"| select(.kind == \"Kustomization\") | select(.metadata.name == \"${KUSTOMIZATION_NAME}\")"
}
+function patch_add_value_as_list() {
+ local KEY_PATH="$1"
+ local VALUE="$2"
+ local TARGET_FILTERS="${3:-}"
+
+ yq "(.items[]${TARGET_FILTERS})${KEY_PATH} += [${VALUE}]"
+}
+
+function add_patch_to_kustomization_as_list() {
+ local KUSTOMIZATION_NAME="$1"
+ local PATCH_VALUE="$2"
+
+ local VALUE_AS_JSON=$(echo "$PATCH_VALUE" | yq -o json -I0)
+
+ patch_add_value_as_list \
+ ".spec.patches" \
+ "${VALUE_AS_JSON}" \
+ "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${KUSTOMIZATION_NAME}\")"
+}
+
+function add_component_to_kustomization_as_list() {
+ local KUSTOMIZATION_NAME="$1"
+ shift
+ local COMPONENT=("$@")
+
+ local COMPONENT_JSON=$(printf '"%s",' "${COMPONENT[@]}" | sed 's/,$//')
+
+ patch_add_value_as_list \
+ ".spec.components" \
+ "${COMPONENT_JSON}" \
+ "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${KUSTOMIZATION_NAME}\")"
+}
+
+function add_config_to_kustomization() {
+ local KUSTOMIZATION_NAME="$1"
+
+ yq '
+ (.items[] | select(.kind == "Kustomization") | select(.metadata.name == "'"${KUSTOMIZATION_NAME}"'"))
+ .spec.postBuild.substituteFrom = [{"kind": "ConfigMap", "name": "'"${KUSTOMIZATION_NAME}"'-parameters"}]
+ '
+}
# Helper function to produce a JSON Patch as specified in RFC 6902
function as_json_patch() {
local MGMT_PROJECT_NAME="${19:-"osm_admin"}"
local MGMT_CLUSTER_NAME="${20:-"_management"}"
local BASE_TEMPLATES_PATH="${21:-"cloud-resources"}"
- local TEMPLATE_MANIFEST_FILENAME="${22:-"${CLUSTER_TYPE,,}01.yaml"}"
- local MANIFEST_FILENAME="${23:-"${CLUSTER_TYPE,,}-${CLUSTER_NAME}.yaml"}"
+ # EKS only
+ local CLUSTER_IAM_ROLE="${22}"
+ local CLUSTER_PRIVATE_SUBNETS_ID="${23}"
+ local CLUSTER_PUBLIC_SUBNETS_ID="${24}"
+ local CONFIGMAP_NAME="${25}"
+ local TEMPLATE_MANIFEST_FILENAME="${26:-"${CLUSTER_TYPE,,}01.yaml"}"
+ local MANIFEST_FILENAME="${27:-"${CLUSTER_TYPE,,}-${CLUSTER_NAME}.yaml"}"
# Is the provider type supported?
CLUSTER_TYPE="${CLUSTER_TYPE,,}"
[[ ! ($(echo ${VALID_PROVIDERS[@]} | grep -w "${CLUSTER_TYPE}")) ]] && return 1
- # Determines the source dir for the templates and the target folder in Fleet
- local TEMPLATES_DIR="${SW_CATALOGS_REPO_DIR}/${BASE_TEMPLATES_PATH}/${CLUSTER_TYPE}/templates"
- local TARGET_FOLDER="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}"
-
# Determine which optional steps may be needed
+ local IS_EKS=$([[ "${CLUSTER_TYPE}" == "eks" ]]; echo $?)
local IS_AKS=$([[ "${CLUSTER_TYPE}" == "aks" ]]; echo $?)
local IS_GCP=$([[ "${CLUSTER_TYPE}" == "gcp" ]]; echo $?)
+ local IS_EKS_AND_IAM=1
+ local IAM_COMPONENTS=()
+ local PATCH_SUBNET=0
+ local PATCH_IAM=0
+ local PATCH_VALUE=""
+ local PATCH=1
+ local CONFIG=1
+
+ if [[ "$IS_EKS" -eq 0 ]]; then
+
+ # Check for subnet config
+ if [[ "$CLUSTER_PRIVATE_SUBNETS_ID" == "default" ]]; then
+ IS_EKS_AND_IAM=0
+ IAM_COMPONENTS+=("../network")
+ else
+ PATCH_SUBNET=1
+ fi
+
+ # Check for IAM role config
+ if [[ "$CLUSTER_IAM_ROLE" == "default" ]]; then
+ IS_EKS_AND_IAM=0
+ IAM_COMPONENTS+=("../iam")
+ else
+ PATCH_IAM=1
+ fi
+
+ # Set PATCH flag if patch is required
+ if [[ $PATCH_SUBNET -eq 1 || $PATCH_IAM -eq 1 ]]; then
+ # PATCH=1
+ echo "Generating patch..."
+
+ PATCH_VALUE=$(cat <<EOF
+ patch: |
+ apiVersion: eks.aws.upbound.io/v1beta1
+ kind: Cluster
+ metadata:
+ name: \${cluster_resource_name}-cluster
+ spec:
+ forProvider:
+EOF
+ )
+
+ # Append subnet block if needed
+ if [[ $PATCH_SUBNET -eq 1 ]]; then
+ PATCH_VALUE+=$(cat <<EOF
+
+ vpcConfig:
+ - endpointPrivateAccess: true
+ endpointPublicAccess: true
+ subnetIds: \${private_subnets}
+EOF
+ )
+ fi
+
+ # Append IAM role block if needed
+ if [[ $PATCH_IAM -eq 1 ]]; then
+ PATCH_VALUE+=$(cat <<EOF
+
+ roleArn: \${cluster_iam_role}
+EOF
+ )
+ fi
+ fi
+
+ # Set PATCH flag
+ if [[ "$PATCH_SUBNET" -eq 1 || "$PATCH_IAM" -eq 1 ]]; then
+ PATCH=0
+ fi
+
+ # Set CONFIG flag
+ if [[ "$CONFIGMAP_NAME" != "default" ]]; then
+ CONFIG=0
+ fi
+ fi
+
+ # Determines the source dir for the templates and the target folder in Fleet
+ local TEMPLATES_DIR="${SW_CATALOGS_REPO_DIR}/${BASE_TEMPLATES_PATH}/${CLUSTER_TYPE}/templates"
+ local TARGET_FOLDER="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}"
+
# Pipeline of transformations to create the cluster resource
export CLUSTER_KUSTOMIZATION_NAME
folder2list \
".spec.postBuild.substitute.k8s_version" \
"${K8S_VERSION}" \
"| select(.kind == \"Kustomization\") | select(.metadata.name == \"${CLUSTER_KUSTOMIZATION_NAME}\")" | \
+ patch_replace \
+ ".spec.postBuild.substitute.cluster_iam_role" \
+ "${CLUSTER_IAM_ROLE}" \
+ "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${CLUSTER_KUSTOMIZATION_NAME}\")" | \
patch_replace \
".spec.postBuild.substitute.providerconfig_name" \
"${PROVIDERCONFIG_NAME}" \
".spec.postBuild.substitute.preemptible_nodes" \
"${GKE_PREEMPTIBLE_NODES}" \
"| select(.kind == \"Kustomization\") | select(.metadata.name == \"${CLUSTER_KUSTOMIZATION_NAME}\")" | \
+ transform_if \
+ "${PATCH}" \
+ add_patch_to_kustomization_as_list \
+ "${CLUSTER_KUSTOMIZATION_NAME}" \
+ "${PATCH_VALUE}" | \
+ transform_if \
+ "${IS_EKS_AND_IAM}" \
+ add_component_to_kustomization_as_list \
+ "${CLUSTER_KUSTOMIZATION_NAME}" \
+ "${IAM_COMPONENTS[@]}" | \
+ transform_if \
+ "${CONFIG}" \
+ add_config_to_kustomization \
+ "${CLUSTER_KUSTOMIZATION_NAME}" | \
rename_file_in_items \
"${TEMPLATE_MANIFEST_FILENAME}" \
"${MANIFEST_FILENAME}" | \
- prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/" | \
+ prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/clusterbase/" | \
list2folder_cp_over \
"${TARGET_FOLDER}"
+++ /dev/null
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
----
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: Addon
-metadata:
- name: ${cluster_resource_name}-cluster
- annotations:
- crossplane.io/external-name: ${cluster_resource_name}-ebs-csi-driver
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: addon
-spec:
- forProvider:
- region: ${cluster_location}
- addonName: aws-ebs-csi-driver
- addonVersion: v1.33.0-eksbuild.1
- resolveConflicts: OVERWRITE
- clusterNameSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: cluster
- serviceAccountRoleArnSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: cluster
- providerConfigRef:
- name: ${providerconfig_name}
--- /dev/null
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: Cluster
+metadata:
+ name: ${cluster_resource_name}-cluster
+ annotations:
+ crossplane.io/external-name: ${cluster_name}
+ labels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+spec:
+ forProvider:
+ region: ${cluster_location}
+ version: ${k8s_version}
+ roleArnSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: cluster
+ vpcConfig:
+ - endpointPrivateAccess: true
+ endpointPublicAccess: true
+ subnetIdSelector:
+ matchLabels:
+ provider: aws
+ cluster: ${cluster_resource_name}
+ type: subnet
+ access: private
+ publishConnectionDetailsTo:
+ name: kubeconfig-${cluster_resource_name}
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
+
+---
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: ClusterAuth
+metadata:
+ name: ${cluster_resource_name}-clusterauth
+spec:
+ forProvider:
+ region: ${cluster_location}
+ clusterName: ${cluster_name}
+ writeConnectionSecretToRef:
+ namespace: managed-resources
+ name: kubeconfig-${cluster_resource_name}
+ # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+ providerConfigRef:
+ name: ${providerconfig_name}
\ No newline at end of file
+++ /dev/null
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
----
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: Cluster
-metadata:
- name: ${cluster_resource_name}-cluster
- annotations:
- crossplane.io/external-name: ${cluster_name}
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: cluster
-spec:
- forProvider:
- region: ${cluster_location}
- version: ${k8s_version}
- roleArnSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: cluster
- vpcConfig:
- - endpointPrivateAccess: true
- endpointPublicAccess: true
- subnetIdSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: subnet
- access: private
- publishConnectionDetailsTo:
- name: kubeconfig-${cluster_resource_name}
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: ClusterAuth
-metadata:
- name: ${cluster_resource_name}-clusterauth
-spec:
- forProvider:
- region: ${cluster_location}
- clusterName: ${cluster_name}
- writeConnectionSecretToRef:
- namespace: managed-resources
- name: kubeconfig-${cluster_resource_name}
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
+++ /dev/null
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: NodeGroup
-metadata:
- name: ${cluster_resource_name}-nodegroup
- annotations:
- crossplane.io/external-name: ${cluster_name}-nodegroup
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- region: ${cluster_location}
- clusterNameSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: cluster
- nodeRoleArnSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: ec2
- subnetIdSelector:
- matchLabels:
- cluster: ${cluster_resource_name}
- type: subnet
- access: private
- scalingConfig:
- - minSize: 1
- desiredSize: ${node_count}
- maxSize: 10
- diskSize: 30
- instanceTypes:
- - ${vm_size}
- tags:
- Name: ${cluster_name}
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
--- /dev/null
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+ - roles.yaml
+ - role-policy-attachment.yaml
\ No newline at end of file
+++ /dev/null
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: Policy
-metadata:
- name: ${cluster_resource_name}-addon-policy
- annotations:
- crossplane.io/external-name: ${cluster_name}-ebs-csi-addon-policy
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: addon
-spec:
- forProvider:
- policy: |
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Action": [
- "ec2:CreateSnapshot",
- "ec2:AttachVolume",
- "ec2:DetachVolume",
- "ec2:ModifyVolume",
- "ec2:DescribeAvailabilityZones",
- "ec2:DescribeInstances",
- "ec2:DescribeSnapshots",
- "ec2:DescribeTags",
- "ec2:DescribeVolumes",
- "ec2:DescribeVolumesModifications",
- "ec2:EnableFastSnapshotRestores"
- ],
- "Resource": "*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:CreateTags"
- ],
- "Resource": [
- "arn:aws:ec2:*:*:volume/*",
- "arn:aws:ec2:*:*:snapshot/*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteTags"
- ],
- "Resource": [
- "arn:aws:ec2:*:*:volume/*",
- "arn:aws:ec2:*:*:snapshot/*"
- ]
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:CreateVolume"
- ],
- "Resource": "arn:aws:ec2:*:*:volume/*",
- "Condition": {
- "StringLike": {
- "aws:RequestTag/ebs.csi.aws.com/cluster": "true"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:CreateVolume"
- ],
- "Resource": "arn:aws:ec2:*:*:volume/*",
- "Condition": {
- "StringLike": {
- "aws:RequestTag/CSIVolumeName": "*"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:CreateVolume"
- ],
- "Resource": "arn:aws:ec2:*:*:snapshot/*"
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteVolume"
- ],
- "Resource": "*",
- "Condition": {
- "StringLike": {
- "ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteVolume"
- ],
- "Resource": "*",
- "Condition": {
- "StringLike": {
- "ec2:ResourceTag/CSIVolumeName": "*"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteVolume"
- ],
- "Resource": "*",
- "Condition": {
- "StringLike": {
- "ec2:ResourceTag/kubernetes.io/created-for/pvc/name": "*"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteSnapshot"
- ],
- "Resource": "*",
- "Condition": {
- "StringLike": {
- "ec2:ResourceTag/CSIVolumeSnapshotName": "*"
- }
- }
- },
- {
- "Effect": "Allow",
- "Action": [
- "ec2:DeleteSnapshot"
- ],
- "Resource": "*",
- "Condition": {
- "StringLike": {
- "ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
- }
- }
- }
- ]
- }
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
type: cluster
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
- name: ${cluster_resource_name}-worker
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
- roleSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: ec2
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
- name: ${cluster_resource_name}-cni
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
- roleSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: ec2
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
- name: ${cluster_resource_name}-registry
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
- roleSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: ec2
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
- name: ${cluster_resource_name}-addon
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- policyArnSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: addon
- roleSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: cluster
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
}
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: Role
-metadata:
- name: ${cluster_resource_name}-ec2
- annotations:
- crossplane.io/external-name: ${cluster_name}-nodeRole
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: ec2
-spec:
- forProvider:
- assumeRolePolicy: |
- {
- "Version": "2012-10-17",
- "Statement": [
- {
- "Effect": "Allow",
- "Principal": {
- "Service": [
- "ec2.amazonaws.com"
- ]
- },
- "Action": [
- "sts:AssumeRole"
- ]
- }
- ]
- }
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
Name: ${cluster_name}-natgw
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
--- /dev/null
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+ - subnets.yaml
+ - vpc.yaml
+ - routes.yaml
+ - gateways.yaml
\ No newline at end of file
providerConfigRef:
name: ${providerconfig_name}
----
-apiVersion: ec2.aws.upbound.io/v1beta1
-kind: RouteTableAssociation
-metadata:
- name: ${cluster_resource_name}-public-route-association-1b
- labels:
- provider: aws
- cluster: ${cluster_resource_name}
-spec:
- forProvider:
- region: ${cluster_location}
- subnetIdSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: subnet
- access: public
- zone: ${cluster_location}b
- routeTableIdSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- type: routetable
- access: public
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: RouteTableAssociation
providerConfigRef:
name: ${providerconfig_name}
----
-apiVersion: ec2.aws.upbound.io/v1beta1
-kind: Subnet
-metadata:
- name: ${cluster_resource_name}-public-subnet-${cluster_location}b
- labels:
- type: subnet
- provider: aws
- cluster: ${cluster_resource_name}
- zone: ${cluster_location}b
- access: public
-spec:
- forProvider:
- region: ${cluster_location}
- availabilityZone: ${cluster_location}b
- cidrBlock: 10.10.1.0/24
- vpcIdSelector:
- matchLabels:
- provider: aws
- cluster: ${cluster_resource_name}
- mapPublicIpOnLaunch: true
- tags:
- kubernetes.io/role/elb: "1"
- Name: ${cluster_name}-public-subnet-${cluster_location}b
- # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
- providerConfigRef:
- name: ${providerconfig_name}
-
---
apiVersion: ec2.aws.upbound.io/v1beta1
kind: Subnet
forProvider:
region: ${cluster_location}
availabilityZone: ${cluster_location}a
- cidrBlock: 10.10.2.0/24
+ cidrBlock: 10.10.1.0/24
vpcIdSelector:
matchLabels:
provider: aws
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}a
- kubernetes.io/cluster/${cluster_name}: shared
+ kubernetes.io/cluster/test: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
name: ${providerconfig_name}
forProvider:
region: ${cluster_location}
availabilityZone: ${cluster_location}b
- cidrBlock: 10.10.3.0/24
+ cidrBlock: 10.10.2.0/24
vpcIdSelector:
matchLabels:
provider: aws
tags:
kubernetes.io/role/elb: "1"
Name: ${cluster_name}-private-subnet-${cluster_location}b
- kubernetes.io/cluster/${cluster_name}: shared
+ kubernetes.io/cluster/test: shared
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
Name: ${cluster_name}-vpc
# Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
providerConfigRef:
- name: ${providerconfig_name}
+ name: ${providerconfig_name}
\ No newline at end of file
kind: GitRepository
name: sw-catalogs
namespace: flux-system
- path: ./cloud-resources/eks/manifests/
+ path: ./cloud-resources/eks/manifests/base
prune: true
- # force: true
+ # targetNamespace: default
wait: true
# Input parameters
postBuild:
cluster_resource_name: ${CLUSTER_KUSTOMIZATION_NAME}
cluster_name: ekscluster01
k8s_version: "'1.28'"
- node_count: "1"
- vm_size: t3.medium
cluster_location: ap-south-1
+ cluster_iam_role: arn:aws:iam::123456789012:role/cluster-iam-role
\ No newline at end of file
value: "fleet-osm"
- name: cloned_sw_catalogs_folder_name
value: "sw-catalogs-osm"
+ ## EKS only (otherwise, empty)
+ - name: cluster_iam_role
+ - name: cluster_private_subnets_id
+ - name: cluster_public_subnets_id
+ - name: cluster_subnets_configmap_name
# Debug?
- name: debug
value: "false"
- "{{inputs.parameters.mgmt_project_name}}"
- "{{inputs.parameters.mgmt_cluster_name}}"
- "{{inputs.parameters.base_templates_path}}"
+ - "{{inputs.parameters.cluster_iam_role}}"
+ - "{{inputs.parameters.cluster_private_subnets_id}}"
+ - "{{inputs.parameters.cluster_public_subnets_id}}"
+ - "{{inputs.parameters.cluster_subnets_configmap_name}}"
volumeMounts:
- name: fleet-repo-volume
securityContext:
fsGroup: 10000
# runAsUser: 10000
- # runAsGroup: 10000
+ # runAsGroup: 10000
\ No newline at end of file
- name: cloned_sw_catalogs_folder_name
value: "sw-catalogs-osm"
+ # Specific parameters - EKS only
+ - name: cluster_iam_role
+ - name: cluster_private_subnets_id
+ - name: cluster_public_subnets_id
+ - name: cluster_subnets_configmap_name
+
# Debug/dry run?
- name: debug
value: "false"
- name: base_templates_path
- name: cloned_fleet_folder_name
- name: cloned_sw_catalogs_folder_name
+ ## EKS only (otherwise, ignored)
+ - name: cluster_iam_role
+ - name: cluster_private_subnets_id
+ - name: cluster_public_subnets_id
+ - name: cluster_subnets_configmap_name
# Debug/dry run?
- name: debug
- name: dry_run
value: "{{inputs.parameters.cloned_fleet_folder_name}}"
- name: cloned_sw_catalogs_folder_name
value: "{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+ ## EKS only
+ - name: cluster_iam_role
+ value: "{{inputs.parameters.cluster_iam_role}}"
+ - name: cluster_private_subnets_id
+ value: "{{inputs.parameters.cluster_private_subnets_id}}"
+ - name: cluster_public_subnets_id
+ value: "{{inputs.parameters.cluster_public_subnets_id}}"
+ - name: cluster_subnets_configmap_name
+ value: "{{inputs.parameters.cluster_subnets_configmap_name}}"
# Debug?
- name: debug
value: "{{inputs.parameters.debug}}"
value: osm_contrib
- name: dry_run
value: "{{inputs.parameters.dry_run}}"
-# ------ end of commit transaction
+# ------ end of commit transaction
\ No newline at end of file
projects / osm / devops.git / commitdiff