Skip to content
Snippets Groups Projects
Commit a157b091 authored by garciadeblas's avatar garciadeblas
Browse files

Adding examples of OKA packages 


Signed-off-by: default avatargarciadeblas <gerardo.garciadeblas@telefonica.com>
parent d299ba2e
No related branches found
No related tags found
No related merge requests found
Pipeline #17379 failed with stage
in 46 seconds
Hide whitespace changes
Inline Side-by-side
Showing
with 1627 additions and 0 deletions
oka/apps/jenkins/manifests/bitnamicharts-repo.yaml 0 → 100644
+ 27
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: bitnamicharts
namespace: jenkins
spec:
interval: 10m0s
type: oci
url: oci://registry-1.docker.io/bitnamicharts
oka/apps/jenkins/manifests/jenkins-hr.yaml 0 → 100644
+ 37
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: jenkins
namespace: jenkins
spec:
chart:
spec:
chart: jenkins
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
name: bitnamicharts
namespace: jenkins
install:
createNamespace: true
interval: 3m0s
targetNamespace: jenkins
values: {}
oka/apps/jenkins/templates/jenkins-ks.yaml 0 → 100644
+ 31
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: jenkins
namespace: jenkins
spec:
interval: 1h0m0s
path: ./apps/jenkins/manifests
prune: true
sourceRef:
kind: GitRepository
name: sw-catalogs
namespace: flux-system
oka/apps/jenkins/templates/jenkins-ns.yaml 0 → 100644
+ 24
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: null
name: jenkins
spec: {}
status: {}
oka/cloud-resources/aks/manifests/aks.yaml 0 → 100644
+ 53
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
apiVersion: containerservice.azure.upbound.io/v1beta1
kind: KubernetesCluster
metadata:
name: ${cluster_resource_name}
spec:
forProvider:
# Force K8s version
# kubernetesVersion: 1.26
defaultNodePool:
- name: default
nodeCount: 1
# nodeCount: ${node_count}
# vmSize: Standard_D2_v2
vmSize: ${vm_size}
dnsPrefix: pref-${cluster_resource_name}
identity:
- type: SystemAssigned
location: ${cluster_location}
resourceGroupName: ${rg_name}
# # In case we had created the RG with CrossPlane:
# resourceGroupNameSelector:
# matchLabels:
# testing.upbound.io/example-name: example
# tags:
# Environment: Production
publishConnectionDetailsTo:
# name: kubeconfig-myakscluster01
name: kubeconfig-${cluster_resource_name}
writeConnectionSecretToRef:
# name: kubeconfig-myakscluster01
name: kubeconfig-${cluster_resource_name}
# namespace: crossplane-system
namespace: managed-resources
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
oka/cloud-resources/aks/templates/aks01.yaml 0 → 100644
+ 92
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
# TEMPLATE_PARAMETERS:
# ===================
#
# CLUSTER_KUSTOMIZATION_NAME: Name of the Kustomization in the management cluster representing the AKS cluster.
# - Alternatively, it can be patched at:
# .metadata.name
# .metadata.labels.cluster
# .spec.commonMetadata.labels.cluster
#
# PARAMETERS TO PATCH:
# ===================
#
# .spec.postBuild.substitute.providerconfig_name: Name of the Azure ProviderConfig to use to create the AKS cluster.
# .spec.postBuild.substitute.cluster_name: Name of the cluster in the target cloud. It may differ from `CLUSTER_KUSTOMIZATION_NAME` since naming restrictions are often different from K8s resource naming restrictions (e.g., hyphens vs. underscores).
# .spec.postBuild.substitute.k8s_version: Kubernetes version.
# .spec.postBuild.substitute.node_count: Number of worker nodes.
# .spec.postBuild.substitute.vm_size: Flavor of worker node VMs.
# .spec.postBuild.substitute.cluster_location: Target cluster region.
# .spec.postBuild.substitute.rg_name: Target Resource Group.
# Cluster resource
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}
namespace: managed-resources
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
commonMetadata:
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
interval: 1h
retryInterval: 1m
timeout: 5m
sourceRef:
kind: GitRepository
name: sw-catalogs
namespace: flux-system
path: ./cloud-resources/aks/manifests
prune: true
wait: true
# force: true
patches:
- patch: |-
apiVersion: containerservice.azure.upbound.io/v1beta1
kind: KubernetesCluster
metadata:
name: ${cluster_resource_name}
spec:
forProvider:
# Comment for latest version (creation only):
kubernetesVersion: "${k8s_version}"
defaultNodePool:
- name: default
# nodeCount: 1 # Edit to change no. workers
nodeCount: ${node_count}
# Comment for latest version (creation only):
orchestratorVersion: "${k8s_version}"
vmSize: ${vm_size}
# Input parameters
postBuild:
substitute:
providerconfig_name: default
cluster_resource_name: ${CLUSTER_KUSTOMIZATION_NAME}
cluster_name: myakscluster01
k8s_version: "'1.27'"
node_count: "1"
vm_size: Standard_D2_v2
cluster_location: West Europe
# AKS only
rg_name: CloudNative-OSM
oka/cloud-resources/azure-mysql/manifests/dbformysql.yaml 0 → 100644
+ 97
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: dbformysql.azure.upbound.io/v1beta1
kind: Database
metadata:
# annotations:
# meta.upbound.io/example-id: dbformysql/v1beta1/database
labels:
testing.upbound.io/name: ${database_name}
name: ${database_name}
spec:
forProvider:
charset: utf8
collation: utf8_unicode_ci
resourceGroupName: ${resource_group}
# resourceGroupNameSelector:
# matchLabels:
# testing.upbound.io/name: ${database_name}
serverNameSelector:
matchLabels:
testing.upbound.io/name: ${database_name}
---
apiVersion: dbformysql.azure.upbound.io/v1beta1
kind: Server
metadata:
# annotations:
# meta.upbound.io/example-id: dbformysql/v1beta1/database
labels:
testing.upbound.io/name: ${database_name}
name: server-${database_name}
spec:
forProvider:
administratorLogin: ${admin_user}
administratorLoginPasswordSecretRef:
key: key
name: ${database_secret_name}
namespace: ${database_secret_namespace}
autoGrowEnabled: true
backupRetentionDays: 7
geoRedundantBackupEnabled: true
infrastructureEncryptionEnabled: true
location: ${region}
publicNetworkAccessEnabled: false
resourceGroupName: ${resource_group}
# resourceGroupNameSelector:
# matchLabels:
# testing.upbound.io/name: ${database_name}
# skuName: GP_Gen5_2
skuName: ${sku_name:=GP_Gen5_2}
sslEnforcementEnabled: true
sslMinimalTlsVersionEnforced: TLS1_2
# storageMb: 5120
storageMb: ${storage_mb:=5120}
version: "5.7"
# ---
# apiVersion: v1
# kind: Secret
# metadata:
# name: example-secret
# namespace: upbound-system
# type: Opaque
# stringData:
# example-key: dGVzdFBhc3N3b3JkITEyMw==
# ---
# apiVersion: azure.upbound.io/v1beta1
# kind: ResourceGroup
# metadata:
# annotations:
# meta.upbound.io/example-id: dbformysql/v1beta1/database
# labels:
# testing.upbound.io/name: ${database_name}
# name: ${database_name}
# spec:
# forProvider:
# location: West Europe
oka/cloud-resources/azure-mysql/templates/azure-mysql01.yaml 0 → 100644
+ 47
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
# Database resource
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: azure-mysql01
namespace: managed-resources
spec:
interval: 1h
retryInterval: 1m
timeout: 5m
sourceRef:
kind: GitRepository
name: sw-catalogs
namespace: flux-system
path: ./cloud-resources/azure-mysql/resources
prune: true
wait: true
# Input parameters
postBuild:
substitute:
database_name: azure-mysql01
resource_group: CloudNative-InfraMgmt-CTIO
region: West Europe
admin_user: MyDemoUser123
database_secret_name: database-secret
database_secret_namespace: managed-resources
# sku_name: GP_Gen5_2
# storage_mb: 5120
oka/cloud-resources/eks/manifests/eks-cluster/eks-cluster.yaml 0 → 100644
+ 67
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: eks.aws.upbound.io/v1beta1
kind: Cluster
metadata:
name: ${cluster_resource_name}-cluster
annotations:
crossplane.io/external-name: ${cluster_name}
labels:
provider: aws
cluster: ${cluster_resource_name}
type: cluster
spec:
forProvider:
region: ${cluster_location}
version: ${k8s_version}
roleArnSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: cluster
vpcConfig:
- endpointPrivateAccess: true
endpointPublicAccess: true
subnetIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: subnet
access: private
publishConnectionDetailsTo:
name: kubeconfig-${cluster_resource_name}
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: eks.aws.upbound.io/v1beta1
kind: ClusterAuth
metadata:
name: ${cluster_resource_name}-clusterauth
spec:
forProvider:
region: ${cluster_location}
clusterName: ${cluster_name}
writeConnectionSecretToRef:
namespace: managed-resources
name: kubeconfig-${cluster_resource_name}
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
oka/cloud-resources/eks/manifests/eks-cluster/nodegroup.yaml 0 → 100644
+ 56
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
apiVersion: eks.aws.upbound.io/v1beta1
kind: NodeGroup
metadata:
name: ${cluster_resource_name}-nodegroup
annotations:
crossplane.io/external-name: ${cluster_name}-nodegroup
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
region: ${cluster_location}
clusterNameSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: cluster
nodeRoleArnSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: ec2
subnetIdSelector:
matchLabels:
cluster: ${cluster_resource_name}
type: subnet
access: private
scalingConfig:
- minSize: 1
desiredSize: ${node_count}
maxSize: 10
diskSize: 30
instanceTypes:
- ${vm_size}
tags:
Name: ${cluster_name}
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
oka/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml 0 → 100644
+ 136
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
metadata:
name: ${cluster_resource_name}-cluster
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
roleSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: cluster
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
metadata:
name: ${cluster_resource_name}-service
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSServicePolicy
roleSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: cluster
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
metadata:
name: ${cluster_resource_name}-vpccontroller
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSVPCResourceController
roleSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: cluster
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
metadata:
name: ${cluster_resource_name}-worker
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
roleSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: ec2
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
metadata:
name: ${cluster_resource_name}-cni
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
roleSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: ec2
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: RolePolicyAttachment
metadata:
name: ${cluster_resource_name}-registry
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
roleSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: ec2
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
oka/cloud-resources/eks/manifests/iam/roles.yaml 0 → 100644
+ 84
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
name: ${cluster_resource_name}-eks
annotations:
crossplane.io/external-name: ${cluster_name}-masterRole
labels:
provider: aws
cluster: eks
type: cluster
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"eks.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: iam.aws.upbound.io/v1beta1
kind: Role
metadata:
name: ${cluster_resource_name}-ec2
annotations:
crossplane.io/external-name: ${cluster_name}-nodeRole
labels:
provider: aws
cluster: eks
type: ec2
spec:
forProvider:
assumeRolePolicy: |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": [
"ec2.amazonaws.com"
]
},
"Action": [
"sts:AssumeRole"
]
}
]
}
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
oka/cloud-resources/eks/manifests/network/gateways.yaml 0 → 100644
+ 89
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: EIP
metadata:
name: ${cluster_resource_name}-eip
labels:
provider: aws
cluster: ${cluster_resource_name}
type: eip
spec:
forProvider:
region: ${cluster_location}
domain: vpc
tags:
key: Name
value: ${cluster_name}-eip
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: InternetGateway
metadata:
name: ${cluster_resource_name}-igw
labels:
provider: aws
cluster: ${cluster_resource_name}
type: igw
spec:
forProvider:
region: ${cluster_location}
vpcIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
tags:
Name: ${cluster_name}-igw
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: NATGateway
metadata:
name: ${cluster_resource_name}-natgw
labels:
provider: aws
cluster: ${cluster_resource_name}
type: natgw
spec:
forProvider:
region: ${cluster_location}
connectivityType: public
allocationIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: eip
subnetIdSelector:
matchLabels:
type: subnet
provider: aws
cluster: ${cluster_resource_name}
zone: ${cluster_location}a
access: public
tags:
Name: ${cluster_name}-natgw
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
oka/cloud-resources/eks/manifests/network/routes.yaml 0 → 100644
+ 228
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: ec2.aws.upbound.io/v1beta2
kind: Route
metadata:
name: ${cluster_resource_name}-public-route
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
region: ${cluster_location}
destinationCidrBlock: 0.0.0.0/0
gatewayIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: igw
routeTableIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: routetable
access: public
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta2
kind: Route
metadata:
name: ${cluster_resource_name}-private-route
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
region: ${cluster_location}
destinationCidrBlock: 0.0.0.0/0
natGatewayIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: natgw
routeTableIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: routetable
access: private
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTable
metadata:
name: ${cluster_resource_name}-public-route-table
labels:
provider: aws
cluster: ${cluster_resource_name}
type: routetable
access: public
spec:
forProvider:
region: ${cluster_location}
vpcIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
tags:
Name: ${cluster_name}-public-route-table
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTable
metadata:
name: ${cluster_resource_name}-private-route-table
labels:
provider: aws
cluster: ${cluster_resource_name}
type: routetable
access: private
spec:
forProvider:
region: ${cluster_location}
vpcIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
tags:
Name: ${cluster_name}-private-route-table
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
metadata:
name: ${cluster_resource_name}-public-route-association-1a
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
region: ${cluster_location}
subnetIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: subnet
access: public
zone: ${cluster_location}a
routeTableIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: routetable
access: public
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
metadata:
name: ${cluster_resource_name}-public-route-association-1b
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
region: ${cluster_location}
subnetIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: subnet
access: public
zone: ${cluster_location}b
routeTableIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: routetable
access: public
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
metadata:
name: ${cluster_resource_name}-private-route-association-1a
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
region: ${cluster_location}
subnetIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: subnet
access: private
zone: ${cluster_location}a
routeTableIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: routetable
access: private
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
metadata:
name: ${cluster_resource_name}-private-route-association-1b
labels:
provider: aws
cluster: ${cluster_resource_name}
spec:
forProvider:
region: ${cluster_location}
subnetIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: subnet
access: private
zone: ${cluster_location}b
routeTableIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
type: routetable
access: private
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
oka/cloud-resources/eks/manifests/network/subnets.yaml 0 → 100644
+ 130
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
name: ${cluster_resource_name}-public-subnet-${cluster_location}a
labels:
type: subnet
provider: aws
cluster: ${cluster_resource_name}
zone: ${cluster_location}a
access: public
spec:
forProvider:
region: ${cluster_location}
availabilityZone: ${cluster_location}a
cidrBlock: 10.10.0.0/24
vpcIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
mapPublicIpOnLaunch: true
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-public-subnet-${cluster_location}a
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
name: ${cluster_resource_name}-public-subnet-${cluster_location}b
labels:
type: subnet
provider: aws
cluster: ${cluster_resource_name}
zone: ${cluster_location}b
access: public
spec:
forProvider:
region: ${cluster_location}
availabilityZone: ${cluster_location}b
cidrBlock: 10.10.1.0/24
vpcIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
mapPublicIpOnLaunch: true
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-public-subnet-${cluster_location}b
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
name: ${cluster_resource_name}-private-subnet-${cluster_location}a
labels:
type: subnet
provider: aws
cluster: ${cluster_resource_name}
zone: ${cluster_location}a
access: private
spec:
forProvider:
region: ${cluster_location}
availabilityZone: ${cluster_location}a
cidrBlock: 10.10.2.0/24
vpcIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
mapPublicIpOnLaunch: false
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}a
kubernetes.io/cluster/{cluster_name}: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
metadata:
name: ${cluster_resource_name}-private-subnet-${cluster_location}b
labels:
type: subnet
provider: aws
cluster: ${cluster_resource_name}
zone: ${cluster_location}b
access: private
spec:
forProvider:
region: ${cluster_location}
availabilityZone: ${cluster_location}b
cidrBlock: 10.10.3.0/24
vpcIdSelector:
matchLabels:
provider: aws
cluster: ${cluster_resource_name}
mapPublicIpOnLaunch: false
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}b
kubernetes.io/cluster/{cluster_name}: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
oka/cloud-resources/eks/manifests/network/vpc.yaml 0 → 100644
+ 36
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: VPC
metadata:
name: ${cluster_resource_name}-vpc
labels:
provider: aws
cluster: eks
spec:
forProvider:
region: ${cluster_location}
cidrBlock: 10.10.0.0/16
enableDnsHostnames: true
enableDnsSupport: true
tags:
Name: ${cluster_name}-vpc
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
oka/cloud-resources/eks/templates/eks01.yaml 0 → 100644
+ 71
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
# TEMPLATE_PARAMETERS:
# ===================
#
# CLUSTER_KUSTOMIZATION_NAME: Name of the cluster in the management cluster (e.g., for `Kustomization`s).
# - Alternatively, it can be patched at:
# .metadata.name
# .metadata.labels.cluster
# .spec.commonMetadata.labels.cluster
# .spec.postBuild.substitute.cluster_resource_name
#
# PARAMETERS TO PATCH:
# ===================
#
# .spec.postBuild.substitute.providerconfig_name: Name of the AWS ProviderConfig to use to create the EKS cluster.
# .spec.postBuild.substitute.cluster_name: Name of the cluster in the target cloud. It may differ from `CLUSTER_KUSTOMIZATION_NAME` since naming restrictions are often different from K8s resource naming restrictions (e.g., hyphens vs. underscores).
# .spec.postBuild.substitute.k8s_version: Kubernetes version.
# .spec.postBuild.substitute.node_count: Number of worker nodes.
# .spec.postBuild.substitute.vm_size: Flavor of worker node VMs.
# .spec.postBuild.substitute.cluster_location: Target cluster region.
# Cluster resource
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}
namespace: managed-resources
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
commonMetadata:
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
interval: 1h
retryInterval: 1m
timeout: 5m
sourceRef:
kind: GitRepository
name: sw-catalogs
namespace: flux-system
path: ./cloud-resources/eks/manifests/
prune: true
# force: true
wait: true
# Input parameters
postBuild:
substitute:
providerconfig_name: default
cluster_resource_name: ${CLUSTER_KUSTOMIZATION_NAME}
cluster_name: ekscluster01
k8s_version: "'1.28'"
node_count: "1"
vm_size: t3.medium
cluster_location: ap-south-1
oka/cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces/namespaces.yaml 0 → 100644
+ 31
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
# Remote namespace `flux-system`
apiVersion: v1
kind: Namespace
metadata:
name: flux-system
---
# Remote namespace `managed-resources`
# - Required for Helm deployments from management cluster
apiVersion: v1
kind: Namespace
metadata:
name: managed-resources
oka/cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret/secret-template.yaml 0 → 100644
+ 26
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
# Template for creating remote secrets
apiVersion: v1
kind: Secret
metadata:
name: ${secret_name}
namespace: ${secret_namespace}
type: Opaque
stringData: {}
oka/cloud-resources/flux-remote-bootstrap/bootstrap/templates/remote-cluster-bootstrap.yaml 0 → 100644
+ 265
0
View file @ a157b091
#######################################################################################
# Copyright ETSI Contributors and Others.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#######################################################################################
---
# TEMPLATE PARAMETERS:
# ===================
#
# CLUSTER_KUSTOMIZATION_NAME: Name of the cluster in the management cluster (i.e., the `Kustomization`).
# CLUSTER_NAME: Name of the cluster in the target cloud. It may differ from `CLUSTER_KUSTOMIZATION_NAME` since naming restrictions are often different from K8s resource naming restrictions (e.g., hyphens vs. underscores).
# CLUSTER_AGE_SECRET_NAME: Name of the secret in the management cluster that keeps the private key for age/sops in the remote cluster.
# Creates required remote namespaces
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
namespace: managed-resources
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
# interval: 1h
interval: 5m
retryInterval: 1m
timeout: 5m
dependsOn:
- name: ${CLUSTER_KUSTOMIZATION_NAME}
prune: true
# wait: true
# force: true
sourceRef:
kind: GitRepository
name: sw-catalogs
namespace: flux-system
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/namespaces
kubeConfig:
secretRef:
name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
key: kubeconfig
---
# Creates remote `flux-system.flux-system` secret
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux
namespace: managed-resources
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
# interval: 1h
interval: 5m
retryInterval: 1m
timeout: 5m
dependsOn:
- name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
prune: true
# wait: true
force: true
sourceRef:
kind: GitRepository
name: sw-catalogs
namespace: flux-system
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
key: kubeconfig
patches:
- patch: |-
apiVersion: v1
kind: Secret
metadata:
name: ${secret_name}
namespace: ${secret_namespace}
stringData:
username: ${username}
password: ${password}
# Inputs:
postBuild:
substitute:
secret_name: flux-system
secret_namespace: flux-system
substituteFrom:
- kind: Secret
name: flux-system
---
# Creates remote `sops-age` secret
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-sops
namespace: managed-resources
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
# interval: 1h
interval: 5m
retryInterval: 1m
timeout: 5m
dependsOn:
- name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
prune: true
# wait: true
force: true
sourceRef:
kind: GitRepository
name: sw-catalogs
namespace: flux-system
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
key: kubeconfig
patches:
- patch: |-
apiVersion: v1
kind: Secret
metadata:
name: ${secret_name}
namespace: ${secret_namespace}
stringData:
age.agekey: ${agekey}
# Inputs:
postBuild:
substitute:
secret_name: sops-age
secret_namespace: flux-system
substituteFrom:
- kind: Secret
name: ${CLUSTER_AGE_SECRET_NAME}
---
# Creates remote `fleet-repo.flux-system` secret
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-fleet
namespace: managed-resources
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
# interval: 1h
interval: 5m
retryInterval: 1m
timeout: 5m
dependsOn:
- name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
prune: true
# wait: true
force: true
sourceRef:
kind: GitRepository
name: sw-catalogs
namespace: flux-system
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
key: kubeconfig
patches:
- patch: |-
apiVersion: v1
kind: Secret
metadata:
name: ${secret_name}
namespace: ${secret_namespace}
stringData:
username: ${username}
password: ${password}
# Inputs:
postBuild:
substitute:
secret_name: fleet-repo
secret_namespace: flux-system
substituteFrom:
- kind: Secret
name: fleet-repo
---
# Creates remote `sw-catalogs.flux-system` secret
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-catalogs
namespace: managed-resources
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
# interval: 1h
interval: 5m
retryInterval: 1m
timeout: 5m
dependsOn:
- name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-ns
prune: true
# wait: true
force: true
sourceRef:
kind: GitRepository
name: sw-catalogs
namespace: flux-system
path: ./cloud-resources/flux-remote-bootstrap/bootstrap/manifests/secret
kubeConfig:
secretRef:
name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
key: kubeconfig
patches:
- patch: |-
apiVersion: v1
kind: Secret
metadata:
name: ${secret_name}
namespace: ${secret_namespace}
stringData:
username: ${username}
password: ${password}
# Inputs:
postBuild:
substitute:
secret_name: sw-catalogs
secret_namespace: flux-system
substituteFrom:
- kind: Secret
name: sw-catalogs
---
# Remote installation of Flux controller (to let the cluster be autonomous)
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-fluxctrl
namespace: managed-resources
labels:
cluster: ${CLUSTER_KUSTOMIZATION_NAME}
spec:
# Tune interval as needed
interval: 10m0s
path: ./clusters/${CLUSTER_KUSTOMIZATION_NAME}/flux-system
dependsOn:
- name: ${CLUSTER_KUSTOMIZATION_NAME}-bstrp-secret-flux
# Avoids removing resources unexpectedly
prune: false
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
kubeConfig:
secretRef:
name: kubeconfig-${CLUSTER_KUSTOMIZATION_NAME}
key: kubeconfig
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment