Feature 11055: Update cluster configuration to support the feature
Change-Id: I7a92c29a943d8767524ed40636eb204bd4ec2718
Signed-off-by: rshri <shrinithi.r@tataelxsi.co.in>
diff --git a/docker/osm-krm-functions/scripts/library/helper-functions.rc b/docker/osm-krm-functions/scripts/library/helper-functions.rc
index f5e4a55..03614d1 100644
--- a/docker/osm-krm-functions/scripts/library/helper-functions.rc
+++ b/docker/osm-krm-functions/scripts/library/helper-functions.rc
@@ -379,6 +379,47 @@
"| select(.kind == \"Kustomization\") | select(.metadata.name == \"${KUSTOMIZATION_NAME}\")"
}
+function patch_add_value_as_list() {
+ local KEY_PATH="$1"
+ local VALUE="$2"
+ local TARGET_FILTERS="${3:-}"
+
+ yq "(.items[]${TARGET_FILTERS})${KEY_PATH} += [${VALUE}]"
+}
+
+function add_patch_to_kustomization_as_list() {
+ local KUSTOMIZATION_NAME="$1"
+ local PATCH_VALUE="$2"
+
+ local VALUE_AS_JSON=$(echo "$PATCH_VALUE" | yq -o json -I0)
+
+ patch_add_value_as_list \
+ ".spec.patches" \
+ "${VALUE_AS_JSON}" \
+ "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${KUSTOMIZATION_NAME}\")"
+}
+
+function add_component_to_kustomization_as_list() {
+ local KUSTOMIZATION_NAME="$1"
+ shift
+ local COMPONENT=("$@")
+
+ local COMPONENT_JSON=$(printf '"%s",' "${COMPONENT[@]}" | sed 's/,$//')
+
+ patch_add_value_as_list \
+ ".spec.components" \
+ "${COMPONENT_JSON}" \
+ "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${KUSTOMIZATION_NAME}\")"
+}
+
+function add_config_to_kustomization() {
+ local KUSTOMIZATION_NAME="$1"
+
+ yq '
+ (.items[] | select(.kind == "Kustomization") | select(.metadata.name == "'"${KUSTOMIZATION_NAME}"'"))
+ .spec.postBuild.substituteFrom = [{"kind": "ConfigMap", "name": "'"${KUSTOMIZATION_NAME}"'-parameters"}]
+ '
+}
# Helper function to produce a JSON Patch as specified in RFC 6902
function as_json_patch() {
diff --git a/docker/osm-krm-functions/scripts/library/krm-functions.rc b/docker/osm-krm-functions/scripts/library/krm-functions.rc
index 61f6b69..1a3c0bd 100644
--- a/docker/osm-krm-functions/scripts/library/krm-functions.rc
+++ b/docker/osm-krm-functions/scripts/library/krm-functions.rc
@@ -621,8 +621,13 @@
local MGMT_PROJECT_NAME="${19:-"osm_admin"}"
local MGMT_CLUSTER_NAME="${20:-"_management"}"
local BASE_TEMPLATES_PATH="${21:-"cloud-resources"}"
- local TEMPLATE_MANIFEST_FILENAME="${22:-"${CLUSTER_TYPE,,}01.yaml"}"
- local MANIFEST_FILENAME="${23:-"${CLUSTER_TYPE,,}-${CLUSTER_NAME}.yaml"}"
+ # EKS only
+ local CLUSTER_IAM_ROLE="${22}"
+ local CLUSTER_PRIVATE_SUBNETS_ID="${23}"
+ local CLUSTER_PUBLIC_SUBNETS_ID="${24}"
+ local CONFIGMAP_NAME="${25}"
+ local TEMPLATE_MANIFEST_FILENAME="${26:-"${CLUSTER_TYPE,,}01.yaml"}"
+ local MANIFEST_FILENAME="${27:-"${CLUSTER_TYPE,,}-${CLUSTER_NAME}.yaml"}"
# Is the provider type supported?
@@ -630,14 +635,90 @@
CLUSTER_TYPE="${CLUSTER_TYPE,,}"
[[ ! ($(echo ${VALID_PROVIDERS[@]} | grep -w "${CLUSTER_TYPE}")) ]] && return 1
+ # Determine which optional steps may be needed
+ local IS_EKS=$([[ "${CLUSTER_TYPE}" == "eks" ]]; echo $?)
+ local IS_AKS=$([[ "${CLUSTER_TYPE}" == "aks" ]]; echo $?)
+ local IS_GCP=$([[ "${CLUSTER_TYPE}" == "gcp" ]]; echo $?)
+
+ local IS_EKS_AND_IAM=1
+ local IAM_COMPONENTS=()
+ local PATCH_SUBNET=0
+ local PATCH_IAM=0
+ local PATCH_VALUE=""
+ local PATCH=1
+ local CONFIG=1
+
+ if [[ "$IS_EKS" -eq 0 ]]; then
+
+ # Check for subnet config
+ if [[ "$CLUSTER_PRIVATE_SUBNETS_ID" == "default" ]]; then
+ IS_EKS_AND_IAM=0
+ IAM_COMPONENTS+=("../network")
+ else
+ PATCH_SUBNET=1
+ fi
+
+ # Check for IAM role config
+ if [[ "$CLUSTER_IAM_ROLE" == "default" ]]; then
+ IS_EKS_AND_IAM=0
+ IAM_COMPONENTS+=("../iam")
+ else
+ PATCH_IAM=1
+ fi
+
+ # Set PATCH flag if patch is required
+ if [[ $PATCH_SUBNET -eq 1 || $PATCH_IAM -eq 1 ]]; then
+ # PATCH=1
+ echo "Generating patch..."
+
+ PATCH_VALUE=$(cat <<EOF
+ patch: |
+ apiVersion: eks.aws.upbound.io/v1beta1
+ kind: Cluster
+ metadata:
+ name: \${cluster_resource_name}-cluster
+ spec:
+ forProvider:
+EOF
+ )
+
+ # Append subnet block if needed
+ if [[ $PATCH_SUBNET -eq 1 ]]; then
+ PATCH_VALUE+=$(cat <<EOF
+
+ vpcConfig:
+ - endpointPrivateAccess: true
+ endpointPublicAccess: true
+ subnetIds: \${private_subnets}
+EOF
+ )
+ fi
+
+ # Append IAM role block if needed
+ if [[ $PATCH_IAM -eq 1 ]]; then
+ PATCH_VALUE+=$(cat <<EOF
+
+ roleArn: \${cluster_iam_role}
+EOF
+ )
+ fi
+ fi
+
+ # Set PATCH flag
+ if [[ "$PATCH_SUBNET" -eq 1 || "$PATCH_IAM" -eq 1 ]]; then
+ PATCH=0
+ fi
+
+ # Set CONFIG flag
+ if [[ "$CONFIGMAP_NAME" != "default" ]]; then
+ CONFIG=0
+ fi
+ fi
+
# Determines the source dir for the templates and the target folder in Fleet
local TEMPLATES_DIR="${SW_CATALOGS_REPO_DIR}/${BASE_TEMPLATES_PATH}/${CLUSTER_TYPE}/templates"
local TARGET_FOLDER="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}"
- # Determine which optional steps may be needed
- local IS_AKS=$([[ "${CLUSTER_TYPE}" == "aks" ]]; echo $?)
- local IS_GCP=$([[ "${CLUSTER_TYPE}" == "gcp" ]]; echo $?)
-
# Pipeline of transformations to create the cluster resource
export CLUSTER_KUSTOMIZATION_NAME
folder2list \
@@ -665,6 +746,10 @@
"${K8S_VERSION}" \
"| select(.kind == \"Kustomization\") | select(.metadata.name == \"${CLUSTER_KUSTOMIZATION_NAME}\")" | \
patch_replace \
+ ".spec.postBuild.substitute.cluster_iam_role" \
+ "${CLUSTER_IAM_ROLE}" \
+ "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${CLUSTER_KUSTOMIZATION_NAME}\")" | \
+ patch_replace \
".spec.postBuild.substitute.providerconfig_name" \
"${PROVIDERCONFIG_NAME}" \
"| select(.kind == \"Kustomization\") | select(.metadata.name == \"${CLUSTER_KUSTOMIZATION_NAME}\")" | \
@@ -680,10 +765,24 @@
".spec.postBuild.substitute.preemptible_nodes" \
"${GKE_PREEMPTIBLE_NODES}" \
"| select(.kind == \"Kustomization\") | select(.metadata.name == \"${CLUSTER_KUSTOMIZATION_NAME}\")" | \
+ transform_if \
+ "${PATCH}" \
+ add_patch_to_kustomization_as_list \
+ "${CLUSTER_KUSTOMIZATION_NAME}" \
+ "${PATCH_VALUE}" | \
+ transform_if \
+ "${IS_EKS_AND_IAM}" \
+ add_component_to_kustomization_as_list \
+ "${CLUSTER_KUSTOMIZATION_NAME}" \
+ "${IAM_COMPONENTS[@]}" | \
+ transform_if \
+ "${CONFIG}" \
+ add_config_to_kustomization \
+ "${CLUSTER_KUSTOMIZATION_NAME}" | \
rename_file_in_items \
"${TEMPLATE_MANIFEST_FILENAME}" \
"${MANIFEST_FILENAME}" | \
- prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/" | \
+ prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/clusterbase/" | \
list2folder_cp_over \
"${TARGET_FOLDER}"
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/addons/ebs-csi-addon.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/addons/ebs-csi-addon.yaml
deleted file mode 100644
index b3a0275..0000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/addons/ebs-csi-addon.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
----
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: Addon
-metadata:
- name: ${cluster_resource_name}-cluster
- annotations:
- crossplane.io/external-name: ${cluster_resource_name}-ebs-csi-driver
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: addon
-spec:
- forProvider:
- region: ${cluster_location}
- addonName: aws-ebs-csi-driver
- addonVersion: v1.33.0-eksbuild.1
- resolveConflicts: OVERWRITE
- clusterNameSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: cluster
- serviceAccountRoleArnSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: cluster
- providerConfigRef:
- name: ${providerconfig_name}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/eks-cluster.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/base/eks-cluster.yaml
similarity index 99%
rename from installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/eks-cluster.yaml
rename to installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/base/eks-cluster.yaml
index 59b0b44..fdfb2c5 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/eks-cluster.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/base/eks-cluster.yaml
@@ -64,4 +64,4 @@
name: kubeconfig-${cluster_resource_name}
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/nodegroup.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/nodegroup.yaml
deleted file mode 100644
index e1406d6..0000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/nodegroup.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: NodeGroup
-metadata:
- name: ${cluster_resource_name}-nodegroup
- annotations:
- crossplane.io/external-name: ${cluster_name}-nodegroup
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- region: ${cluster_location}
- clusterNameSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: cluster
- nodeRoleArnSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: ec2
- subnetIdSelector:
- matchLabels:
- cluster: ${cluster_resource_name}
- type: subnet
- access: private
- scalingConfig:
- - minSize: 1
- desiredSize: ${node_count}
- maxSize: 10
- diskSize: 30
- instanceTypes:
- - ${vm_size}
- tags:
- Name: ${cluster_name}
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/kustomization.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/kustomization.yaml
new file mode 100644
index 0000000..d76d71d
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/kustomization.yaml
@@ -0,0 +1,22 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+ - roles.yaml
+ - role-policy-attachment.yaml
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/policy.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/policy.yaml
deleted file mode 100644
index a65eac8..0000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/policy.yaml
+++ /dev/null
@@ -1,167 +0,0 @@
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: Policy
-metadata:
- name: ${cluster_resource_name}-addon-policy
- annotations:
- crossplane.io/external-name: ${cluster_name}-ebs-csi-addon-policy
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: addon
-spec:
- forProvider:
- policy: |
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "ec2:CreateSnapshot",
- "ec2:AttachVolume",
- "ec2:DetachVolume",
- "ec2:ModifyVolume",
- "ec2:DescribeAvailabilityZones",
- "ec2:DescribeInstances",
- "ec2:DescribeSnapshots",
- "ec2:DescribeTags",
- "ec2:DescribeVolumes",
- "ec2:DescribeVolumesModifications",
- "ec2:EnableFastSnapshotRestores"
- ],
- "Resource": "*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:CreateTags"
- ],
- "Resource": [
- "arn:aws:ec2:*:*:volume/*",
- "arn:aws:ec2:*:*:snapshot/*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteTags"
- ],
- "Resource": [
- "arn:aws:ec2:*:*:volume/*",
- "arn:aws:ec2:*:*:snapshot/*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:CreateVolume"
- ],
- "Resource": "arn:aws:ec2:*:*:volume/*",
- "Condition": {
- "StringLike": {
- "aws:RequestTag/ebs.csi.aws.com/cluster": "true"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:CreateVolume"
- ],
- "Resource": "arn:aws:ec2:*:*:volume/*",
- "Condition": {
- "StringLike": {
- "aws:RequestTag/CSIVolumeName": "*"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:CreateVolume"
- ],
- "Resource": "arn:aws:ec2:*:*:snapshot/*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteVolume"
- ],
- "Resource": "*",
- "Condition": {
- "StringLike": {
- "ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteVolume"
- ],
- "Resource": "*",
- "Condition": {
- "StringLike": {
- "ec2:ResourceTag/CSIVolumeName": "*"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteVolume"
- ],
- "Resource": "*",
- "Condition": {
- "StringLike": {
- "ec2:ResourceTag/kubernetes.io/created-for/pvc/name": "*"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteSnapshot"
- ],
- "Resource": "*",
- "Condition": {
- "StringLike": {
- "ec2:ResourceTag/CSIVolumeSnapshotName": "*"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteSnapshot"
- ],
- "Resource": "*",
- "Condition": {
- "StringLike": {
- "ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
- }
- }
- }
- ]
- }
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
index 00181d2..9ff5bc2 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
@@ -73,88 +73,4 @@
type: cluster
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
- name: ${cluster_resource_name}-worker
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- roleSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: ec2
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
- name: ${cluster_resource_name}-cni
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
- roleSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: ec2
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
- name: ${cluster_resource_name}-registry
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
- roleSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: ec2
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
- name: ${cluster_resource_name}-addon
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- policyArnSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: addon
- roleSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: cluster
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
index 927e568..855f7bc 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
@@ -47,38 +47,4 @@
}
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: Role
-metadata:
- name: ${cluster_resource_name}-ec2
- annotations:
- crossplane.io/external-name: ${cluster_name}-nodeRole
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: ec2
-spec:
- forProvider:
- assumeRolePolicy: |
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Principal": {
- "Service": [
- "ec2.amazonaws.com"
- ]
- },
- "Action": [
- "sts:AssumeRole"
- ]
- }
- ]
- }
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml
index 96255f8..1966b9f 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml
@@ -86,4 +86,4 @@
Name: ${cluster_name}-natgw
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/kustomization.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/kustomization.yaml
new file mode 100644
index 0000000..95f2c7b
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/kustomization.yaml
@@ -0,0 +1,24 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+ - subnets.yaml
+ - vpc.yaml
+ - routes.yaml
+ - gateways.yaml
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml
index b9d57ba..bee6381 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml
@@ -147,34 +147,6 @@
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
metadata:
- name: ${cluster_resource_name}-public-route-association-1b
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- region: ${cluster_location}
- subnetIdSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: subnet
- access: public
- zone: ${cluster_location}b
- routeTableIdSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: routetable
- access: public
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: ec2.aws.upbound.io/v1beta1
-kind: RouteTableAssociation
-metadata:
name: ${cluster_resource_name}-private-route-association-1a
labels:
provider: aws
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
index d6da2a0..08324bb 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
@@ -47,34 +47,6 @@
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
- name: ${cluster_resource_name}-public-subnet-${cluster_location}b
- labels:
- type: subnet
- provider: aws
- cluster: ${cluster_resource_name}
- zone: ${cluster_location}b
- access: public
-spec:
- forProvider:
- region: ${cluster_location}
- availabilityZone: ${cluster_location}b
- cidrBlock: 10.10.1.0/24
- vpcIdSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- mapPublicIpOnLaunch: true
- tags:
- kubernetes.io/role/elb: "1"
- Name: ${cluster_name}-public-subnet-${cluster_location}b
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: ec2.aws.upbound.io/v1beta1
-kind: Subnet
-metadata:
name: ${cluster_resource_name}-private-subnet-${cluster_location}a
labels:
type: subnet
@@ -86,7 +58,7 @@
forProvider:
region: ${cluster_location}
availabilityZone: ${cluster_location}a
- cidrBlock: 10.10.2.0/24
+ cidrBlock: 10.10.1.0/24
vpcIdSelector:
matchLabels:
provider: aws
@@ -95,7 +67,7 @@
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}a
- kubernetes.io/cluster/${cluster_name}: shared
+ kubernetes.io/cluster/test: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
@@ -115,7 +87,7 @@
forProvider:
region: ${cluster_location}
availabilityZone: ${cluster_location}b
- cidrBlock: 10.10.3.0/24
+ cidrBlock: 10.10.2.0/24
vpcIdSelector:
matchLabels:
provider: aws
@@ -124,7 +96,7 @@
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}b
- kubernetes.io/cluster/${cluster_name}: shared
+ kubernetes.io/cluster/test: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
index d990d26..e7f0191 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
@@ -33,4 +33,4 @@
Name: ${cluster_name}-vpc
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml
index 0972827..6d141a2 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml
@@ -55,9 +55,9 @@
kind: GitRepository
name: sw-catalogs
namespace: flux-system
- path: ./cloud-resources/eks/manifests/
+ path: ./cloud-resources/eks/manifests/base
prune: true
- # force: true
+ # targetNamespace: default
wait: true
# Input parameters
postBuild:
@@ -66,6 +66,5 @@
cluster_resource_name: ${CLUSTER_KUSTOMIZATION_NAME}
cluster_name: ekscluster01
k8s_version: "'1.28'"
- node_count: "1"
- vm_size: t3.medium
cluster_location: ap-south-1
+ cluster_iam_role: arn:aws:iam::123456789012:role/cluster-iam-role
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml b/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml
index 9140b0b..852799b 100644
--- a/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml
+++ b/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml
@@ -72,6 +72,11 @@
value: "fleet-osm"
- name: cloned_sw_catalogs_folder_name
value: "sw-catalogs-osm"
+ ## EKS only (otherwise, empty)
+ - name: cluster_iam_role
+ - name: cluster_private_subnets_id
+ - name: cluster_public_subnets_id
+ - name: cluster_subnets_configmap_name
# Debug?
- name: debug
value: "false"
@@ -111,6 +116,10 @@
- "{{inputs.parameters.mgmt_project_name}}"
- "{{inputs.parameters.mgmt_cluster_name}}"
- "{{inputs.parameters.base_templates_path}}"
+ - "{{inputs.parameters.cluster_iam_role}}"
+ - "{{inputs.parameters.cluster_private_subnets_id}}"
+ - "{{inputs.parameters.cluster_public_subnets_id}}"
+ - "{{inputs.parameters.cluster_subnets_configmap_name}}"
volumeMounts:
- name: fleet-repo-volume
@@ -472,4 +481,4 @@
securityContext:
fsGroup: 10000
# runAsUser: 10000
- # runAsGroup: 10000
+ # runAsGroup: 10000
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml b/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
index d5b2ed2..0123e7f 100644
--- a/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
+++ b/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
@@ -78,6 +78,12 @@
- name: cloned_sw_catalogs_folder_name
value: "sw-catalogs-osm"
+ # Specific parameters - EKS only
+ - name: cluster_iam_role
+ - name: cluster_private_subnets_id
+ - name: cluster_public_subnets_id
+ - name: cluster_subnets_configmap_name
+
# Debug/dry run?
- name: debug
value: "false"
@@ -132,6 +138,11 @@
- name: base_templates_path
- name: cloned_fleet_folder_name
- name: cloned_sw_catalogs_folder_name
+ ## EKS only (otherwise, ignored)
+ - name: cluster_iam_role
+ - name: cluster_private_subnets_id
+ - name: cluster_public_subnets_id
+ - name: cluster_subnets_configmap_name
# Debug/dry run?
- name: debug
- name: dry_run
@@ -255,6 +266,15 @@
value: "{{inputs.parameters.cloned_fleet_folder_name}}"
- name: cloned_sw_catalogs_folder_name
value: "{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ ## EKS only
+ - name: cluster_iam_role
+ value: "{{inputs.parameters.cluster_iam_role}}"
+ - name: cluster_private_subnets_id
+ value: "{{inputs.parameters.cluster_private_subnets_id}}"
+ - name: cluster_public_subnets_id
+ value: "{{inputs.parameters.cluster_public_subnets_id}}"
+ - name: cluster_subnets_configmap_name
+ value: "{{inputs.parameters.cluster_subnets_configmap_name}}"
# Debug?
- name: debug
value: "{{inputs.parameters.debug}}"
@@ -283,4 +303,4 @@
value: osm_contrib
- name: dry_run
value: "{{inputs.parameters.dry_run}}"
-# ------ end of commit transaction
+# ------ end of commit transaction
\ No newline at end of file