Add manifests for EBS EKS addon and fix minor fixes in labels
Change-Id: I0a8c80f278d6a04ae8e6416d507dfb4e417fecdf
Signed-off-by: Utkarsh <utkarshmishra@tataelxsi.co.in>
Signed-off-by: garciadeblas <gerardo.garciadeblas@telefonica.com>
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/addons/ebs-csi-addon.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/addons/ebs-csi-addon.yaml
new file mode 100644
index 0000000..b3a0275
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/addons/ebs-csi-addon.yaml
@@ -0,0 +1,46 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: Addon
+metadata:
+ name: ${cluster_resource_name}-cluster
+ annotations:
+ crossplane.io/external-name: ${cluster_resource_name}-ebs-csi-driver
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: addon
+spec:
+ forProvider:
+ region: ${cluster_location}
+ addonName: aws-ebs-csi-driver
+ addonVersion: v1.33.0-eksbuild.1
+ resolveConflicts: OVERWRITE
+ clusterNameSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ serviceAccountRoleArnSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/policy.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/policy.yaml
new file mode 100644
index 0000000..a65eac8
--- /dev/null
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/policy.yaml
@@ -0,0 +1,167 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: Policy
+metadata:
+ name: ${cluster_resource_name}-addon-policy
+ annotations:
+ crossplane.io/external-name: ${cluster_name}-ebs-csi-addon-policy
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: addon
+spec:
+ forProvider:
+ policy: |
+ {
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:CreateSnapshot",
+ "ec2:AttachVolume",
+ "ec2:DetachVolume",
+ "ec2:ModifyVolume",
+ "ec2:DescribeAvailabilityZones",
+ "ec2:DescribeInstances",
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeTags",
+ "ec2:DescribeVolumes",
+ "ec2:DescribeVolumesModifications",
+ "ec2:EnableFastSnapshotRestores"
+ ],
+ "Resource": "*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Resource": [
+ "arn:aws:ec2:*:*:volume/*",
+ "arn:aws:ec2:*:*:snapshot/*"
+ ]
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteTags"
+ ],
+ "Resource": [
+ "arn:aws:ec2:*:*:volume/*",
+ "arn:aws:ec2:*:*:snapshot/*"
+ ]
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:CreateVolume"
+ ],
+ "Resource": "arn:aws:ec2:*:*:volume/*",
+ "Condition": {
+ "StringLike": {
+ "aws:RequestTag/ebs.csi.aws.com/cluster": "true"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:CreateVolume"
+ ],
+ "Resource": "arn:aws:ec2:*:*:volume/*",
+ "Condition": {
+ "StringLike": {
+ "aws:RequestTag/CSIVolumeName": "*"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:CreateVolume"
+ ],
+ "Resource": "arn:aws:ec2:*:*:snapshot/*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteVolume"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteVolume"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/CSIVolumeName": "*"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteVolume"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/kubernetes.io/created-for/pvc/name": "*"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteSnapshot"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/CSIVolumeSnapshotName": "*"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteSnapshot"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
+ }
+ }
+ }
+ ]
+ }
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
index 3e61f81..00181d2 100644
--- a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
@@ -134,3 +134,27 @@
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+ name: ${cluster_resource_name}-addon
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ policyArnSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: addon
+ roleSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
index 03ae559..927e568 100644
--- a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
@@ -24,7 +24,7 @@
crossplane.io/external-name: ${cluster_name}-masterRole
labels:
provider: aws
- cluster: eks
+ cluster: ${cluster_resource_name}
type: cluster
spec:
forProvider:
@@ -58,7 +58,7 @@
crossplane.io/external-name: ${cluster_name}-nodeRole
labels:
provider: aws
- cluster: eks
+ cluster: ${cluster_resource_name}
type: ec2
spec:
forProvider:
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
index bffbfc3..d6da2a0 100644
--- a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
@@ -95,7 +95,7 @@
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}a
- kubernetes.io/cluster/{cluster_name}: shared
+ kubernetes.io/cluster/${cluster_name}: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
@@ -124,7 +124,7 @@
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}b
- kubernetes.io/cluster/{cluster_name}: shared
+ kubernetes.io/cluster/${cluster_name}: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
diff --git a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
index b643ba3..d990d26 100644
--- a/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
+++ b/installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
@@ -22,7 +22,7 @@
name: ${cluster_resource_name}-vpc
labels:
provider: aws
- cluster: eks
+ cluster: ${cluster_resource_name}
spec:
forProvider:
region: ${cluster_location}