--- /dev/null
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: Addon
+metadata:
+ name: ${cluster_resource_name}-cluster
+ annotations:
+ crossplane.io/external-name: ${cluster_resource_name}-ebs-csi-driver
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: addon
+spec:
+ forProvider:
+ region: ${cluster_location}
+ addonName: aws-ebs-csi-driver
+ addonVersion: v1.33.0-eksbuild.1
+ resolveConflicts: OVERWRITE
+ clusterNameSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ serviceAccountRoleArnSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ providerConfigRef:
+ name: ${providerconfig_name}
--- /dev/null
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: Policy
+metadata:
+ name: ${cluster_resource_name}-addon-policy
+ annotations:
+ crossplane.io/external-name: ${cluster_name}-ebs-csi-addon-policy
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: addon
+spec:
+ forProvider:
+ policy: |
+ {
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:CreateSnapshot",
+ "ec2:AttachVolume",
+ "ec2:DetachVolume",
+ "ec2:ModifyVolume",
+ "ec2:DescribeAvailabilityZones",
+ "ec2:DescribeInstances",
+ "ec2:DescribeSnapshots",
+ "ec2:DescribeTags",
+ "ec2:DescribeVolumes",
+ "ec2:DescribeVolumesModifications",
+ "ec2:EnableFastSnapshotRestores"
+ ],
+ "Resource": "*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:CreateTags"
+ ],
+ "Resource": [
+ "arn:aws:ec2:*:*:volume/*",
+ "arn:aws:ec2:*:*:snapshot/*"
+ ]
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteTags"
+ ],
+ "Resource": [
+ "arn:aws:ec2:*:*:volume/*",
+ "arn:aws:ec2:*:*:snapshot/*"
+ ]
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:CreateVolume"
+ ],
+ "Resource": "arn:aws:ec2:*:*:volume/*",
+ "Condition": {
+ "StringLike": {
+ "aws:RequestTag/ebs.csi.aws.com/cluster": "true"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:CreateVolume"
+ ],
+ "Resource": "arn:aws:ec2:*:*:volume/*",
+ "Condition": {
+ "StringLike": {
+ "aws:RequestTag/CSIVolumeName": "*"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:CreateVolume"
+ ],
+ "Resource": "arn:aws:ec2:*:*:snapshot/*"
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteVolume"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteVolume"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/CSIVolumeName": "*"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteVolume"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/kubernetes.io/created-for/pvc/name": "*"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteSnapshot"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/CSIVolumeSnapshotName": "*"
+ }
+ }
+ },
+ {
+ "Effect": "Allow",
+ "Action": [
+ "ec2:DeleteSnapshot"
+ ],
+ "Resource": "*",
+ "Condition": {
+ "StringLike": {
+ "ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
+ }
+ }
+ }
+ ]
+ }
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
+
+---
+apiVersion: iam.aws.upbound.io/v1beta1
+kind: RolePolicyAttachment
+metadata:
+ name: ${cluster_resource_name}-addon
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+spec:
+ forProvider:
+ policyArnSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: addon
+ roleSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
crossplane.io/external-name: ${cluster_name}-masterRole
labels:
provider: aws
- cluster: eks
+ cluster: ${cluster_resource_name}
type: cluster
spec:
forProvider:
crossplane.io/external-name: ${cluster_name}-nodeRole
labels:
provider: aws
- cluster: eks
+ cluster: ${cluster_resource_name}
type: ec2
spec:
forProvider:
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}a
- kubernetes.io/cluster/{cluster_name}: shared
+ kubernetes.io/cluster/${cluster_name}: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}b
- kubernetes.io/cluster/{cluster_name}: shared
+ kubernetes.io/cluster/${cluster_name}: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
name: ${cluster_resource_name}-vpc
labels:
provider: aws
- cluster: eks
+ cluster: ${cluster_resource_name}
spec:
forProvider:
region: ${cluster_location}
projects / osm / devops.git / commitdiff