Skip to content
Snippets Groups Projects
Commit 36a2a79d authored by mishrau's avatar mishrau Committed by garciadeblas
Browse files

Add manifests for EBS EKS addon and fix minor fixes in labels 


Change-Id: I0a8c80f278d6a04ae8e6416d507dfb4e417fecdf
Signed-off-by: default avatarUtkarsh <utkarshmishra@tataelxsi.co.in>
parent 12bcc650
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 242 additions and 5 deletions
installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/addons/ebs-csi-addon.yaml 0 → 100644
+ 46
0
View file @ 36a2a79d
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: eks.aws.upbound.io/v1beta1
kind: Addon
metadata:
name: ${cluster_resource_name}-cluster
annotations:
crossplane.io/external-name: ${cluster_resource_name}-ebs-csi-driver
labels:
provider: aws
cluster: ${cluster_resource_name}
type: addon
spec:
forProvider:
region: ${cluster_location}
addonName: aws-ebs-csi-driver
addonVersion: v1.33.0-eksbuild.1
resolveConflicts: OVERWRITE
clusterNameSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: cluster
serviceAccountRoleArnSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: cluster
providerConfigRef:
name: ${providerconfig_name}
installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/policy.yaml 0 → 100644
+ 167
0
View file @ 36a2a79d
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: Policy
metadata:
name: ${cluster_resource_name}-addon-policy
annotations:
crossplane.io/external-name: ${cluster_name}-ebs-csi-addon-policy
labels:
provider: aws
cluster: ${cluster_resource_name}
type: addon
spec:
forProvider:
policy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateSnapshot",
"ec2:AttachVolume",
"ec2:DetachVolume",
"ec2:ModifyVolume",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeSnapshots",
"ec2:DescribeTags",
"ec2:DescribeVolumes",
"ec2:DescribeVolumesModifications",
"ec2:EnableFastSnapshotRestores"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateTags"
],
"Resource": [
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteTags"
],
"Resource": [
"arn:aws:ec2:*:*:volume/*",
"arn:aws:ec2:*:*:snapshot/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateVolume"
],
"Resource": "arn:aws:ec2:*:*:volume/*",
"Condition": {
"StringLike": {
"aws:RequestTag/ebs.csi.aws.com/cluster": "true"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateVolume"
],
"Resource": "arn:aws:ec2:*:*:volume/*",
"Condition": {
"StringLike": {
"aws:RequestTag/CSIVolumeName": "*"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:CreateVolume"
],
"Resource": "arn:aws:ec2:*:*:snapshot/*"
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteVolume"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteVolume"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/CSIVolumeName": "*"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteVolume"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/kubernetes.io/created-for/pvc/name": "*"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteSnapshot"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/CSIVolumeSnapshotName": "*"
}
}
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteSnapshot"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
}
}
}
]
}
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
+ 24
0
View file @ 36a2a79d
......@@ -134,3 +134,27 @@ spec:
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
metadata:
name: ${cluster_resource_name}-addon
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
policyArnSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: addon
roleSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: cluster
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
+ 2
2
View file @ 36a2a79d
......@@ -24,7 +24,7 @@ metadata:
crossplane.io/external-name: ${cluster_name}-masterRole
labels:
provider: aws
cluster: eks
cluster: ${cluster_resource_name}
type: cluster
spec:
forProvider:
......@@ -58,7 +58,7 @@ metadata:
crossplane.io/external-name: ${cluster_name}-nodeRole
labels:
provider: aws
cluster: eks
cluster: ${cluster_resource_name}
type: ec2
spec:
forProvider:
......
installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
+ 2
2
View file @ 36a2a79d
......@@ -95,7 +95,7 @@ spec:
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}a
kubernetes.io/cluster/{cluster_name}: shared
kubernetes.io/cluster/${cluster_name}: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
......@@ -124,7 +124,7 @@ spec:
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}b
kubernetes.io/cluster/{cluster_name}: shared
kubernetes.io/cluster/${cluster_name}: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
installers/mgmt-cluster/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
+ 1
1
View file @ 36a2a79d
......@@ -22,7 +22,7 @@ metadata:
name: ${cluster_resource_name}-vpc
labels:
provider: aws
cluster: eks
cluster: ${cluster_resource_name}
spec:
forProvider:
region: ${cluster_location}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment