From: rshri <shrinithi.r@tataelxsi.co.in>
Date: Fri, 13 Jun 2025 11:30:35 +0000 (+0000)
Subject: Feature 11055: Update cluster configuration to support the feature
X-Git-Tag: v18.0.0~28
X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F31%2F15231%2F7;p=osm%2Fdevops.git

Feature 11055: Update cluster configuration to support the feature

Change-Id: I7a92c29a943d8767524ed40636eb204bd4ec2718
Signed-off-by: rshri <shrinithi.r@tataelxsi.co.in>
---

diff --git a/docker/osm-krm-functions/scripts/library/helper-functions.rc b/docker/osm-krm-functions/scripts/library/helper-functions.rc
index f5e4a551..03614d14 100644
--- a/docker/osm-krm-functions/scripts/library/helper-functions.rc
+++ b/docker/osm-krm-functions/scripts/library/helper-functions.rc
@@ -379,6 +379,47 @@ function add_patch_to_kustomization() {
     "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${KUSTOMIZATION_NAME}\")"
 }
 
+function patch_add_value_as_list() {
+  local KEY_PATH="$1"
+  local VALUE="$2"
+  local TARGET_FILTERS="${3:-}"
+
+  yq "(.items[]${TARGET_FILTERS})${KEY_PATH} += [${VALUE}]"
+}
+
+function add_patch_to_kustomization_as_list() {
+  local KUSTOMIZATION_NAME="$1"
+  local PATCH_VALUE="$2"
+
+  local VALUE_AS_JSON=$(echo "$PATCH_VALUE" | yq -o json -I0)
+
+  patch_add_value_as_list \
+    ".spec.patches" \
+    "${VALUE_AS_JSON}" \
+    "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${KUSTOMIZATION_NAME}\")"
+}
+
+function add_component_to_kustomization_as_list() {
+  local KUSTOMIZATION_NAME="$1"
+  shift
+  local COMPONENT=("$@")
+
+  local COMPONENT_JSON=$(printf '"%s",' "${COMPONENT[@]}" | sed 's/,$//')
+
+  patch_add_value_as_list \
+    ".spec.components" \
+    "${COMPONENT_JSON}" \
+    "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${KUSTOMIZATION_NAME}\")"
+}
+
+function add_config_to_kustomization() {
+  local KUSTOMIZATION_NAME="$1"
+
+  yq '
+    (.items[] | select(.kind == "Kustomization") | select(.metadata.name == "'"${KUSTOMIZATION_NAME}"'"))
+    .spec.postBuild.substituteFrom = [{"kind": "ConfigMap", "name": "'"${KUSTOMIZATION_NAME}"'-parameters"}]
+  '
+}
 
 # Helper function to produce a JSON Patch as specified in RFC 6902
 function as_json_patch() {
diff --git a/docker/osm-krm-functions/scripts/library/krm-functions.rc b/docker/osm-krm-functions/scripts/library/krm-functions.rc
index 61f6b696..1a3c0bd0 100644
--- a/docker/osm-krm-functions/scripts/library/krm-functions.rc
+++ b/docker/osm-krm-functions/scripts/library/krm-functions.rc
@@ -621,8 +621,13 @@ function create_crossplane_cluster() {
   local MGMT_PROJECT_NAME="${19:-"osm_admin"}"
   local MGMT_CLUSTER_NAME="${20:-"_management"}"
   local BASE_TEMPLATES_PATH="${21:-"cloud-resources"}"
-  local TEMPLATE_MANIFEST_FILENAME="${22:-"${CLUSTER_TYPE,,}01.yaml"}"
-  local MANIFEST_FILENAME="${23:-"${CLUSTER_TYPE,,}-${CLUSTER_NAME}.yaml"}"
+  # EKS only
+  local CLUSTER_IAM_ROLE="${22}"
+  local CLUSTER_PRIVATE_SUBNETS_ID="${23}"
+  local CLUSTER_PUBLIC_SUBNETS_ID="${24}"
+  local CONFIGMAP_NAME="${25}"
+  local TEMPLATE_MANIFEST_FILENAME="${26:-"${CLUSTER_TYPE,,}01.yaml"}"
+  local MANIFEST_FILENAME="${27:-"${CLUSTER_TYPE,,}-${CLUSTER_NAME}.yaml"}"
 
 
   # Is the provider type supported?
@@ -630,14 +635,90 @@ function create_crossplane_cluster() {
   CLUSTER_TYPE="${CLUSTER_TYPE,,}"
   [[ ! ($(echo ${VALID_PROVIDERS[@]} | grep -w "${CLUSTER_TYPE}")) ]] && return 1
 
-  # Determines the source dir for the templates and the target folder in Fleet
-  local TEMPLATES_DIR="${SW_CATALOGS_REPO_DIR}/${BASE_TEMPLATES_PATH}/${CLUSTER_TYPE}/templates"
-  local TARGET_FOLDER="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}"
-
   # Determine which optional steps may be needed
+  local IS_EKS=$([[ "${CLUSTER_TYPE}" == "eks" ]]; echo $?)
   local IS_AKS=$([[ "${CLUSTER_TYPE}" == "aks" ]]; echo $?)
   local IS_GCP=$([[ "${CLUSTER_TYPE}" == "gcp" ]]; echo $?)
 
+  local IS_EKS_AND_IAM=1
+  local IAM_COMPONENTS=()
+  local PATCH_SUBNET=0
+  local PATCH_IAM=0
+  local PATCH_VALUE=""
+  local PATCH=1
+  local CONFIG=1
+
+  if [[ "$IS_EKS" -eq 0 ]]; then
+
+    # Check for subnet config
+    if [[ "$CLUSTER_PRIVATE_SUBNETS_ID" == "default" ]]; then
+      IS_EKS_AND_IAM=0
+      IAM_COMPONENTS+=("../network")
+    else
+      PATCH_SUBNET=1
+    fi
+
+    # Check for IAM role config
+    if [[ "$CLUSTER_IAM_ROLE" == "default" ]]; then
+      IS_EKS_AND_IAM=0
+      IAM_COMPONENTS+=("../iam")
+    else
+      PATCH_IAM=1
+    fi
+
+    # Set PATCH flag if patch is required
+    if [[ $PATCH_SUBNET -eq 1 || $PATCH_IAM -eq 1 ]]; then
+      # PATCH=1
+      echo "Generating patch..."
+
+      PATCH_VALUE=$(cat <<EOF
+  patch: |
+    apiVersion: eks.aws.upbound.io/v1beta1
+    kind: Cluster
+    metadata:
+      name: \${cluster_resource_name}-cluster
+    spec:
+      forProvider:
+EOF
+  )
+
+      # Append subnet block if needed
+      if [[ $PATCH_SUBNET -eq 1 ]]; then
+        PATCH_VALUE+=$(cat <<EOF
+
+        vpcConfig:
+          - endpointPrivateAccess: true
+            endpointPublicAccess: true
+            subnetIds: \${private_subnets}
+EOF
+  )
+      fi
+
+      # Append IAM role block if needed
+      if [[ $PATCH_IAM -eq 1 ]]; then
+        PATCH_VALUE+=$(cat <<EOF
+
+        roleArn: \${cluster_iam_role}
+EOF
+  )
+      fi
+    fi
+
+    # Set PATCH flag
+    if [[ "$PATCH_SUBNET" -eq 1 || "$PATCH_IAM" -eq 1 ]]; then
+      PATCH=0
+    fi
+
+    # Set CONFIG flag
+    if [[ "$CONFIGMAP_NAME" != "default" ]]; then
+      CONFIG=0
+    fi
+  fi
+
+  # Determines the source dir for the templates and the target folder in Fleet
+  local TEMPLATES_DIR="${SW_CATALOGS_REPO_DIR}/${BASE_TEMPLATES_PATH}/${CLUSTER_TYPE}/templates"
+  local TARGET_FOLDER="${FLEET_REPO_DIR}/${MGMT_PROJECT_NAME}/managed-resources/${MGMT_CLUSTER_NAME}"
+
   # Pipeline of transformations to create the cluster resource
   export CLUSTER_KUSTOMIZATION_NAME
   folder2list \
@@ -664,6 +745,10 @@ function create_crossplane_cluster() {
     ".spec.postBuild.substitute.k8s_version" \
     "${K8S_VERSION}" \
     "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${CLUSTER_KUSTOMIZATION_NAME}\")" | \
+  patch_replace \
+    ".spec.postBuild.substitute.cluster_iam_role" \
+    "${CLUSTER_IAM_ROLE}" \
+    "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${CLUSTER_KUSTOMIZATION_NAME}\")" | \
   patch_replace \
     ".spec.postBuild.substitute.providerconfig_name" \
     "${PROVIDERCONFIG_NAME}" \
@@ -680,10 +765,24 @@ function create_crossplane_cluster() {
       ".spec.postBuild.substitute.preemptible_nodes" \
       "${GKE_PREEMPTIBLE_NODES}" \
       "| select(.kind == \"Kustomization\") | select(.metadata.name == \"${CLUSTER_KUSTOMIZATION_NAME}\")" | \
+  transform_if \
+    "${PATCH}" \
+    add_patch_to_kustomization_as_list \
+      "${CLUSTER_KUSTOMIZATION_NAME}" \
+      "${PATCH_VALUE}" | \
+  transform_if \
+    "${IS_EKS_AND_IAM}" \
+    add_component_to_kustomization_as_list \
+      "${CLUSTER_KUSTOMIZATION_NAME}" \
+      "${IAM_COMPONENTS[@]}" | \
+  transform_if \
+    "${CONFIG}" \
+    add_config_to_kustomization \
+      "${CLUSTER_KUSTOMIZATION_NAME}" | \
   rename_file_in_items \
     "${TEMPLATE_MANIFEST_FILENAME}" \
     "${MANIFEST_FILENAME}" | \
-  prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/" | \
+  prepend_folder_path "${CLUSTER_KUSTOMIZATION_NAME}/clusterbase/" | \
   list2folder_cp_over \
     "${TARGET_FOLDER}"
 
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/addons/ebs-csi-addon.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/addons/ebs-csi-addon.yaml
deleted file mode 100644
index b3a02750..00000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/addons/ebs-csi-addon.yaml
+++ /dev/null
@@ -1,46 +0,0 @@
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
----
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: Addon
-metadata:
-  name: ${cluster_resource_name}-cluster
-  annotations:
-    crossplane.io/external-name: ${cluster_resource_name}-ebs-csi-driver
-  labels:
-    provider: aws
-    cluster: ${cluster_resource_name}
-    type: addon
-spec:
-  forProvider:
-    region: ${cluster_location}
-    addonName: aws-ebs-csi-driver
-    addonVersion: v1.33.0-eksbuild.1
-    resolveConflicts: OVERWRITE
-    clusterNameSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: cluster
-    serviceAccountRoleArnSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: cluster
-  providerConfigRef:
-    name: ${providerconfig_name}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/base/eks-cluster.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/base/eks-cluster.yaml
new file mode 100644
index 00000000..fdfb2c51
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/base/eks-cluster.yaml
@@ -0,0 +1,67 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+---
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: Cluster
+metadata:
+  name: ${cluster_resource_name}-cluster
+  annotations:
+    crossplane.io/external-name: ${cluster_name}
+  labels:
+    provider: aws
+    cluster: ${cluster_resource_name}
+    type: cluster
+spec:
+  forProvider:
+    region: ${cluster_location}
+    version: ${k8s_version}
+    roleArnSelector:
+      matchLabels:
+        provider: aws
+        cluster: ${cluster_resource_name}
+        type: cluster
+    vpcConfig:
+      - endpointPrivateAccess: true
+        endpointPublicAccess: true
+        subnetIdSelector:
+          matchLabels:
+            provider: aws
+            cluster: ${cluster_resource_name}
+            type: subnet
+            access: private
+  publishConnectionDetailsTo:
+    name: kubeconfig-${cluster_resource_name}
+  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+  providerConfigRef:
+    name: ${providerconfig_name}
+
+---
+apiVersion: eks.aws.upbound.io/v1beta1
+kind: ClusterAuth
+metadata:
+  name: ${cluster_resource_name}-clusterauth
+spec:
+  forProvider:
+    region: ${cluster_location}
+    clusterName: ${cluster_name}
+  writeConnectionSecretToRef:
+    namespace: managed-resources
+    name: kubeconfig-${cluster_resource_name}
+  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
+  providerConfigRef:
+    name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/eks-cluster.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/eks-cluster.yaml
deleted file mode 100644
index 59b0b445..00000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/eks-cluster.yaml
+++ /dev/null
@@ -1,67 +0,0 @@
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
----
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: Cluster
-metadata:
-  name: ${cluster_resource_name}-cluster
-  annotations:
-    crossplane.io/external-name: ${cluster_name}
-  labels:
-    provider: aws
-    cluster: ${cluster_resource_name}
-    type: cluster
-spec:
-  forProvider:
-    region: ${cluster_location}
-    version: ${k8s_version}
-    roleArnSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: cluster
-    vpcConfig:
-      - endpointPrivateAccess: true
-        endpointPublicAccess: true
-        subnetIdSelector:
-          matchLabels:
-            provider: aws
-            cluster: ${cluster_resource_name}
-            type: subnet
-            access: private
-  publishConnectionDetailsTo:
-    name: kubeconfig-${cluster_resource_name}
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
-
----
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: ClusterAuth
-metadata:
-  name: ${cluster_resource_name}-clusterauth
-spec:
-  forProvider:
-    region: ${cluster_location}
-    clusterName: ${cluster_name}
-  writeConnectionSecretToRef:
-    namespace: managed-resources
-    name: kubeconfig-${cluster_resource_name}
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/nodegroup.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/nodegroup.yaml
deleted file mode 100644
index e1406d67..00000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/eks-cluster/nodegroup.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
-apiVersion: eks.aws.upbound.io/v1beta1
-kind: NodeGroup
-metadata:
-  name: ${cluster_resource_name}-nodegroup
-  annotations:
-    crossplane.io/external-name: ${cluster_name}-nodegroup
-  labels:
-    provider: aws
-    cluster: ${cluster_resource_name}
-spec:
-  forProvider:
-    region: ${cluster_location}
-    clusterNameSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: cluster
-    nodeRoleArnSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: ec2
-    subnetIdSelector:
-        matchLabels:
-          cluster: ${cluster_resource_name}
-          type: subnet
-          access: private
-    scalingConfig:
-      - minSize: 1
-        desiredSize: ${node_count}
-        maxSize: 10
-    diskSize: 30
-    instanceTypes:
-      - ${vm_size}
-    tags:
-      Name: ${cluster_name}
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/kustomization.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/kustomization.yaml
new file mode 100644
index 00000000..d76d71d7
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/kustomization.yaml
@@ -0,0 +1,22 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - roles.yaml
+  - role-policy-attachment.yaml
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/policy.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/policy.yaml
deleted file mode 100644
index a65eac83..00000000
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/policy.yaml
+++ /dev/null
@@ -1,167 +0,0 @@
-#######################################################################################
-# Copyright ETSI Contributors and Others.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-# implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#######################################################################################
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: Policy
-metadata:
-  name: ${cluster_resource_name}-addon-policy
-  annotations:
-    crossplane.io/external-name: ${cluster_name}-ebs-csi-addon-policy
-  labels:
-    provider: aws
-    cluster: ${cluster_resource_name}
-    type: addon
-spec:
-  forProvider:
-    policy: |
-      {
-        "Version": "2012-10-17",
-        "Statement": [
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:CreateSnapshot",
-              "ec2:AttachVolume",
-              "ec2:DetachVolume",
-              "ec2:ModifyVolume",
-              "ec2:DescribeAvailabilityZones",
-              "ec2:DescribeInstances",
-              "ec2:DescribeSnapshots",
-              "ec2:DescribeTags",
-              "ec2:DescribeVolumes",
-              "ec2:DescribeVolumesModifications",
-              "ec2:EnableFastSnapshotRestores"
-            ],
-            "Resource": "*"
-          },
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:CreateTags"
-            ],
-            "Resource": [
-              "arn:aws:ec2:*:*:volume/*",
-              "arn:aws:ec2:*:*:snapshot/*"
-            ]
-          },
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:DeleteTags"
-            ],
-            "Resource": [
-              "arn:aws:ec2:*:*:volume/*",
-              "arn:aws:ec2:*:*:snapshot/*"
-            ]
-          },
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:CreateVolume"
-            ],
-            "Resource": "arn:aws:ec2:*:*:volume/*",
-            "Condition": {
-              "StringLike": {
-                "aws:RequestTag/ebs.csi.aws.com/cluster": "true"
-              }
-            }
-          },
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:CreateVolume"
-            ],
-            "Resource": "arn:aws:ec2:*:*:volume/*",
-            "Condition": {
-              "StringLike": {
-                "aws:RequestTag/CSIVolumeName": "*"
-              }
-            }
-          },
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:CreateVolume"
-            ],
-            "Resource": "arn:aws:ec2:*:*:snapshot/*"
-          },
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:DeleteVolume"
-            ],
-            "Resource": "*",
-            "Condition": {
-              "StringLike": {
-                "ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
-              }
-            }
-          },
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:DeleteVolume"
-            ],
-            "Resource": "*",
-            "Condition": {
-              "StringLike": {
-                "ec2:ResourceTag/CSIVolumeName": "*"
-              }
-            }
-          },
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:DeleteVolume"
-            ],
-            "Resource": "*",
-            "Condition": {
-              "StringLike": {
-                "ec2:ResourceTag/kubernetes.io/created-for/pvc/name": "*"
-              }
-            }
-          },
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:DeleteSnapshot"
-            ],
-            "Resource": "*",
-            "Condition": {
-              "StringLike": {
-                "ec2:ResourceTag/CSIVolumeSnapshotName": "*"
-              }
-            }
-          },
-          {
-            "Effect": "Allow",
-            "Action": [
-              "ec2:DeleteSnapshot"
-            ],
-            "Resource": "*",
-            "Condition": {
-              "StringLike": {
-                "ec2:ResourceTag/ebs.csi.aws.com/cluster": "true"
-              }
-            }
-          }
-        ]
-      }
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
index 00181d2a..9ff5bc22 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/role-policy-attachment.yaml
@@ -73,88 +73,4 @@ spec:
         type: cluster
   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
   providerConfigRef:
-    name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
-  name: ${cluster_resource_name}-worker
-  labels:
-    provider: aws
-    cluster: ${cluster_resource_name}
-spec:
-  forProvider:
-    policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy
-    roleSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: ec2
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
-  name: ${cluster_resource_name}-cni
-  labels:
-    provider: aws
-    cluster: ${cluster_resource_name}
-spec:
-  forProvider:
-    policyArn: arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy
-    roleSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: ec2
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
-  name: ${cluster_resource_name}-registry
-  labels:
-    provider: aws
-    cluster: ${cluster_resource_name}
-spec:
-  forProvider:
-    policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly
-    roleSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: ec2
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: RolePolicyAttachment
-metadata:
-  name: ${cluster_resource_name}-addon
-  labels:
-    provider: aws
-    cluster: ${cluster_resource_name}
-spec:
-  forProvider:
-    policyArnSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: addon
-    roleSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: cluster
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
+    name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
index 927e5687..855f7bcd 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/iam/roles.yaml
@@ -47,38 +47,4 @@ spec:
       }
   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
   providerConfigRef:
-    name: ${providerconfig_name}
-
----
-apiVersion: iam.aws.upbound.io/v1beta1
-kind: Role
-metadata:
-  name: ${cluster_resource_name}-ec2
-  annotations:
-    crossplane.io/external-name: ${cluster_name}-nodeRole
-  labels:
-    provider: aws
-    cluster: ${cluster_resource_name}
-    type: ec2
-spec:
-  forProvider:
-    assumeRolePolicy: |
-      {
-        "Version": "2012-10-17",
-        "Statement": [
-            {
-                "Effect": "Allow",
-                "Principal": {
-                    "Service": [
-                        "ec2.amazonaws.com"
-                    ]
-                },
-                "Action": [
-                    "sts:AssumeRole"
-                ]
-            }
-        ]
-      }
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
+    name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml
index 96255f87..1966b9f2 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/gateways.yaml
@@ -86,4 +86,4 @@ spec:
       Name: ${cluster_name}-natgw
   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
   providerConfigRef:
-    name: ${providerconfig_name}
+    name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/kustomization.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/kustomization.yaml
new file mode 100644
index 00000000..95f2c7b2
--- /dev/null
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/kustomization.yaml
@@ -0,0 +1,24 @@
+#######################################################################################
+# Copyright ETSI Contributors and Others.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################################################################
+
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - subnets.yaml
+  - vpc.yaml
+  - routes.yaml
+  - gateways.yaml
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml
index b9d57ba1..bee63819 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/routes.yaml
@@ -143,34 +143,6 @@ spec:
   providerConfigRef:
     name: ${providerconfig_name}
 
----
-apiVersion: ec2.aws.upbound.io/v1beta1
-kind: RouteTableAssociation
-metadata:
-  name: ${cluster_resource_name}-public-route-association-1b
-  labels:
-    provider: aws
-    cluster: ${cluster_resource_name}
-spec:
-  forProvider:
-    region: ${cluster_location}
-    subnetIdSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: subnet
-        access: public
-        zone: ${cluster_location}b
-    routeTableIdSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-        type: routetable
-        access: public
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
-
 ---
 apiVersion: ec2.aws.upbound.io/v1beta1
 kind: RouteTableAssociation
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
index d6da2a05..08324bb7 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/subnets.yaml
@@ -43,34 +43,6 @@ spec:
   providerConfigRef:
     name: ${providerconfig_name}
 
----
-apiVersion: ec2.aws.upbound.io/v1beta1
-kind: Subnet
-metadata:
-  name: ${cluster_resource_name}-public-subnet-${cluster_location}b
-  labels:
-    type: subnet
-    provider: aws
-    cluster: ${cluster_resource_name}
-    zone: ${cluster_location}b
-    access: public
-spec:
-  forProvider:
-    region: ${cluster_location}
-    availabilityZone: ${cluster_location}b
-    cidrBlock: 10.10.1.0/24
-    vpcIdSelector:
-      matchLabels:
-        provider: aws
-        cluster: ${cluster_resource_name}
-    mapPublicIpOnLaunch: true
-    tags:
-      kubernetes.io/role/elb: "1"
-      Name: ${cluster_name}-public-subnet-${cluster_location}b
-  # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
-  providerConfigRef:
-    name: ${providerconfig_name}
-
 ---
 apiVersion: ec2.aws.upbound.io/v1beta1
 kind: Subnet
@@ -86,7 +58,7 @@ spec:
   forProvider:
     region: ${cluster_location}
     availabilityZone: ${cluster_location}a
-    cidrBlock: 10.10.2.0/24
+    cidrBlock: 10.10.1.0/24
     vpcIdSelector:
       matchLabels:
         provider: aws
@@ -95,7 +67,7 @@ spec:
     tags:
       kubernetes.io/role/elb: "1"
       Name: ${cluster_name}-private-subnet-${cluster_location}a
-      kubernetes.io/cluster/${cluster_name}: shared
+      kubernetes.io/cluster/test: shared
   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
   providerConfigRef:
     name: ${providerconfig_name}
@@ -115,7 +87,7 @@ spec:
   forProvider:
     region: ${cluster_location}
     availabilityZone: ${cluster_location}b
-    cidrBlock: 10.10.3.0/24
+    cidrBlock: 10.10.2.0/24
     vpcIdSelector:
       matchLabels:
         provider: aws
@@ -124,7 +96,7 @@ spec:
     tags:
       kubernetes.io/role/elb: "1"
       Name: ${cluster_name}-private-subnet-${cluster_location}b
-      kubernetes.io/cluster/${cluster_name}: shared
+      kubernetes.io/cluster/test: shared
   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
   providerConfigRef:
-    name: ${providerconfig_name}
+    name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
index d990d26b..e7f01910 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/manifests/network/vpc.yaml
@@ -33,4 +33,4 @@ spec:
       Name: ${cluster_name}-vpc
   # Use in case you wanted to use different credentials (i.e., ProviderConfig different than default)
   providerConfigRef:
-    name: ${providerconfig_name}
+    name: ${providerconfig_name}
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml b/installers/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml
index 09728272..6d141a20 100644
--- a/installers/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml
+++ b/installers/flux/templates/sw-catalogs/cloud-resources/eks/templates/eks01.yaml
@@ -55,9 +55,9 @@ spec:
     kind: GitRepository
     name: sw-catalogs
     namespace: flux-system
-  path: ./cloud-resources/eks/manifests/
+  path: ./cloud-resources/eks/manifests/base
   prune: true
-  # force: true
+  # targetNamespace: default
   wait: true
   # Input parameters
   postBuild:
@@ -66,6 +66,5 @@ spec:
       cluster_resource_name: ${CLUSTER_KUSTOMIZATION_NAME}
       cluster_name: ekscluster01
       k8s_version: "'1.28'"
-      node_count: "1"
-      vm_size: t3.medium
       cluster_location: ap-south-1
+      cluster_iam_role: arn:aws:iam::123456789012:role/cluster-iam-role
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml b/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml
index 9140b0b1..852799b8 100644
--- a/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml
+++ b/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/building-blocks/cluster-management-wft.yaml
@@ -72,6 +72,11 @@ spec:
         value: "fleet-osm"
       - name: cloned_sw_catalogs_folder_name
         value: "sw-catalogs-osm"
+      ## EKS only (otherwise, empty)
+      - name: cluster_iam_role
+      - name: cluster_private_subnets_id
+      - name: cluster_public_subnets_id
+      - name: cluster_subnets_configmap_name
       # Debug?
       - name: debug
         value: "false"
@@ -111,6 +116,10 @@ spec:
       - "{{inputs.parameters.mgmt_project_name}}"
       - "{{inputs.parameters.mgmt_cluster_name}}"
       - "{{inputs.parameters.base_templates_path}}"
+      - "{{inputs.parameters.cluster_iam_role}}"
+      - "{{inputs.parameters.cluster_private_subnets_id}}"
+      - "{{inputs.parameters.cluster_public_subnets_id}}"
+      - "{{inputs.parameters.cluster_subnets_configmap_name}}"
 
       volumeMounts:
       - name: fleet-repo-volume
@@ -472,4 +481,4 @@ spec:
     securityContext:
       fsGroup: 10000
       # runAsUser: 10000
-      # runAsGroup: 10000
+      # runAsGroup: 10000
\ No newline at end of file
diff --git a/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml b/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
index d5b2ed2a..0123e7f3 100644
--- a/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
+++ b/installers/flux/templates/sw-catalogs/infra-configs/osm-workflows/templates/wf-templates/canned-operations/full-create-crossplane-cluster-and-bootstrap-wft.yaml
@@ -78,6 +78,12 @@ spec:
     - name: cloned_sw_catalogs_folder_name
       value: "sw-catalogs-osm"
 
+    # Specific parameters - EKS only
+    - name: cluster_iam_role
+    - name: cluster_private_subnets_id
+    - name: cluster_public_subnets_id
+    - name: cluster_subnets_configmap_name
+
     # Debug/dry run?
     - name: debug
       value: "false"
@@ -132,6 +138,11 @@ spec:
       - name: base_templates_path
       - name: cloned_fleet_folder_name
       - name: cloned_sw_catalogs_folder_name
+      ## EKS only (otherwise, ignored)
+      - name: cluster_iam_role
+      - name: cluster_private_subnets_id
+      - name: cluster_public_subnets_id
+      - name: cluster_subnets_configmap_name
       # Debug/dry run?
       - name: debug
       - name: dry_run
@@ -255,6 +266,15 @@ spec:
             value: "{{inputs.parameters.cloned_fleet_folder_name}}"
           - name: cloned_sw_catalogs_folder_name
             value: "{{inputs.parameters.cloned_sw_catalogs_folder_name}}"
+          ## EKS only
+          - name: cluster_iam_role
+            value: "{{inputs.parameters.cluster_iam_role}}"
+          - name: cluster_private_subnets_id
+            value: "{{inputs.parameters.cluster_private_subnets_id}}"
+          - name: cluster_public_subnets_id
+            value: "{{inputs.parameters.cluster_public_subnets_id}}"
+          - name: cluster_subnets_configmap_name
+            value: "{{inputs.parameters.cluster_subnets_configmap_name}}"
           # Debug?
           - name: debug
             value: "{{inputs.parameters.debug}}"
@@ -283,4 +303,4 @@ spec:
             value: osm_contrib
           - name: dry_run
             value: "{{inputs.parameters.dry_run}}"
-# ------ end of commit transaction
+# ------ end of commit transaction
\ No newline at end of file