-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathcontentspec.yaml
113 lines (96 loc) · 5.4 KB
/
contentspec.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
version: 2.0
defaultLocaleCode: en-US
localeCodes:
- en-US
params:
additionalLinks:
- title: AWS Documentation Homepage
link: https://docs.aws.amazon.com
- title: Rancher Kubernetes Engine 2 (RKE2)
link: https://docs.rke2.io/
- title: Rancher Manager (MCM)
link: https://ranchermanager.docs.rancher.com/
- title: Longhorn (Storage)
link: https://docs.longhorn.io
- title: NeuVector (Security)
link: https://open-docs.neuvector.com
- title: Rancher Monitoring
link: https://ranchermanager.docs.rancher.com/pages-for-subheaders/monitoring-and-alerting
- title: Fleet (GitOps)
link: https://fleet.rancher.io
awsAccountConfig:
# A list of valid account sources that are compatible for this content.
# Only the following values are accepted:
# - `WorkshopStudio`: Accounts will be provisioned for the event by Workshop Studio.
# - `CustomerProvided`: Customer is responsible for using their own accounts.
# Note: An event can be configured to have a mix of values mentioned above.
accountSources:
- WorkshopStudio
- CustomerProvided
# List of valid IAM service linked roles that need to be provisioned for accounts provisioned for this event.
# Service linked roles will be automatically created by Workshop Studio when provisioning accounts.
# serviceLinkedRoles:
# - ec2.amazonaws.com
# The following configuration is specific to the ParticipantRole's scoped permissions.
# This role is assumed by Participants when accessing an account provisioned by Workshop Studio.
participantRole:
# List of paths to files containing valid IAM policies that are to be attached to the account's ParticipantRole.
# Paths need to be relative to the root of the content's repository and must be located in the `static/` directory.
# Note: At this moment, only IAM policies defined in JSON format are supported.
iamPolicies:
- static/iam-policy.json
# List of valid IAM managed policies to be attached to the account's ParticipantRole. Only AWS managed policies are supported at this moment (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies)
managedPolicies:
- "arn:aws:iam::aws:policy/SecretsManagerReadWrite"
- "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess"
- "arn:aws:iam::aws:policy/AmazonEC2FullAccess"
- "arn:aws:iam::aws:policy/IAMReadOnlyAccess"
- "arn:aws:iam::aws:policy/AWSCloud9Administrator"
# List of valid trusted principals to be referenced in the ParticipantRole's trust policy
trustedPrincipals:
# List of AWS service principals
service:
- secretsmanager.amazonaws.com
# If set to `true`, an EC2 KeyPair called `ws-default-keypair` will be created in the AWS Account and the private key material
# will be made available to the Participant via the Participant APIs and Participant interface.
ec2KeyPair: false
# Defines a set of accessible and deployable regions for events leveraging this content.
regionConfiguration:
# The minimum number of regions an event operator must choose. Valid range: 1 to 3
minAccessibleRegions: 1
# The maximum number of regions an event operator can choose. Valid range: 1 to 3
maxAccessibleRegions: 1
# [OPTIONAL] Regions defined under `accessibleRegions` are regions that can be made accessible to Participants.
# Note:
# - No resources will be deployed to these regions by Workshop Studio.
# - If deployableRegions are defined, the deployment region is accessible by participants without additional configuration.
accessibleRegions:
# Note: Although all keys below are optional, you must define at least one of the three keys if accessibleRegions is defined.
# [OPTIONAL] Set of regions an event's provisioned account must have access to.
required:
- us-east-1
# Set of regions where the configured CloudFormation templates will be deployed to.
# Note: Only 1 deployment region is supported currently.
deployableRegions:
# Note: Although all keys below are optional, you must define at least one of the three keys if deployableRegions is defined.
# [OPTIONAL] Set of regions an event's cloudformation templates should be deployed to.
# Note: Only 1 deployment regions is supported currently. Meaning no more than 1 region can be required.
required:
- us-east-1
infrastructure:
# A list of CloudFormation templates (CFTs) that are present in the content's repository.
# These CFTs will be used by Workshop Studio's provisioning process and will be deployed to AWS accounts.
# Note: The order of CFTs defined here will be the same order that Workshop Studio will deploy them to
# the AWS accounts. Make sure the CFTs are in the correct order if some depend on others.
cloudformationTemplates:
# The template's location relative to the root of the content's repo.
# Note: Templates must be located in the `static/` directory
- templateLocation: static/rke2-eks-cluster-workshop.yaml
# Friendly name for the corresponding cloudformation template.
label: RKE2 Kubernetes and Rancher Manager with EKS Cluster CloudFormation Template
participantAllStackOutputsVisible: true
parameters:
- templateParameter: AssetsBucketName
defaultValue: "{{.AssetsBucketName}}"
- templateParameter: AssetsBucketPrefix
defaultValue: "{{.AssetsBucketPrefix}}"