string 
ID of the AWS account that created the resolver rules to be associated with the workload cluster VPC.

.global.connectivity.network

Network
object 

.global.connectivity.network.internetGatewayId

Internet Gateway ID
string 
ID of the Internet gateway for the VPC.

.global.connectivity.network.pods

Pods
object 

.global.connectivity.network.pods.cidrBlocks

Pod subnets
array 

.global.connectivity.network.pods.cidrBlocks[*]

Pod subnet
string 
IPv4 address range for pods, in CIDR notation.

.global.connectivity.network.services

Services
object 

.global.connectivity.network.services.cidrBlocks

K8s Service subnets
array 

.global.connectivity.network.services.cidrBlocks[*]

Service subnet
string 
IPv4 address range for kubernetes services, in CIDR notation.

.global.connectivity.network.vpcCidr

VPC subnet
string 
IPv4 address range to assign to this cluster's VPC, in CIDR notation.

.global.connectivity.network.vpcId

VPC id
string 
ID of the VPC, where the cluster will be deployed. The VPC must exist and it case this is set, VPC wont be created by controllers.

.global.connectivity.proxy

Proxy
object 
Whether/how outgoing traffic is routed through proxy servers.

.global.connectivity.proxy.enabled

Enable
boolean 

.global.connectivity.proxy.httpProxy

HTTP proxy
string 
To be passed to the HTTP_PROXY environment variable in all hosts.

.global.connectivity.proxy.httpsProxy

HTTPS proxy
string 
To be passed to the HTTPS_PROXY environment variable in all hosts.

.global.connectivity.proxy.noProxy

No proxy
string 
To be passed to the NO_PROXY environment variable in all hosts.

.global.connectivity.subnets

Subnets
array 
Subnets are created and tagged based on this definition.

.global.connectivity.subnets[*]

Subnet
object 

.global.connectivity.subnets[*].cidrBlocks

Network
array 

.global.connectivity.subnets[*].cidrBlocks[*]

object 

.global.connectivity.subnets[*].cidrBlocks[*].availabilityZone

Availability zone
string 

.global.connectivity.subnets[*].cidrBlocks[*].cidr

Address range
string 
IPv4 address range, in CIDR notation.

.global.connectivity.subnets[*].cidrBlocks[*].tags

Tags
object 
AWS resource tags to assign to this subnet.

.global.connectivity.subnets[*].cidrBlocks[*].tags.*

Tag value
string 

.global.connectivity.subnets[*].id

ID of the subnet
string 
ID of an existing subnet. When set, this subnet will be used instead of creating a new one.

.global.connectivity.subnets[*].isPublic

Public
boolean 

.global.connectivity.subnets[*].natGatewayId

ID of the NAT Gateway
string 
ID of the NAT Gateway used for this existing subnet.

.global.connectivity.subnets[*].routeTableId

ID of route table
string 
ID of the route table, assigned to the existing subnet. Must be provided when defining subnet via ID.

.global.connectivity.subnets[*].tags

Tags
object 
AWS resource tags to assign to this CIDR block.

.global.connectivity.subnets[*].tags.*

Tag value
string 

.global.connectivity.topology

Topology
object 
Networking architecture between management cluster and workload cluster.

.global.connectivity.topology.mode

Mode
string 
Valid values: GiantSwarmManaged, UserManaged, None.

.global.connectivity.topology.prefixListId

Prefix list ID
string 
ID of the managed prefix list to use when the topology mode is set to 'UserManaged'.

.global.connectivity.topology.transitGatewayId

Transit gateway ID
string 
If the topology mode is set to 'UserManaged', this can be used to specify the transit gateway to use.

.global.connectivity.vpcEndpointMode

VPC endpoint mode
string 
Who is reponsible for creation and management of VPC endpoints.

.global.connectivity.vpcMode

VPC mode
string 
Whether the cluser's VPC is created with public, internet facing resources (public subnets, NAT gateway) or not (private).

Control plane

.global.controlPlane.additionalSecurityGroups

Control Plane additional security groups
array 
Additional security groups that will be added to the control plane nodes.

.global.controlPlane.additionalSecurityGroups[*]

Security group
object 

.global.controlPlane.additionalSecurityGroups[*].id

Id of the security group
string 
ID of the security group that will be added to the control plane nodes. The security group must exist.

.global.controlPlane.apiExtraArgs

API extra arguments
object 
Extra arguments passed to the kubernetes API server.

.global.controlPlane.apiExtraArgs.PATTERN

argument
string 

.global.controlPlane.apiExtraCertSANs

API extra cert SANs
array 
Extra certs SANs passed to the kubeadmcontrolplane CR.

.global.controlPlane.apiExtraCertSANs[*]

cert SAN
string 

.global.controlPlane.apiMode

API mode
string 
Whether the Kubernetes API server load balancer should be reachable from the internet (public) or internal only (private).

.global.controlPlane.apiServerPort

API server port
integer 
The API server Load Balancer port. This option sets the Spec.ClusterNetwork.APIServerPort field on the Cluster CR. In CAPI this field isn't used currently. It is instead used in providers. In CAPA this sets only the public facing port of the Load Balancer. In CAPZ both the public facing and the destination port are set to this value. CAPV and CAPVCD do not use it.

.global.controlPlane.containerdVolumeSizeGB

Containerd volume size (GB)
integer 

.global.controlPlane.etcdVolumeSizeGB

Etcd volume size (GB)
integer 

.global.controlPlane.instanceType

EC2 instance type
string 

.global.controlPlane.kubeletVolumeSizeGB

Kubelet volume size (GB)
integer 

.global.controlPlane.loadBalancerIngressAllowCidrBlocks

Load balancer allow list
array 
IPv4 address ranges that are allowed to connect to the control plane load balancer, in CIDR notation. When setting this field, remember to add the Management cluster Nat Gateway IPs provided by Giant Swarm so that the cluster can still be managed. These Nat Gateway IPs can be found in the Management Cluster AWSCluster '.status.networkStatus.natGatewaysIPs' field.

.global.controlPlane.loadBalancerIngressAllowCidrBlocks[*]

Address range
string 

.global.controlPlane.machineHealthCheck

Machine health check
object 

.global.controlPlane.machineHealthCheck.enabled

Enable
boolean 

.global.controlPlane.machineHealthCheck.maxUnhealthy

Maximum unhealthy nodes
string 

.global.controlPlane.machineHealthCheck.nodeStartupTimeout

Node startup timeout
string 
Determines how long a machine health check should wait for a node to join the cluster, before considering a machine unhealthy.

.global.controlPlane.machineHealthCheck.unhealthyNotReadyTimeout

Timeout for ready
string 
If a node is not in condition 'Ready' after this timeout, it will be considered unhealthy.

.global.controlPlane.machineHealthCheck.unhealthyUnknownTimeout

Timeout for unknown condition
string 
If a node is in 'Unknown' condition after this timeout, it will be considered unhealthy.

.global.controlPlane.oidc

OIDC authentication
object 

.global.controlPlane.oidc.caPem

Certificate authority
string 
Identity provider's CA certificate in PEM format.

.global.controlPlane.oidc.clientId

Client ID
string 

.global.controlPlane.oidc.groupsClaim

Groups claim
string 

.global.controlPlane.oidc.issuerUrl

Issuer URL
string 
Exact issuer URL that will be included in identity tokens.

.global.controlPlane.oidc.usernameClaim

Username claim
string 

.global.controlPlane.rootVolumeSizeGB

Root volume size (GB)
integer 

.global.controlPlane.subnetTags

Subnet tags
array 
Tags to select AWS resources for the control plane by.

.global.controlPlane.subnetTags[*]

Subnet tag
object 

.global.controlPlane.subnetTags[*].*

Tag value
string 

Internal

For Giant Swarm internal use only, not stable, or not supported by UIs.

.internal.cgroupsv1

CGroups v1
boolean 
Force use of CGroups v1 for whole cluster.

.internal.hashSalt

Hash salt
string 
If specified, this token is used as a salt to the hash suffix of some resource names. Can be used to force-recreate some resources.

.internal.kubernetesVersion

Kubernetes version
string 

.internal.migration

Migration values
object 
Section used for migration of cluster from vintage to CAPI

.internal.migration.apiBindPort

Kubernetes API bind port
integer 
Kubernetes API bind port used for kube api pod

.internal.migration.controlPlaneExtraFiles

Control Plane extra files
array 
Additional fiels that will be provisioned to control-plane nodes, reference is from secret in the same namespace.

.internal.migration.controlPlaneExtraFiles[*]

file
object 

.internal.migration.controlPlaneExtraFiles[*].contentFrom

content from
object 

.internal.migration.controlPlaneExtraFiles[*].contentFrom.secret

secret
object 

.internal.migration.controlPlaneExtraFiles[*].contentFrom.secret.key

secret key for file content
string 

.internal.migration.controlPlaneExtraFiles[*].contentFrom.secret.name

secret name for file content
string 

.internal.migration.controlPlaneExtraFiles[*].path

file path
string 

.internal.migration.controlPlaneExtraFiles[*].permissions

file permissions in form 0644
string 

.internal.migration.controlPlanePostKubeadmCommands

Control Plane Post Kubeadm Commands
array 
Additional Post-Kubeadm Commands executed on the control plane node.

.internal.migration.controlPlanePostKubeadmCommands[*]

command
string 

.internal.migration.controlPlanePreKubeadmCommands

Control Plane Pre Kubeadm Commands
array 
Additional Pre-Kubeadm Commands executed on the control plane node.

.internal.migration.controlPlanePreKubeadmCommands[*]

command
string 

.internal.migration.etcdExtraArgs

Etcd extra arguments
object 

.internal.migration.etcdExtraArgs.PATTERN

argument
string 

.internal.migration.irsaAdditionalDomain

IRSA additional domain
string 
Additional domain to be added to IRSA trust relationship.

.internal.nodePools

Default node pool
object 

.internal.nodePools.PATTERN

Node pool
object 

.internal.nodePools.PATTERN.additionalSecurityGroups

Machine pool additional security groups
array 
Additional security groups that will be added to the machine pool nodes.

.internal.nodePools.PATTERN.additionalSecurityGroups[*]

security group
object 

.internal.nodePools.PATTERN.additionalSecurityGroups[*].id

Id of the security group
string 
ID of the security group that will be added to the machine pool nodes. The security group must exist.

.internal.nodePools.PATTERN.availabilityZones

Availability zones
array 

.internal.nodePools.PATTERN.availabilityZones[*]

Availability zone
string 

.internal.nodePools.PATTERN.customNodeLabels

Custom node labels
array 

.internal.nodePools.PATTERN.customNodeLabels[*]

Label
string 

.internal.nodePools.PATTERN.customNodeTaints

Custom node taints
array 

.internal.nodePools.PATTERN.customNodeTaints[*]

object 

.internal.nodePools.PATTERN.customNodeTaints[*].effect

Effect
string 

.internal.nodePools.PATTERN.customNodeTaints[*].key

Key
string 

.internal.nodePools.PATTERN.customNodeTaints[*].value

Value
string 

.internal.nodePools.PATTERN.instanceType

EC2 instance type
string 

.internal.nodePools.PATTERN.instanceTypeOverrides

Instance type overrides
array 
Ordered list of instance types to be used for the machine pool. The first instance type that is available in the region will be used. Read more in our docs https://docs.giantswarm.io/advanced/cluster-management/node-pools-capi/

.internal.nodePools.PATTERN.instanceTypeOverrides[*]

EC2 instance type
string 

.internal.nodePools.PATTERN.maxSize

Maximum number of nodes
integer 

.internal.nodePools.PATTERN.minSize

Minimum number of nodes
integer 

.internal.nodePools.PATTERN.rootVolumeSizeGB

Root volume size (GB)
integer 

.internal.nodePools.PATTERN.spotInstances

Spot instances
object 
Compared to on-demand instances, spot instances can help you save cost.

.internal.nodePools.PATTERN.spotInstances.enabled

Enable
boolean 

.internal.nodePools.PATTERN.spotInstances.maxPrice

Maximum price to pay per instance per hour, in USD.
number 

.internal.nodePools.PATTERN.subnetTags

Subnet tags
array 
Tags to filter which AWS subnets will be used for this node pool.

.internal.nodePools.PATTERN.subnetTags[*]

Subnet tag
object 

.internal.nodePools.PATTERN.subnetTags[*].*

Tag value
string 

.internal.sandboxContainerImage

Sandbox image
object 
The image used by sandbox / pause container

.internal.sandboxContainerImage.name

Repository
string 

.internal.sandboxContainerImage.registry

Registry
string 

.internal.sandboxContainerImage.tag

Tag
string 

.internal.teleport

Teleport
object 

.internal.teleport.enabled

Enable teleport
boolean 

.internal.teleport.proxyAddr

Teleport proxy address
string 

.internal.teleport.version

Teleport version
string 

Kubectl image

.kubectlImage.name

Repository
string 

.kubectlImage.registry

Registry
string 

.kubectlImage.tag

Tag
string 

Metadata

.global.metadata.description

Cluster description
string 
User-friendly description of the cluster's purpose.

.global.metadata.name

Cluster name
string 
Unique identifier, cannot be changed after creation.

.global.metadata.organization

Organization
string 

.global.metadata.preventDeletion

Prevent cluster deletion
boolean 

.global.metadata.servicePriority

Service priority
string 
The relative importance of this cluster.

Node pools

Node pools of the cluster. If not specified, this defaults to the value of `internal.nodePools`.

.global.nodePools.PATTERN

Node pool
object 

.global.nodePools.PATTERN.additionalSecurityGroups

Machine pool additional security groups
array 
Additional security groups that will be added to the machine pool nodes.

.global.nodePools.PATTERN.additionalSecurityGroups[*]

security group
object 

.global.nodePools.PATTERN.additionalSecurityGroups[*].id

Id of the security group
string 
ID of the security group that will be added to the machine pool nodes. The security group must exist.

.global.nodePools.PATTERN.availabilityZones

Availability zones
array 

.global.nodePools.PATTERN.availabilityZones[*]

Availability zone
string 

.global.nodePools.PATTERN.customNodeLabels

Custom node labels
array 

.global.nodePools.PATTERN.customNodeLabels[*]

Label
string 

.global.nodePools.PATTERN.customNodeTaints

Custom node taints
array 

.global.nodePools.PATTERN.customNodeTaints[*]

object 

.global.nodePools.PATTERN.customNodeTaints[*].effect

Effect
string 

.global.nodePools.PATTERN.customNodeTaints[*].key

Key
string 

.global.nodePools.PATTERN.customNodeTaints[*].value

Value
string 

.global.nodePools.PATTERN.instanceType

EC2 instance type
string 

.global.nodePools.PATTERN.instanceTypeOverrides

Instance type overrides
array 
Ordered list of instance types to be used for the machine pool. The first instance type that is available in the region will be used. Read more in our docs https://docs.giantswarm.io/advanced/cluster-management/node-pools-capi/

.global.nodePools.PATTERN.instanceTypeOverrides[*]

EC2 instance type
string 

.global.nodePools.PATTERN.maxSize

Maximum number of nodes
integer 

.global.nodePools.PATTERN.minSize

Minimum number of nodes
integer 

.global.nodePools.PATTERN.rootVolumeSizeGB

Root volume size (GB)
integer 

.global.nodePools.PATTERN.spotInstances

Spot instances
object 
Compared to on-demand instances, spot instances can help you save cost.

.global.nodePools.PATTERN.spotInstances.enabled

Enable
boolean 

.global.nodePools.PATTERN.spotInstances.maxPrice

Maximum price to pay per instance per hour, in USD.
number 

.global.nodePools.PATTERN.subnetTags

Subnet tags
array 
Tags to filter which AWS subnets will be used for this node pool.

.global.nodePools.PATTERN.subnetTags[*]

Subnet tag
object 

.global.nodePools.PATTERN.subnetTags[*].*

Tag value
string 

Other global

.global.managementCluster

Management cluster
string 
Name of the Cluster API cluster managing this workload cluster.

Pod Security Standards

.global.podSecurityStandards.enforced

Enforced
boolean 

Other

.baseDomain

Base DNS domain
string 

.cluster

Cluster
object 
Helm values for the provider-independent cluster chart

.cluster-shared

Library chart
object 

.managementCluster

Management cluster
string 
Name of the Cluster API cluster managing this workload cluster.

.provider

Cluster API provider name
string 

Further reading

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.